Security consultants are saying that hackers are getting access to banks and financial institutions the old-fashioned way -- through schmoozing employees and trickery.
"It's getting harder for hackers to penetrate firewalls and other technological barriers, so they are reverting to lower-tech methods of attack," David Kennedy, the head of security for Diebold Inc., the maker of automated teller machines, told the Wall Street Journal. He said the type of attack, known as social engineering, is one of the biggest threats his company faces today.
Although the report seems to regard this schmoozing as new, social engineering was detailed in depth in several books from the 1990s, including Secrets of the Super Hacker. The WSJ gives accounts of consultants pretending to be a copier technician, a customer going through a divorce or impersonating an exterminator, but the reality is that getting employees to give up passwords and access has been a part of hacking since its beginning -- because it works.
So, if businesses want to stop hacking, they have to start educating their employees.