312-50V11 · Question #696
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking d
The correct answer is B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or. When technical defenses are impenetrable, social engineering - targeting disgruntled or careless insiders - is the most effective attack vector against a highly secured system.
Question
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?
Options
- ALook for "zero-day" exploits at various underground hacker websites in Russia and China and buy
- BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or
- CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000
- DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn
How the community answered
(25 responses)- A8% (2)
- B44% (11)
- C32% (8)
- D16% (4)
Why each option
When technical defenses are impenetrable, social engineering - targeting disgruntled or careless insiders - is the most effective attack vector against a highly secured system.
Purchasing zero-day exploits is expensive and unreliable, and a specific exploit for a particular high-security mainframe configuration may not exist, making it far less practical than targeting human insiders.
Social engineering exploits the human element rather than technical vulnerabilities, making it effective even when all technical controls are in place. A poorly-paid or disgruntled bank employee may willingly or unwittingly reveal credentials, access procedures, or sensitive information when approached casually in a social setting. This technique, known as elicitation or pretexting, bypasses firewalls, IDS, and all other technical safeguards entirely.
A DDoS attack against routers and firewalls would disrupt network availability but would not grant unauthorized access to the internal mainframe system itself.
A Man-in-the-Middle attack requires the ability to intercept network traffic, which is unlikely to be feasible against a physically isolated and highly secured mainframe environment.
Concept tested: Social engineering against physically secure systems
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.