Posted in: Technology

How Wal-Mart Was Hacked: Lying Engineer Infiltrates Company

How Wal-Mart Was Hacked: Lying Engineer Infiltrates Company

How Wal-Mart was hacked is a cautionary tale about the vulnerability of information in the digital age.

The story of how Wal-Mart was hacked starts with a phone call to the manager of a store in a small military town. The call was allegedly from someone named “Gary Darnell” at Wal-Mart’s corporate headquarters in Bentonville, Arkansas.

Gary Darnell told the manager that he was giving a handful of Wal-Mart branch managers a chance to pilot a multi-million-dollar government contract, but first he needed a full picture of the store’s operations, CNN.com reported. Darnell spent 10 minutes giving details of himself, the government contract that would make the company “tons of cash,” and his plans for a visit.

In exchange, Darnell asked for information about the store including its janitorial contractor, cafeteria food-services provider, and even the shift schedule. By the end of the conversation, Darnell knew exactly when managers took breaks and where they went for lunch.

Then came the key detail of how Wal-Mart was hacked — Darnell asked the manager for details about the PC he used including the computer’s operating system and antivirus software. He then got the manager to click on an external website, but, when it was blocked Darnell, said he would call the IT department and fix the problem.

The manager thought nothing of it, CNN.com reported.

” ‘Sounds good,’ he answered. ‘I’ll try again in a few hours.’ “

Gary Darnell hung up the phone and stepped out of the soundproof booth where he had spent the last 20 minutes to applause. He had been performing for an audience of more than 100 people at the Defcon conference in Las Vegas who were listening to his every detail of how Wal-Mart was hacked. Darnell, who is really Shane MacDougall, was participating in a “capture the flag” contest to see who could capture every required data points, or flags, from a company.

For the competition, the social engineers are sent a dossier with the name and email of their target along with their list of targets, Social-Engineering.com reported. Participant are allowed to gather as much information as they can through public, open source information like company websites and even Facebook or Twitter.

Competitors then receive points based on how many flags they are able to get from their target.

“Social engineering is the biggest threat to the enterprise, without a doubt,” MacDougall told CNN.com after his call. “I see all these [chief security officers] that spend all this money on firewalls and stuff, and they spend zero dollars on awareness.”

How Wal-Mart was hacked might not be as important as why it was hacked, MacDougall explained. As the head of security firm Tactical Intelligence, he regularly conducts social-engineering tests for clients to check the vulnerability of their information.

The performances are poor across the board, he said, especially among sales employees.

“As soon as they think there’s money, common sense goes out the window.”

Bentonville executives see the story of how Wal-Mart was hacked as a stern warning to others, with Wal-Mart spokesman Dan Fogleman telling CNN.com: “We take the safeguarding of our business information very seriously and we’re disappointed some basic information was shared.”

Articles And Offers From The Web

Comments

8 Responses to “How Wal-Mart Was Hacked: Lying Engineer Infiltrates Company”

  1. Anonymous

    Many years ago I did a security analysis of a retail store. I walked in wearing a suit and tie. I told the assistant manager that I needed access to the money room to work on the computer there. They walked me down the hall and opened the door for me. As I entered I found the safe open with all the cash from the day and full access to a computer server that was already logged in by a administrator password. I waited 30 minutes walked out and called the security manager from the front customer service desk to tell him to come in. Due to just that one effort the company now has a policy that no one gets into the cash room without verifying who they are through security at the main office and they are accompanied by a manager at all times.

  2. Kellie Arrowood

    Wal Mart already has tons of money…Probably more than the government.

  3. Kellie Arrowood

    Wal Mart already has tons of money…Probably more than the government.

  4. Butch McEvoy

    I hope Wal Mart did not fire the poor guy who gave the info, I am almost certain they did. Commie bastards are probably rooting for China in the Olympics..

  5. Anonymous

    Wal-Mart stores have cafeteria foodservice providers? No. Were they hacked? No some, information like the janitorail contractor was found out.