Social engineering is the art of manipulating people into performing actions or exposing confidential information in order to gather information for fraudulent purposes or gain unlawful access to computer systems – this deals with data and assets of a dead person and the struggle ‘over my dead body.’
HALOCK investigated a case where an employee had died out of state and an IT staff member was instructed to retrieve that employee’s laptop from the neighboring state and bring it directly back to the corporate headquarters.
While heading back from the decedent’s home after picking up the laptop, the IT Staff Member was met by a barrage of calls from former co-workers of the departed, who were also close friends. They expressed their grief at the person’s passing and noted that they wished to retrieve some personal information from the laptop – like old pictures, etc. as they knew that once the laptop made it back to the corporate office, all of their precious memories with their former coworker would be lost forever.
The IT Staff Member knew these former coworkers, since they all used to work at the same company together, but they had since left to go work for a competitor. Since the IT Staffer knew these individuals, and trusted them, the decision was made to let the former coworkers/friends retrieve the contents of the laptop before returning to the headquarters.
The IT Staffer proceeded to allow the former coworkers to use USB drives to capture data from their deceased friend’s laptop. While the IT Staffer was waiting, the staffer felt uneasy about the situation and debated about whether or not to tell anyone.
Once the “friends” of the deceased were finished, the IT Staffer continued back to the office, as originally instructed and delivered the laptop to executive management.
The IT Staffer was in the end concerned that the former coworker had taken more than personal artifacts from the laptop and reported the encounter with management.
HALOCK was called in to conduct a computer forensics examination to see exactly what was taken off of the deceased employee’s laptop. Instead of great vacation photos or music files, the forensics team found that the former employees had used the USB drives to copy all corporate intellectual property.
This was a clear case of using social engineering to perform corporate espionage. It was a unique case because the social engineers (the former co-workers) manipulated a grieving employee (the IT Staffer) over the death of a former employee. This was the first time that HALOCK had seen grieving used by the social engineers.
So how did it all end? Unfortunately, but necessarily, the IT Staffer was fired for not protecting company assets. Legal action was brought against the former coworkers who stole the intellectual property. The company that fell victim to this scam instituted better education and training for its IT staff to prevent a future security incident from happening. The organization also invested in annual testing of its staffer’s cyber security awareness.