Wow! Was I Just Socially Engineered?

Okay. Regardless how on top of your game you may think that you are, people- when it comes to Social Engineering I really would like for you to be aware that IT CAN HAPPEN TO YOU. Period. As a matter of fact, I’ll even go so far as to say not only CAN it happen, but as sure as the Sun rises loyally every morning in the east and lowers in the west, it WILL HAPPEN. It’s only a question of when it’s going to happen and what flavor the tactic will present itself in. With that being said, let us proceed.

What exactly is “ Social Engineering ” ? Social Engineering is defined as the process of deceiving people into giving away access or confidential information. Wikipedia defines it as: “is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.“Although it has been given a bad name by the plethora of “free pizza”, “free coffee”, and “how to pick up chicks” sites, aspects social engineering actually touches on many parts of daily life. Many consider social engineering to be the greatest risk to security.   ( As defined on the official Social Engineering web site. )

So this guy walks into the motel. About an hour or so before I clock out for the night and hit the deuces. This guy, leather notebook in hand, wearing a navy blue jump suit with the white stripes down the side of the arms and the legs. A coach of some school or some kids by all means. I’m telling ya, this guy was freaking Jerry over at Penn State. ( I should shoot for the video footage so you could see this for yourself..really ). So he walks up to the desk and I’m like…thinking he has reservations, for his sake anyway because dude…we’re booked to the max. There’s an oil boom here are ya kidding me? But anyway, so he’s like no reservation..but how are we looking tomorrow? Tomorrow? Dude, tomorrow? It’s midnight now…what about tomorrow?

How is your internet service at the hotel, do you guys have a business center for the guest that has computers….with audio ability that can support my ear buds? Dude, are my ears and eyes deceiving me or are we really having this conversation? Do you mind if I take a look at the computer, Quintius, ( not 3 minutes later and we’re already on a first name basis…BUT I HAVE NO CLUE WHO THIS GUY IS. I know that he’s a guest, he’s respectable- c’mon the guys a coach traveling. ), I just want to see if I’ll be able to work on some business that I have to take care of? No problem you’re covered, dude, we have WiFi. (Granted, you’re taking care of business in traffic literally, security can’t be too high up on your list anyway. ) Well, that’s just the thing, Quintius, I DIDN’T BRING MY LAPTOP WITH ME, I’m from California ( what does that have to do with the price of tea in China? ), I’ve been staying in the hotels but none of the computers in the business centers were compatible with my ear buds. You say you have rooms tomorrow I can just book my reservation all at the same time and we’ll see if this spot is going to work for me. Customer service wins!

So the clock is ticking and has continued to tick all the way to the the point in all of this where it’s time for me to throw up deuces. That much time has passed with this coach in my business center booking his reservation with the help of his ear buds. Hey coach, it was nice meeting ya, is this spot going to work out for ya? Mouse click. ( Expected. ) Yes, this is just fine with the hard-drive propped on top of the trash can and the screen showing just enough traces of Twitter for me to be able to remember that it’s either #FF or I’ve freaking missed it again. ( Sorry, Tweeps…this is what I’m dealing with at the moment. :( ) Well, I guess we’ll talk tomorrow. Our night auditor is coming in so when she comes by just let her know the situation with you being stuck out of a room tonight and having to come in here to reserve a room for tomorrow on our computers. Nice chatting with ya coach….( umm…what was his name again, I didn’t catch it? Did you? )

Fast-forward. As hard as it may be to believe…this story is not over. As a matter of fact, this is how it ended. With me sitting on my couch tapping buttons on my laptop and my spider-senses are telling me….SOMETHING ISN’T RIGHT! ( Never doubt your spider-senses when it comes to security….esp. cyber-security. )

    • Text message to my night auditor. 2:14 a.m. : Hey, check the business center and let me know if there’s still a creepy guy in there wearing an Adidas suit.
    • Reply: K. Lol. Yep’. I don’t want to see whatever is on the screen because when I peeked in there he had his head phones on and he was licking his lips.
    • My response: Okay, this is what you do. Tell him without a reservation you’ll need a copy of his driver’s license in order for him to access the guest computers. If he refuses…lock him out and kick him out.
    • Reply: Is he not in-house?

My response: No, he was suppose to be in there making a reservation for tomorrow because we didn’t have any rooms tonight. So either he gives you his license while he continues to make his reservation or he leaves. Point? He’s a fucking pervert and needs to get the fuck off the system and the premises.

  • Reply: K, got him out.
  • Response: Thank you. ( Mind you….2:33 a.m. when it all ended. )

The End

( This post was based on actual events that transpired two nights ago. )

What makes this story even more dramatic is not only did it happen to a customer service representative at the front desk of a hotel, it just so happens that this rep is also a first year systems security student with the end goal of becoming an ethical hacker. Point taken: IT HAPPENS.