I thought the following was really interesting ... an insiders view of pickpocket "technique".
http://www.newyorker.com/reporting/2013/01/07/130107fa_fact_green?currentPage=all
So what can we as IT security folks learn from pickpockets? It turns out, pickpockets ultimately are experts in distraction, and distraction might be a useful tool in an attackers toolkit.
It has obvious implications for social engineering, but I think distraction can also be a useful technical tool. For example, the claim is that the recent rash of DDOS attacks against banks is meant to distract them from more subtle attacks focused on stealing money.
If you find that your web site is being barraged by a senseless DOS, maybe there's something else going on in another part of your network also!
No comments:
Post a Comment