When U.S. Leasing (USL) computers began acting sluggishly, computer operators were relieved when a software troubleshooter from IBM called. When he offered to correct the problem they were having, he was given a log-on ID and password

The next morning, the computers were worse. A call to IBM confirmed USL's suspicion: Someone had impersonated an IBM repairman to gain unauthorized access to the system and destroy the database. USL was also concerned that the intruder had devised a program that would let him get back into the system even after all the passwords were changed.

What techniques might the impostor have employed to breach USL's internal security?

The perpetrator may have been an external hacker or he may have been an employee with knowledge of the system.

It seems likely that the perpetrator was responsible for the sluggishness, as he called soon after it started. To cause the sluggishness, the perpetrator may have:

• Infected the system with a virus or worm.

• Hacked into the system and hijacked the system, or a large part of its processing capability.

To break into the system, the perpetrator may have:

• Used pretexting, which is creating and using an invented scenario (the pretext) to increase the likelihood that a victim will divulge information or do something they would not normally do. In this case, the perpetrator pretended to be an IBM software troubleshooter to get a log-on ID and password.

• Used masquerading or impersonation, which is pretending to be an authorized user to access a system. This was possible in this case once the perpetrator obtained the log-on ID and password. Once inside the system, the perpetrator has all the privileges attached to the user ID and password given to him.

• Infected it with a Trojan horse, trap door,logic or time bomb, or some other malware.

• Made unauthorized use of superzap, a software utility that bypasses regular system controls.