Getting your Wii through social engineering.Dec 10
Well , I did some blog-posts on me and my Wii before (you might want to check them out ) and last Friday : It was the day ! Time to pick up my Wii. I called the toy store where I ordered it on thursday , just to check if they did not have any models in early. But no such luck. Like rain-man-on-heels the lady stuck to the story telling me that Friday is Wii day.
Thus friday comes along and Knight picks up his cellphone and calls the toy store. "Has my Wii arrived" still sounds like the expression of somebody with a bladder issue , yet it is the standard line when checking the order of ones console. "I'm sorry sir" the not quite Harvard material store clerk informs me. " But our order does not come in for another two weeks". As blood drains from my face a mile long parade of possible swearwords marches up into my brain. But i'm a nice guy, I know its not the nice lady's fault. I double check whether they can confirm that my order will be in in two weeks , but they can either confirm nor deny. When I hang up I get caught in a strange sensation.
I'm not one for hypes. To be honest : If more then 100 people are into something, I'm tempted to shake of the whole thing. But suddenly I start feeling this 'urge' to .. have a Wii. The same urge that lets people stand in line for hours for a game console, pay twice the amount on ebay for it , or shoot-or-get-shot in real life when trying to acquire a game where they can "shoot-and-get-shot" (talk about infinite pixel density). In shorts : I've got the Wii-crave. A sensation possibly triggered by an ancient caveman-instinct to hunt-and-acquire. So I start ringing up toy stores, hammering them for Wii-avalability .. Nothing ! All the units they have are either out or reserver. I'm losing a battle here. No one seems to have a spare unit. Tipical : its 2 o'clock in the afternoon on launch date. Most Wii-owners are already in hospital with a shoulder injury after playing to much Wii-tennis. Where the frack am I going to get one now ? After 20 or so calls .. I hang up and try to talk mysellf into believing we will find one Wii in the next few weeks. ( Right after Santa has a run in with a stray ufo that will cause a Wii to fall from the sky and into our lap.)
I know when I'm beat. I know when all the orders are taken and there is nothing more to do. All the nice Wii's are reserved. They boxes labeled with white peaces of paper with the names of their future owners written on them. … Names … Written … owners .. The power of the dark side arises in my head .. And I have an idea.
Here is the deal. All the Wii's are reserved. Probably on a last name basis. So … time for some social engeneering. Unless a down paiment was made on the Wii and a receipt was issued to the owner .. there is no way that the toystore nows who is the actual person that reserved it. When i reserved mine I just gave my last name and they wrote it down. There is no "identity check" Who says you just cant walk in , give the name of somebody who reserved a unit .. And pick it up.
Time for statistics : I don't know WHO reserved a Wii , but i can do an approximation : I can pull up one of the three most common lastnames in the country , call a toy store .. Ask them if the Wii for the "peeters" family has arrived and say that i'm picking it up. Buy a game console : Game the game console. Find a flaw in the reservation system : GAME the reservation system.
Ok , I know the risk. Lets say the "peeters" family has five kids who are going to be very disappointed when I swipe their Wii for Christmas. But all is fair in love and war. You can"t be a "hacker" and a saint at the same time. Push comes to shove and i start calling up a toy store in our neighborhood, asking them if the Wii for the peeters family has arrived …
Never interrupt your enemy when he is making a mistake.
The storeclerck puts me on hold and goes looking for the reserved unit. I hear her rustling through papers, mumbling to her collegue that she cant realy find it by that name. I allready anticipate that they don't have a unit reserved for that name and that i'm gonna have to try a second store. But suddenly the girl picks up the phone and says the following : I'm sorry , I can't find a unit reserved on that name. But we do have a unit here that has been reserved but that does not have a reservation slip on it .. It must be your unit. Napoleon said : Never interupt your enemy when he is making a mestake . I reply at the drop of a hat : "Yes , because I did call your store to make a reservation, i'll be right over to pick it up". "No problem sir" she says. I hang up and a big grin settles on my face. One hour later.. my very own Wii boots up and me and my wife are playing tennis on our own "aquired through social engeneering" Wii.
Social engineering is one of the most powerful ways of hacking. The key to the deal is : Analyzing the system (in this case , a reservation system that is based upon good faith and reservations over the phone) Find a flaw in the system : ( There is no 'proof of identity' or down- payment involved) Hack the system : Gamble on a possible "password" (in this case : a last name) to acquire entrance to the system. Once you are through all of this : the key is to believe in the lies you are telling when dealing with the people inside the system. This is the only way you can be convincing. Don't be nervous, and don't give away to much information. The pretty part about playing ignorant is that people from inside the system will be willing to provide you with information or solutions. And if they do .. just accept them 🙂 Happy gaming !