• Sad Bug Killer (cs)

    #/usr/bin/comment

    Accepting payment to write the first comment

  • Waffle (unregistered)

    Nothing unexpected here. Social engineering is the most widespread weakness of security systems.

  • pcooper (cs)

    I'm pretty sure that management's scolding of the night staff is not sufficient to stop a social engineering attack.

  • FredSaw (cs)

    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."

  • Mikkel (unregistered) in reply to FredSaw
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."

    Or bet the bartender $500 you can pee into a glass 3 m. away without missing a drop in the bar and bet people $1000 that you can pee all over the bar and bartender and he will still be happy.

  • luptatum (unregistered)

    Isn't physical access security the first step to system security? So in a way this guy is a super hacker and did the first access any would be attacker would attempt. If you can gain someone on the "inside" who can login to the system you don't need to waste time breaking into the system.

    The real WTF is that they don't have physical access security setup for their servers...

    And the 2nd WTF is why this website is so SLLOOWWW today :(

  • DeLos (cs)

    I would hope that the contract (was there one?) would specify the terms on how the Super Hacker would approach the challenge.

  • Merlin (unregistered)

    I'm guessing the "super hacker" did not receive the reward, or did he? Well if he had a clever contract, but I don't think this trick does work very often ...

  • Frank Butcher (unregistered) in reply to FredSaw
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    If she accepts youre up $50 If she refuses youre down $100
  • me (unregistered) in reply to Frank Butcher
    Frank Butcher:
    If she accepts youre up $50 If she refuses youre down $100

    Right. So?

  • ratsnake (unregistered)

    Well, he found an exploit. Clearly, that "someone" shouldn't had access to the server room. And the server should have a good enough SAI so that unless you were physically there you couldn't perform a MDoS on it (Manual Denial of Service).

  • WhiskeyJack (cs)

    Wow, that was really quite the snarky exit. I wonder if that's what really happened, or if the drama was anonymized...

  • jetcitywoman (cs)

    Wait, if he had to pay an employee to pull the plug doesn't that mean he could neither find a security hole, nor gain physical access himself? And if that's true, then how did he put the python "script" into the system? (More social engineering but with the managers? "Hey, here is the fix, just copy it onto your system.")

  • anon (unregistered) in reply to jetcitywoman
    jetcitywoman:
    Wait, if he had to pay an employee to pull the plug doesn't that mean he could neither find a security hole, nor gain physical access himself? And if that's true, then how did he put the python "script" into the system? (More social engineering but with the managers? "Hey, here is the fix, just copy it onto your system.")

    Creating a file and shutting down a computer require different access levels, you know.

  • akatherder (cs)

    I could understand the super hacker just telling the janitor to unplug the computer. Claiming to be an authority figure would have been social engineering.

    But just offering $10 is not social engineering. It's a complete lack of morals.

  • Jivlain (cs) in reply to me
    me:
    Frank Butcher:
    If she accepts youre up $50 If she refuses youre down $100

    Right. So?

    Well, if it turns out that less than 2/3 of the sorts of women who hang around in bars are willing to remove their blouses for $50 then the pot odds are against you.

  • jonny s. (unregistered) in reply to Frank Butcher
    Frank Butcher:
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    If she accepts youre up $50 If she refuses youre down $100
    If she accepts you're up $50 AND there's a girl walking around without a shirt.

    If she doesn't, there's plenty of other girls at the bar, some drunker than others.

  • luptatum (unregistered)

    After rereading this, I guess the the fix could be a WTF... Yet, if someone would LOOK at the "code" in the fix; the problem could actually be fixed... Which is seems this happened so there still isn't a WTF in this story :/

  • Tommy American (unregistered)

    So they took down the main web server for the night? Didn't that affect business?

  • bcharr2 (unregistered)

    He should be advertising himself as a "social engineer" and not a "hacker". There is a huge difference.

    Some people are both, but being as he was introduced around the office by the boss before "bribing" an employee to unplug the server, I suspect this guy was neither.

    Perhaps if no one in the office had known he was hired, and no one suspected an attack was imminent...

  • Rob (unregistered) in reply to Jivlain

    Why do you assume you can only ask one women? If even one women at the bar will take off her shirt for $50 you will be paid as long as you're persistent (and at least one women will be walking around without a shirt).

  • cavemanf16 (cs)

    ROFL! In the words of Kevin Malone: "That... was... awesome!"

  • diaphanein (unregistered) in reply to Rob
    Rob:
    Why do you assume you can only ask one women? If even one women at the bar will take off her shirt for $50 you will be paid as long as you're persistent (and at least one women will be walking around without a shirt).

    Depends on how many times you're willing to be slapped (or kneed in the groin) for a measely $50.

  • bob (unregistered)

    whoa! another super believable story! i'm laughing so hard!

  • CGomez (unregistered)

    The whole Super Hacker thing is overblown but he is a good consultant if he tries all methods to shut down the server.

    Now the management firm was a little daft in setting this up. This seems like a dumb way to reward a consultant. After all, why not just have the janitor pull the plug and then stop. Have you found any other vulnerabilities? Probably not. So the web site could still be open to attack.

    To say paying someome $10 to pull the plug and calling that an immoral attack is pretty dumb, too. After all, anything that brings down your server can prove a boon to the competition. All methods of attack must be defended against.

  • diaphanein (unregistered) in reply to luptatum
    luptatum:
    After rereading this, I guess the the fix could be a WTF... Yet, if someone would LOOK at the "code" in the fix; the problem could actually be fixed... Which is seems this happened so there still isn't a WTF in this story :/
    Yes, there is. The WTF is the night staff being "scolded" instead of fired and/or arrested for malicious and destructive actions.
  • Zylon (cs) in reply to cavemanf16
    cavemanf16:
    ROFL! In the words of Kevin Malone: "That... was... awesome!"

    I hate to break it to you, but Kevin Malone didn't coin that expression.

  • Ie (unregistered) in reply to akatherder

    Well, if your objective is a denial of service attack on their business, offering $10 for an inside job seems like a likely path of attack.

  • Kiefer Rodriguez (unregistered)

    When Mike asked around the office for the person(s) responsible for removing the power source from our server box to come forward, no one owned up. Though its believed among my peers that some of the cleaning staff know who was responsible, social engineering worked in his favor by approaching a lower level staff member (cleaner most likely) and making out to be an authority figure claiming that he was running diagnostic tests and he needed someone to shut down the server box by removing the power source in say five minutes, and he would give them $10 for their effort (seeing as how its outside their work requirements as a cleaner). Though the term 'super-hacker' has become some what of a nickname for someone slacking off at work :p.

    Capcha: sino

  • Mr Ascii (cs) in reply to Frank Butcher
    Frank Butcher:
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    If she accepts youre up $50 If she refuses youre down $100
    You ask her FIRST. If she takes the $50, you tell her to wait for your signal, then go look for takers on the $100 bet. If you don't get takers, you either rescind the offer or pay her the $50 for the fun of it.
  • Andrew (unregistered) in reply to Frank Butcher
    Frank Butcher:
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    If she accepts youre up $50 If she refuses youre down $100

    Ask the woman first.

  • Pete Repete (unregistered) in reply to Kiefer Rodriguez

    [quote user="Kiefer Rodriguez] the term 'super-hacker' has become some what of a nickname for someone slacking off at work :p. Capcha: sino[/quote]

    So if we're reading and replying to WTF at work does that make us super-hackers? C00l my sk1lz are L337

  • Jared Lorz (unregistered)

    Wow, what a steaming pile of bullshit that story is.

  • thetodd (unregistered) in reply to Frank Butcher

    Who cares about the math? You might see boobies.

  • Mike D. (unregistered) in reply to Pete Repete

    [quote user="Pete Repete"][quote user="Kiefer Rodriguez] the term 'super-hacker' has become some what of a nickname for someone slacking off at work :p. Capcha: sino[/quote]

    So if we're reading and replying to WTF at work does that make us super-hackers? C00l my sk1lz are L337 [/quote]

    Missed quote mark is epic.

  • bpk (unregistered)
    Comment held for moderation.
  • bla (unregistered)

    The real wtf is that the she-bang is wrong...

  • Polar (unregistered) in reply to Andrew
    Andrew:
    Frank Butcher:
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    If she accepts youre up $50 If she refuses youre down $100

    Ask the woman first.

    Are you talking about Irish Girl??

    Captcha => jugis...I wonder if the "i" is supposed to be there??

  • Edward Royce (unregistered) in reply to FredSaw
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."

    Hmmm.

    Best summary of SEO (Search Engine Optimization) I've seen so far.

  • The masked cucumber (unregistered) in reply to bla
    bla:
    The real wtf is that the she-bang is wrong...

    How many people out there notice that ;)

    Fix not working => Get the money back :D

  • I walked the dinosaur (unregistered) in reply to Mikkel
    Mikkel:
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."

    Or bet the bartender $500 you can pee into a glass 3 m. away without missing a drop in the bar and bet people $1000 that you can pee all over the bar and bartender and he will still be happy.

    Then BAM!!!! Headshot!

  • Loyal Subject of the Queen of Canada (unregistered)

    Wow! A happy story on WTF, where everyone gets exactly what they deserve!

  • EJ_ (cs) in reply to Andrew
    Andrew:
    Frank Butcher:
    FredSaw:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    If she accepts youre up $50 If she refuses youre down $100

    Ask the woman first.

    A variant on that one that loses you less money probably:

    Bet a woman (in a bar, hopefully drunk) $20 that you can take off her bra without touching her shirt or breasts. If she accepts the bet, give her a good groping, and pay the woman her $20 :)

  • rumpelstiltskin (unregistered) in reply to jetcitywoman

    Why would you conclude that? Getting someone to pull the plug is probably just the first thing he tried, and, it worked, so he was due $3500. Why would you expect him to do more work?

  • taylonr (cs) in reply to rumpelstiltskin

    I'm disappointed.

    When I started reading it, I thought the boss got duped by a real hacker posing as a security expert, and would do some trivial thing to prove he was a consultant, only to gain permanent access to their financials or something.

  • Kiefer Rodriguez (unregistered)

    For those of you claiming the story to be a work of fiction, I can assure you the story is genuine. The shebang line should have been '#!/usr/bin/env python' but I was in a rush when submitting the story and could not locate the actual .py file, and in my haste didnt bother to actually think anyone would care about the shebang line, the script did have more to it (details of the operations it was claiming to undertake etc) but cut them out to save space and to make it easier to understand for any non-programmer TDWTF readers (As if you dont understand the code - You wont get the joke). Management (remember, were quite a small ISP operation, no more than 30-40 workers) did not bother to write up a contract for the security audit, nor bother to check his credentials (remember- small business).

    And believe it or not, management rarely read bugfixes, patches, etc for their content, they just want to know everything works.

    Capcha: transverbero ..Cmon! Thats not even a word! :P

  • Goglu (unregistered) in reply to me

    That's the price to keep the place decent!

  • Aaron Griffin (unregistered)

    Man, that's some Kevin Mitnick shit.

  • FredSaw (cs) in reply to Kiefer Rodriguez
    Kiefer Rodriguez:
    And believe it or not, management rarely read bugfixes, patches, etc for their content, they just want to know everything works.
    As long as the customer's happy...
  • n9ds (cs) in reply to Andrew
    Andrew:
    Frank Butcher:
    So it's a variant of the old barroom tale -- "I'll bet you $100 I can get that woman to take off her blouse here in the bar." ... "I'll give you $50 to take off your blouse."
    Ask the woman first.

    Wait, what bars are you going to where women willingly take off their blouses and how do we get there?

Leave a comment on “The Super Hacker”

Log In or post as a guest

Replying to comment #:

« Return to Article