Social Engineering Gone Wrong
Everyone has read stories of idiots who try to social engineer passwords from people, only to have the tables turned. I’ve always wondered if those are true, and if people can really be that stupid. Then, to my utmost joy, I experienced it for myself. Here is the log, with comments inserted in bold and italics. I’m sure you’ll find it amusing.
I was happily going about my business when suddenly, out of the blue, I get an IM (on my AIM account) from this guy. He was using an obnoxiously huge font size, which I filtered out for this post.
(03:43:55 PM) SysInfoPla: Hi. Onbehalf of AOL Corp, I need your password for new records.
Its probably not a good thing, but my first reaction was “Yes! Its happening to me! This will be fun!” Obviously, I knew it wasn’t genuine, but I knew I’d have a heck of a time leading him on.
(03:44:08 PM) Jarek: woah
(03:44:52 PM) SysInfoPla: Due to systems not work.
This just confirmed my suspicions it was some kid messing around. Nice grammar…
(03:44:57 PM) Jarek: really?
(03:44:59 PM) Jarek: wow
(03:45:01 PM) Jarek: that sucks
At this point I set his alias to something a little more appropriate.
(03:45:17 PM) ‘noob’ has signed on.
(03:45:31 PM) ‘noob’: Yes. Could have I write here in the chat window?
(03:45:44 PM) Jarek: where do I tell it to you
(03:45:55 PM) ‘noob’: Here plaese.
(03:46:21 PM) Jarek: hmm
At this point, I started stalling for time while I tried to think of something funny to do to him.
(03:46:28 PM) Jarek: well, aim isn’t secure
(03:46:34 PM) Jarek: I’d hate for someone to be listening in
(03:46:36 PM) Jarek: and get my password
(03:47:04 PM) ‘noob’: Be sure. We are connected to each others computers. No others like always else.
(03:47:20 PM) Jarek: well
(03:47:40 PM) Jarek: I know aim isn’t secure
(03:47:50 PM) Jarek: in fact, I’ve listened in on other people before
(03:47:56 PM) ‘noob’: AIM corp gives great services.
(03:48:03 PM) ‘noob’: Their is no worries.
(03:48:04 PM) Jarek: I thought you were from aol corp?
(03:48:15 PM) Jarek: which one
(03:48:19 PM) Jarek: I have separate accounts
(03:49:17 PM) ‘noob’: AIM Corp is of AOL Corp. I from Pakistan tech suppourt help.
At least this explains the crazy grammar. He thinks talking like an idiot will make me think he speaks a foreign language, which will make me think he’s a legit tech support worker? Love this logic…
(03:49:31 PM) ‘noob’: I need one your from now.
(03:49:37 PM) Jarek: I’m sorry, I don’t understand
(03:49:43 PM) Jarek: can you speak normal english?
(03:50:19 PM) ‘noob’: I from Pakistan. I sorry sir and madem.
(03:50:23 PM) Jarek: odd
(03:50:29 PM) Jarek: every other time I’ve talked to tech support
(03:50:41 PM) Jarek: they speak fine English
No, I’ve never had to talk to AIM or AOL tech support. I’m still pulling a blank on ideas of what to do to him, so I started asking people.
(03:51:03 PM) ‘noob’: This change divison. I from Pakistan.
(03:51:18 PM) Jarek: Why again do you need my password?
(03:51:51 PM) ‘noob’: You can’t logon from tomorow if don’t.
(03:51:56 PM) Jarek: oh no!
(03:51:59 PM) ‘noob’: im not lieing!
(03:52:03 PM) Jarek: I need to log in tomorrow!
Idea at last! Not a great one, but just to keep him interested, I’ll throw a little more bait out…
(03:52:07 PM) Jarek: can you control my paypal too?
(03:52:08 PM) ‘noob’: im not lieing!
(03:52:11 PM) Jarek: I use the same password on both!
(03:52:17 PM) Jarek: and I have a lot of money in there!!!
(03:52:39 PM) ‘noob’: Oh yes. I need password than.
(03:52:44 PM) ‘noob’: Now.
(03:52:46 PM) Jarek: oh no oh no oh no
(03:52:51 PM) Jarek: what am I going to do…
(03:53:01 PM) Jarek: hang on
(03:53:05 PM) Jarek: I wrote it down
(03:53:18 PM) ‘noob’: Please, need password.
I’ll make this even more interesting. What if I stole someone else’s account?
(03:53:18 PM) Jarek: its not actually my password, I’m using someone else’s
(03:53:28 PM) Jarek: I transferred all my money into their account
(03:53:32 PM) Jarek: is this because of that?
(03:53:37 PM) ‘noob’: Never right down passwords.
(03:53:48 PM) ‘noob’: Please, no all understood.
(03:53:58 PM) Jarek: I took someone else’s account
(03:54:03 PM) Jarek: is that why I’m in trouble?
(03:54:21 PM) ‘noob’: All passwords have needed
(03:54:33 PM) ‘noob’: Paypal two
He’s an idiot, but he took the bait.
(03:54:55 PM) Jarek: Why do you need the paypal one?
(03:54:59 PM) Jarek: I thought you were from aol
(03:55:05 PM) Jarek: why would you need paypal, then?
(03:55:12 PM) ‘noob’: AIM Corp work with Paypal
(03:55:33 PM) ‘noob’: Much like Yahoo! or Goglee
Not Goglee! If he’s working with them, he must mean business!
(03:55:45 PM) Jarek: yahoo! doesn’t work with paypal
(03:56:04 PM) Jarek: and paypal specifically says it will never ask for your password on an unsecured connection
(03:56:11 PM) Jarek: and aim is unsecured
(03:56:15 PM) ‘noob’: Sir and madem please, need password
Sir AND Madam? I’m insulted!
(03:56:24 PM) Jarek: Sir and madam?
(03:56:30 PM) Jarek: are you calling me both?
(03:57:00 PM) ‘noob’: Cant tell at photo.
(03:57:11 PM) ‘noob’: Please, need of password.
(03:57:11 PM) Jarek: are you calling me ugly?
(03:57:21 PM) Jarek: you can’t tell from my photo if I’m a male or female?
(03:57:49 PM) ‘noob’: Please need password. I get fired if not.
(03:57:59 PM) Jarek: why do you need it again?
(03:58:02 PM) ‘noob’: im not lieing!
(03:58:03 PM) Jarek: you never really told me
(03:58:13 PM) ‘noob’: For system crashes reason
(03:58:21 PM) Jarek: how would my password help?
(03:59:49 PM) ‘noob’: accounts all with no password get loose tomorow
(03:59:49 PM) ‘noob’ has signed off.
He signed off with no warning at all. I was afraid he got tired or bored of this, but he came back on right away.
(04:01:23 PM) ‘noob’ has signed on.
(04:01:33 PM) Jarek: oh good, you’re back
(04:01:40 PM) ‘noob’: Sorry sir and madem. System 98 cause crash
What the heck is System 98? Is he trying to pretend he signed off to go work on a problem with one of AOL’s Systems? Or is he using Windows 98, and doesn’t even know the name of it? No, it must be the super secret OS AOL’s workers use!
(04:01:41 PM) Jarek: I have been talking to my uncle
(04:01:51 PM) ‘noob’: Yes. He say give password?
(04:01:54 PM) Jarek: who works for AOL in the Server Farm
Time to blatantly make stuff up. This doesn’t even make sense, but from what I’ve seen, this guy isn’t smart enough to tell.
(04:02:00 PM) Jarek: he said they’ve had a problem
(04:02:04 PM) Jarek: with someone stealing passwords
(04:02:10 PM) Jarek: and that nothing has gone wrong with any servers lately
(04:02:15 PM) Jarek: and in fact
(04:02:20 PM) ‘noob’: Umm sir, I do need youre password though.
(04:02:20 PM) Jarek: he said I should report you
(04:02:31 PM) ‘noob’: Mistake made.
He starts getting worried, so I press my advantage.
(04:02:34 PM) Jarek: Are you the one whose been stealing people’s passwords?
(04:02:39 PM) Jarek: unless you confess right now
(04:02:45 PM) Jarek: I’ll tell him about you
(04:02:52 PM) Jarek: and you’ll not only lose your account
(04:02:56 PM) Jarek: you could also be sued
(04:02:59 PM) ‘noob’: Yes fine…
(04:03:00 PM) ‘noob’: no…
(04:03:04 PM) ‘noob’: I need money
Huzzah for making stuff up with no founding in fact whatsoever!
(04:03:05 PM) Jarek: in fact, if your not from the USA
(04:03:11 PM) Jarek: this could be a Federal issue
(04:03:16 PM) Jarek: the governments could get involved
(04:03:19 PM) ‘noob’: nononono I’m a twelve year old kid!!!!
(04:03:21 PM) ‘noob’: please!!!
(04:03:25 PM) Jarek: well
(04:03:25 PM) ‘noob’: I’m from Canada
Now I start acting understanding, trying to hook him into telling me stuff.
(04:03:26 PM) Jarek: I understand
(04:03:32 PM) Jarek: I know what its like
(04:03:34 PM) ‘noob’: It was a joke!!!1
(04:03:36 PM) ‘noob’: Funny!!1
(04:03:36 PM) Jarek: to need money and stuff
(04:03:42 PM) Jarek: ya know what
Here’s the setup…
(04:03:52 PM) Jarek: if you can convince me you’re not the person they’ve had trouble with
(04:03:54 PM) ‘noob’: im not lieing!
(04:03:55 PM) Jarek: you won’t get in trouble
(04:04:01 PM) Jarek: my uncle already knows your screen name
(04:04:04 PM) ‘noob’: But no….
(04:04:06 PM) Jarek: I’ll have him check your account
(04:04:09 PM) ‘noob’: I just made it!!1211!
(04:04:12 PM) Jarek: to see if you’re really in Canada
(04:04:16 PM) Jarek: if not, you’re screwed
(04:04:20 PM) ‘noob’: They keep going banned!
(04:04:24 PM) Jarek: if you are, you probably will get off with a warning
(04:04:32 PM) ‘noob’: ok good…
And here we go. The moment of truth:
(04:04:35 PM) Jarek: what’s your password
(04:04:37 PM) ‘noob’: thankthankthankyou
(04:04:38 PM) Jarek: I’ll have him check it
(04:04:42 PM) ‘noob’: its…
(04:04:42 PM) ‘noob’: *Censored*
(04:04:44 PM) ‘noob’: you can try it
(04:04:48 PM) ‘noob’: im not lieing!
(04:04:48 PM) ‘noob’: im not lieing!
He also said he wasn’t ‘lieing’ before. Why should I trust him now.
(04:04:51 PM) Jarek: ok
(04:04:56 PM) Jarek: hang on
(04:05:04 PM) Jarek: he’s running it through the machine…
(04:05:12 PM) Jarek: this could take around 15 minutes
By ‘him’ I mean ‘me’ and by ‘machine’ I mean logging in.
(04:05:15 PM) ‘noob’: I don’t want jail!!
(04:05:19 PM) Jarek: be patient
(04:05:19 PM) ‘noob’: grr, cant it be faster?!
(04:05:23 PM) ‘noob’: noooo
(04:05:26 PM) ‘noob’: 
(04:06:51 PM) Jarek: ok sir
(04:07:03 PM) ‘noob’: YEs?
Time to end this.
(04:07:04 PM) Jarek: the results are in
(04:07:08 PM) Jarek: I’ll copy and paste
(04:07:11 PM) Jarek: wait one second
(04:07:33 PM) ‘noob’: OKOKOKOKOKOKOKOK…..
(04:08:03 PM) ‘noob’: Im only a kid.. please don’t give to FBI or sumthing
The devastating conclusion:
(04:08:24 PM) Jarek: “You are an idiot. I don’t have an uncle from AOL. I don’t even use AOL. You just told a random person your password for no good reason. I’m going to report you for password phishing. Please refrain from going online for a few years. You’re too stupid for even the Internet to handle.”
(04:08:50 PM) ‘noob’ has signed off.
I refrained from changing his password or doing anything to him, despite the immense temptation. I didn’t bother with actually reporting him, since it wouldn’t accomplish anything. I can’t imagine anyone actually being that stupid. For a while, I thought it was a prank, someone just pretending to be an idiot, but after a while I realized he was genuine. What a moron. I’m hoping I managed to scare him off of phishing for a while, but after seeing the limits of his intelligence, I doubt it. Its a shame. The internet would be better without him.
Nice - best social engineering ever.
Wow! That is great! lol
Hmmm interesting. He was defiantly and retard
Thanks for all the comments. It was a lot of fun. Just goes to show how many stupid people are out there…
[…] Her er et lysende eksempel på, hvordan Social Engineering IKKE skal gennemføres. Jeg må indrømme at jeg grinede højlydt over den lille krølle, som historien tager mod slutningen. […]
LOL… nice try. You can tell this whole thing is fake from the timestamps. Some of the timestamps have errors, such as extra numbers or missing colons. That wouldn't happen unless you typed them yourself.
Also, most of the 'im not lieing!' messages have the same timestamp, giving away that you just copied and pasted.
It was copied over from pidgin logs. I assure, its all legit. Where do you see similar timestamps?
Great job, shorty. This was one of the best things I've read in a long time. Hilarious.
Nice, great job changing them. Maybe I shouldn't have pointed them out so that you wouldn't have fixed them and people could see that this is fake.
Nothing was changed. You can't expect to claim something is falsified, bring up no proof, and later claim it was fixed without warning and expect people to believe you. Back up your claim, if you are so sure it was faked. Where is your evidence? You have none, never did, and never will. I really have better things to do in my life then spend time writing up a fake conversation. Why would someone do that?
You're an idiot if you think I'd make something like this up, foolish if you think I would make errors if I had faked it, and paranoid if you assume there is now some sort of coverup going on.
You forget, shorty, that the interwebs is out get us! Not only is your post a conspiracy but so is your existence. I'm sure Bob would agree when I say that you are just a false persona created by the Wired.
Good catch, Bob. Get your tinfoil hat back on or I might mind-attack you through the internetz! You'll know it's me because there will be three timestamps printed on your forehead but they won't be in chronological order. It's the surest sign of a conspiracy.
@Bob: Let's put it this way… users of Internet Explorer 6 generally aren't trusted in geek circles.
Then again.. maybe my user agent isn't the best right now either. Just trying to get Safari for Windows working under Wine.
Edit: The OS X OS must be an error with the plug-in. My user agent is "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/523.12.9 (KHTML, like Gecko) Version/3.0 Safari/523.12.9″
@Bob: Let's put it this way… users of Internet Explorer 6 generally aren't trusted in geek circles.
My point exactly.
i can't imagine anybody being that stupid, hahahahaha.