Last weekend, 60-minutes had a special about the NSA which spoke out on Snowden and spying. The headline was: "The NSA gives unprecedented access to the agency's HQ and, for the first time, explains what it does and what it says it doesn't do: spy on Americans". Clearly a PR offensive, trying to repair a badly damaged reputation.
The NSA has hired 3,000 young analysts as part of cyberdefense. Three of those analysts Morgan, Charles and Natalie describe to us how countries like China, Russia and Iran use social engineering to get inside a network. Here is a short snippet of the transcript.
John Miller: They're looking for a disguise to get in?
Charles: Exactly, yes.
John Miller: And at what point will they ask the question that will cause the adversary to hand over that vulnerability?
Morgan: So if I want to craft a social engineering message to lure you in so that I could potentially steal your username and password to gain access to a network, I may go on your Facebook page and see if you like golfing. So if you like golfing, then maybe I'm gonna send you a email about-- you know, a sale at a big golf retailer near you.
John Miller: So you're trying to develop that little box that's irresistible--
Voices: Correct, Uh-huh.
John Miller: --that the person has to click on and open, because--
Morgan: They'll take, yeah.
John Miller: --they need to see what's inside?
John Miller: And that is going to let loose all the gremlins that are going to take over whatever they're capable of taking over.
Morgan: Yeah, that's their door in.
Charles: The other real trick is, it's not necessarily one email. It could be 50 emails. In the new cyber paradigm, you can fail 50 times. You can ignore 50 emails. But if that 51st one is clicked, then that's it. Game over.
You can see the segment here. Clearly shows the need for security awareness training!