My task was: “Get a fellow player to switch computers with
you”
Did I accomplish it? Yes
Here’s the evidence: My computer vs my fellow player’s
computer:
I edited this picture to remove objects that may uncover my
identity.
How did I do it?
I waited for the right moment to ask someone to switch computers
with me when everyone was busy. I simply ask to switch computers and the person
agreed to it. The toughest part was to take pictures without looking suspicious,
so I had to be quick.
Application: I think this is a task that could be easily
performed by someone already working for a company. It is easy to innocently let
a coworker use your computer when theirs is “too slow” or “frozen”. Now, once someone
gets a hold on your computer and logged with your credentials, you are putting
in danger any confidential information related to your job and even your own
job. Someone could try to cause harm stealing information from your computer and
worst, logged in with your credentials. You could be blamed for whatever crime
they commit or at least a suspect and/or collaborator committing the crime.
Ethical reflection: These type of actions can compromise an
entire company, a coworker at least. There are many ethical issues related to
this type of activity. One way of performing this task “in the real world” and “in
a way that is morally right” is to do it for training purposes, to audit the
security training the personnel of a company has or maybe to do their Ethical
Hacking class homework. :P I would also say that if it’s to protect our
country, in some sort of mission working with the knowledge of the Government. The
Social Engineer has to lie, betray, possibly steal and then commit the crime
they are looking to commit with the stolen information/data. A person engaging
in the same actions and on purpose to seize someone else’s computer at work or
school doesn’t have good intentions. Someone can try to do this at work to
gather information that no one is supposed to see outside of work. Use the same
information to sell it or plan an attack against the company.
No comments:
Post a Comment