-advertisement -
Jim Stickley: Dumpster diver, crime fighter

He digs in garbage, likes to play dress up and has more fake IDs than a teenager.

It's all part of the job for Jim Stickley, whose duties as the chief technology officer and vice president of engineering for TraceSecurity, a Baton Rouge, La., security compliance software firm, include elaborate social-engineering schemes designed to test the security of bank branches he and his team are hired to assess.

The point of social engineering, he says, is getting people to do things they wouldn't normally do, through deception. This he accomplishes best by showing up on the premises of a bank branch posing as a trusted visitor, such as a fire inspector, an Occupational Safety and Health Administration inspector or a pest-control man. To make it believable, those on his team who are involved in the information heist wear uniforms and bring official-looking ID cards, badges, papers and related equipment. They make appointments when necessary.

"We show up as a role, as someone you expect and trust to be there," says Stickley.

Happy con day
Proving that appearances and a little acting can deceive effectively, his team has even gone sans uniform into a branch inside a grocery store and put up birthday decorations. No one seemed to notice when the team members went from standing on top of the counter at the branch putting up a banner, to slipping behind the counter, stealing cashier's checks.

More typically, his team gets asked to test the security of regular bank branches. The team's objective includes getting past the counters of the bank and, while unattended, stealing as much sensitive information as possible by installing wireless devices and seizing backup tapes. "Only 1 percent of all financial institutions encrypt their backup tapes," he says. The number of accounts Stickley's team can steal, then, is limited only by how many accounts can be stored on those tapes.

The action can only start if employees leave these social engineers to their own devices. Eighty percent of the time bank employees leave you unattended, he says. If they do hover while Stickley or his team members pretend to make inspections, they ask for a cup of coffee or documentation on the equipment they are checking -- anything to make the employee disappear for a few minutes. While they're gone, devices are installed or tapes stolen. When the employee returns, the phony pest-control serviceman simply walks away from that area.

Security firm probes for weaknesses  


Every heist comes with excitement...
Page | 1 | 2 |
New scam to vatch for: vishing
Be alert to scams targeting the elderly
Don't get hooked by these 9 scams
Video: 5 myths about going green
5 myths about going green
Video: Ways to keep produce fresh

Compare Rates
30 yr fixed mtg 4.45%
48 month new car loan 3.77%
1 yr CD 0.89%
Rates may include points
Begin with personal finance fundamentals:
Auto Loans
Credit Cards
Debt Consolidation
Home Equity
Student Loans
- advertisement -