Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
XBox (Games)

Live 'Hacking' Clarified as Pretexting 51

1up reports on a clarification of last week's Xbox Live security scare. Though there are no technical problems with the service, there is a service problem with the service: account information was obtained via pretexting. Essentially, social engineers called up Xbox Live tech support and lied, saying they were users of certain accounts. Thanks to the sloppy training and privacy consciousness of Live's customer service operators, information was given out that allowed these pretexters onto accounts. "That probably means calling in to deal with customer support about the nitty gritty of your Xbox Live account will become both much more secure and potentially a bit more time-consuming and annoying. That may be the necessary price for full security, although as long as we're dealing with humans (and information that can slip into others' hands), there's sure to be the occasional case of successful pre-texting."
This discussion has been archived. No new comments can be posted.

Live 'Hacking' Clarified as Pretexting

Comments Filter:
  • People (Score:3, Insightful)

    by hansamurai ( 907719 ) <hansamurai@gmail.com> on Monday March 26, 2007 @12:22PM (#18489875) Homepage Journal
    Not a big surprise that the weakest link of their security is the human element.
    • Re: (Score:3, Interesting)

      by PingSpike ( 947548 )
      The weakest link has pretty much always been the people. Security methods change, but the principles behind social engineering are pretty stable.
  • by Anonymous Coward on Monday March 26, 2007 @12:22PM (#18489877)
    Why don't we call it what it is - lying.
  • by maxume ( 22995 ) on Monday March 26, 2007 @12:27PM (#18489991)
    Inventing a pretty word for it doesn't change what it is.
    • Or "Social Engineering", even.

      Though I can see where the word came from - "under the pretext of ... "
    • by moore.dustin ( 942289 ) on Monday March 26, 2007 @12:34PM (#18490103) Homepage
      Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law. Source [ftc.gov].

      Lying and Fraud are broad terms, pretexting adds clarity as to the specifics of the crime. It is the same as saying Wire Fraud or Check Fraud.

      It does not need to be either or, it can be both. Your suggestion only adds a nonconstructive, ambiguous element that will only serve to confuse, not clarify.
      • by maxume ( 22995 )
        No it doesn't. Show a situation where 'false pretenses' isn't 'lying'. The idea that there is ambiguity introduces ambiguity. Since there isn't any, there isn't any reason to 'clarify' anything.
        • I am simply saying that pretexting is lying/fraud, but the word allows for further definition. For us, we can take it the simple terms in context and we are fine, but for non-techies, I imagine it does not hurt to attempt to be more clear. I just do not think it is a euphemism to the degree we are making it out to be.
          • by maxume ( 22995 )
            When speaking to someone that you assume know less than you do, the clearest speech uses the broadest terms. You are basically saying that pretexting is jargon that everyday people will understand better than everyday words.
            • You are certainly right. I am just thinking that, if they wanted to obtain a better definition or understanding of the story, looking up pretexting would yield much more valuable and related information than just looking up fraud. That make sense? I agree with you really, just playing the devil's advocate if you will.
              • by maxume ( 22995 )
                Makes sense. My primary objection was that it was in the headline; "Live 'Hacking' Clarified" carries about the same amount of information, and then it can be explained in the story. "Live Hackers Liars" does well too(Maybe kick it off with an X-Box).
        • by Dahamma ( 304068 ) on Monday March 26, 2007 @01:01PM (#18490533)
          Fraud is narrowly defined as lying that results in personal gain, pretexting doesn't have to result in personal gain, hence is not equivalent.

          Lying isn't (necessarily) illegal. Pretexting is. Not equivalent.

          I think "pretexting" is a really stupid term, too, but it is in fact a legal term (ie. it's the term officially used by the FTC) that most succinctly describes the crime. You can gripe that it's a dumb word, but not that all of these terms mean the same thing.
          • by maxume ( 22995 )
            The article(really the summary) could say that they had been accused of lying to gain access to other people's accounts and then mention that that is legally called pretexting. Outside in is better than inside out. My big gripe is that it is being talked about as pretexting, which is the legal term for what happened, and then people forget that they had to lie to do it. The summary as written is really poor, mostly because it focuses on the technical legal term for what happened(by putting it in the headlin
            • You could also dumb down any of the articles here on Slashdot for the lowest common denominator using only 6th grade vocabulary as to not confuse the masses... or you could just lookup words you don't understand the meaning to, learn to use it in a sentence and impress your friends with your New Brain(tm).

              If you don't think that Pretexting or Social Engineering falls within the bounds of a geeks vocabulary I think you need to brush up on your nerd history; start with Kevin Mitnick [wikipedia.org].
              • by maxume ( 22995 )
                Is there somewhere I can turn in my geek card? Normal people will still think I'm a crazy nerd, but at least I won't have to follow the policies of the Geeks International Zeitgeist.
                • It's not a zeitgeist it's simple backlash over a ridiculous complaint. I don't care where you are, it's taboo to walk into a specialized community and complain that they're using appropriate language to describe something, instead of used dumbed down language and defining every technical term, simply because you're too lazy to look it up.

                  You might as well visit France and complain that the French aren't speaking English.
                  • by maxume ( 22995 )
                    Geeks
                    International
                    Zeitgeist

                    That help? GIZ! How about that?

                    It's a technical legal term, not a 'geek' word. Astonishingly, I even knew what it meant before I replied, but I have enough qualms about the manipulative usage of language(it was used here because somebody absorbed it somewhat poorly) that I felt the need to comment about it. Sorry.
            • by Dahamma ( 304068 )
              The summary as written is really poor, mostly because it focuses on the technical legal term for what happened(by putting it in the headline).

              Well, I'll agree with that at least... then again, please remember this is the same site that just posted an article with the headline "Siberia - The Next Silicon Valley?"

        • No it doesn't. Show a situation where 'false pretenses' isn't 'lying'. The idea that there is ambiguity introduces ambiguity. Since there isn't any, there isn't any reason to 'clarify' anything.
          All squares are rectangles, but not all rectangles are squares.

          How about a situation where a lie isn't a false pretext? They exist (look up the definition for pretext), and this is where the term 'pretexting' is less ambiguous than 'lying'.
      • Pretexting is the practice of getting your personal information under false pretenses.

        Then why isn't it called "pretensing?" That'd make more sense, but it doesn't sound as high-tech and scary as "pretexting," so the mainstream media outlets won't have anything to do with it.

        Nobody says "information was gained under false pretexts," in spite of pretext [reference.com] and pretense [reference.com] having almost identical definitions.

    • by CaseM ( 746707 )
      Pretexting [ftc.gov] is a technical term.
      • by maxume ( 22995 )
        The part of that page "There ought to be a law" refers repeatedly to fraud and false statements in explaining what is illegal about pretexting. The page also indicates it was published in February 2006. The page isn't there to establish pretexting as a term, it is there to explain to people what the hell it is supposed to mean, which I would take as an indication that people are hiding behind it in some way or another, but I'm probably crazy.
        • by CaseM ( 746707 )
          I'm simply pointing out that "pretexting" is a specific type of fraud. "Stealing money" means a whole lot of things, almost all of which are punishable by law. "Embezzlement" is a specific type of money-stealing, but explains the context and manner/means in which the money is stolen. This is what "pretexting" is to "fraud", and I was merely trying to point that out to some who claimed that calling it "pretexting" is a denial of the moral implications of such actions. How they got from point A to B simpl
    • I don't know...it worked for negroes^H^H^H^H^H^H^Hblacks^H^H^H^H^H^Hafrican americans...
  • Hmm (Score:3, Interesting)

    by ajenteks ( 943860 ) on Monday March 26, 2007 @12:33PM (#18490091)
    That's surprising to me to see that XBL's support staff would be so careless. Last time I called them up it was quite a chore... But then again maybe I had to verify and re-verify personal information to them because I was cancelling and not just getting a password reset.
  • Ok, so some 12 year old asshats are upset that I beat them in Halo, so they "pretext" (lie) to get into my account.

    What sort of penalties could they face? None, I would think.

    Forget all that online multiplayer stuff, it's easier to have real friends.
  • I wish you could change the email login associated to your gamertag. Mine points to an old account I never ever use now. I keep it just for that.
  • Isn't pretexting a feature of the OoGhiJ MIQtxxXA? You know, sending text messages before you've even thought of them, reading them before you've even seen them!
  • Live 'Hacking' Clarified as Pretexting

    as opposed to : Dead 'Hacking' Clarified as PostTexting.

  • I first heard about this a few months ago regarding user accounts on Phantasy Star Universe. Players would pre-text/lie/etc. to gain access to another user's account and then sell off/steal/etc. any items the victim had in their possession or player store.

    In this case, as with others to maybe a lesser extent, there is a monetary attachment involved. You have paid a $50.00 fee(not sure what the gold membership fee is) to access and play these games online. You have also invested time, which may not be di
  • this is what you get with outsourced call centers.
  • I preferred it when it was called "Social Engineering".

    I wish HP would just hurry up and patent "pretexting" so we can all start using a different term.
    • by XaXXon ( 202882 )
      It would be a trademark. If it was patented, only HP and their licensees would be able to do it and we'd still be able to call it pretexting.

    • indeed.

      pity the world at large weren't interested in *ahem* computer security in the early 90s.. except for the occasional supervillain whistling down telephone lines in order to start WW3.
  • Now hacking is some kind of precrime.

    I wonder if the precogs saw this one coming.

  • Impersonate (Score:3, Interesting)

    by Luyseyal ( 3154 ) <swaters.luy@info> on Tuesday March 27, 2007 @08:54AM (#18500645) Homepage
    What the hell is wrong with using the word "impersonate"? At least it doesn't sound anything like sending text messages.

    -l
  • From what I read the "hackers" also purchased xbox live currency (Microsoft Points) on some of the accounts. Would that be some kind of credit card fraud? 1000 microsoft points being roughly 12 dollars IIRC.

System checkpoint complete.

Working...