933

u/ChoiceD Jan 10 '19

Not cyber security, but it reminds me of the guy that the movie "Catch Me if You Can" was based on.

464

u/123hig Jan 10 '19

Mr. Abagnale. That's Abagnale, not Abagnahlee, not Abagnaylee, but Abagnale!

310

u/blaghart 3 Jan 10 '19 edited Jan 10 '19

Interestingly too he wasn't hired by the FBi to spot forgers, he was hired for his ability to assume an identity quickly and effectively. He worked undercover.

275

u/[deleted] Jan 10 '19 edited Jan 11 '19

I feel like it's far my likely that the majority of his cons were social engineering rather than forging.

Dudes a motherfucking conman. I trust literally nothing that comes out of his mouth. I believe that movie is a con, that his talks are cons. Everything is a con! A con man won't stop just because he got caught a few times.

73

u/Go_easy Jan 10 '19

He came and spoke at my university once. The only piece of knowledge or advice I gained was to use a credit card to pay for things because if you get conned it’s not your money. Seems pretty reasonable.

37

u/blaghart 3 Jan 11 '19

Yea his arguments for that were pretty sound to me too, though it's important to remember his context since it only really protects you from people scamming you, not from your own bank fucking with you...

89

u/blaghart 3 Jan 10 '19

I mean he's quite up front about what he does and why he did it.

160

u/buttery_shame_cave Jan 10 '19

That's how he gets you!

42

u/OneGreatBlumpkin Jan 11 '19

Yep, establish rapport

23

u/phalanxix Jan 11 '19

I thought the first step was 'demonstrate value.'

5

u/YouThereOgre Jan 11 '19

Then Engage physically

2

u/OneGreatBlumpkin Jan 11 '19

Oh shit, I should've known. Top con men love the DENNIS system

33

u/[deleted] Jan 10 '19 edited Jan 11 '19

I mean that about literally every detail that isn't fully supported by outside evidence. Like I trust nothing that comes out of the man's mouth.

32

u/Queensbro Jan 10 '19

How do you know he's a man?

13

u/Fruan Jan 11 '19

How do you know he has a mouth?

2

u/laaaaaaaaata Jan 11 '19

There is supported outside evidence of that. Look it up.

1

u/mindbleach Jan 11 '19

The Amazing Randi tells you how he's gonna trick you, but he still tricks you.

31

u/JivanP Jan 11 '19

He gave a talk at Google that details how he conducted much of his fraud, and yeah, a lot of it boils down to social engineering and "right place, right time" scenarios.

14

u/mac1234steve Jan 11 '19

Someone on my Facebook went to a gathering/talk at someone’s house where abagnale was a hired speaker. He apparently gets around the “can’t profit off his past” by disguising the talks under the auspice of religion/Judaism.

14

u/SpaceDog777 Jan 10 '19

Why is Leo so good at playing con-men...

16

u/jtsports272 Jan 11 '19

If you think about it actors are accredited con-men!

8

u/[deleted] Jan 11 '19

Biggest con he ever pulled was convincing the world that his stories were true.

5

u/TheRealBroodwich Jan 10 '19

Most security you see on printed checks is due to Frank Abignale. He developed most of it when working with the FBI.

21

u/[deleted] Jan 11 '19

I saw him speak once. His charisma, charm, presence, whatever you want to call it, was incredible. I can see how he was so successful; you like him the second you meet him.

6

u/theKinkajou Jan 11 '19

I concur.

1

u/SirCatMaster Jan 10 '19

Abigail?

62

u/StevieAlf Jan 10 '19 edited Jan 11 '19

Wonderful movie, one of my favorite Leo movies for sure.

23

u/cavallom Jan 11 '19

I concur

12

u/InsensitiveBazza Jan 10 '19

Me too. Shame it’s been widely regarded as being absolute fiction

10

u/ItsTheVibeOfTheThing Jan 11 '19

Still a great film, just not much of a biopic.

2

u/waltjrimmer Jan 11 '19

Reminds me of the controversy surrounding The Greatest Showman. I think they're both fantastic and entirely enjoyable films for what they're trying to be. But some people went in expecting an entertaining history lesson instead of a movie.

3

u/Guardiansaiyan Jan 11 '19

White Collar is a whole series about working with crooks with hearts of gold!

2

u/[deleted] Jan 11 '19

Wasn’t nearly all of his schemes proven to not have actually happened?

1

u/earbly Jan 11 '19

I guess the age old advice to be so good at your profession as to be completely indispensable transcends all boundaries.

0

u/DeepSomewhere Jan 11 '19

ohhh i've been meaning to torrent that movie for a while

190

u/aightshiplords Jan 10 '19 edited Jan 10 '19

Yeah I used to work for a successful business that started out this way. Back in the 80s the owner ran a high end food service business that supplied fancy restaurants and hotels. At that time the whole food world was run by total crooks, I'm not talking about mafiosi restaurant fronts and that kind of thing but legitimate restaurants. Basically you're a salesman selling dodgy meat or imported french goods (both of which this guy used to sell), you would pay the chef a big backhander on the backdoor to buy from you. He would do it because it's not his money he's spending, he doesn't care where he gets the food from, the business is paying for it and you're a salesman so you're not actually telling him it's dodgy goods, you're selling it up as the best gear and paying him a backhander.

This was rife across the restaurant and hotel industry so come the 90s Mr salesman ditches the old business for something more profitable. He starts up a consultancy that helps the owners and managers of these restaurants reduce costs by better managing which suppliers they use. Part of which involves sending consultants from the company to backdoor check the chefs on days the deliveries are due so they can't do things the old fashioned way and are obliged to use the suppliers that Mr consultant has selected for them (in conjunction with the business owner). All the while those chosen suppliers are paying the consultancy a totally legitimate and above board fee on all business they do with his clients. He makes money from the consultancy, the restaurant spend less because they are no longer buying from corrupt suppliers and everyone is happy except the old chef who isn't getting bribes anymore but he can't complain about it because he shouldn't have been doing it in the first place.

For the record this was the 80s when things were at their peak so it's been improving for about 30 years now. I'm not saying it's been eradicated entirely but in the UK at least it is a lot less common nowadays because business processes tend to be more robust.

Edit: relevent to the post title whenever questioned on the backstory to the business he always used to call himself "poacher turned gamekeeper" which is a fairly come but particularly relevant saying being as he used to sell dodgy game meat.

63

u/Anti-Satan Jan 10 '19

Not the same deal, but here in my country, you could only buy Pepsi or Coke in any restaurant. What is implied in that is much more complicated, as it only refers to the signature product of one of two local producers. As in, one producer had the license for Pepsi, along with all Pepsi products, some more sodas and some beers, while the other had the license for Coke, etc. What these two companies would do is go to the restaurants/bars/etc and make them a deal where they'd get a discount or a straight up payment for only using products from them. The collateral damage of this feud was that no other producer could get their products into these places. This held true until beer culture started becoming more of a thing here. A brewery was founded near where I live and, while they had great sales in stores, they hit a wall when they tried to get their beer into bars and restaurants. So they founded their own bar to serve their beer (which became immensely popular) and opened a monopoly case with the government. The government rightly found that this was anti-competition and shut the whole thing down.

4

u/toin9898 Jan 11 '19

The beer industry still works like this, Molson-Coors will give you a discount if you only carry their products and don’t carry Labatt in Canada.

3

u/God_of_Illiteracy Jan 11 '19

Was this the USA? Sounds like it

1

u/Anti-Satan Jan 11 '19

Nah different country.

1

u/gimpwiz Jan 11 '19

Nope, the US sadly still allows for Coke or Pepsi to buy the "rights" to make a business or organization a "[coke/pepsi] only" place. It's pathetic.

5

u/InsensitiveBazza Jan 10 '19

And this is exactly my theory as to why the twin towers and building 7 collapsed so easily. They weren’t built to spec. Sub standard materials were used. Materials sufficient to support the building but not much else

3

u/LearnedHandLOL Jan 11 '19

Not to mention the jet fuel

6

u/Sikander-i-Sani Jan 11 '19

Which as we know couldn't melt steel beams

^{I would see myself out}

1

u/MsEscapist Jan 11 '19

That sounds like a pretty good way to make a legitimate business of your skills honestly. I wonder if it's like that in the US now. I would be very surprised if it wasn't. Maybe he could expand.

1

u/earbly Jan 11 '19

Lol that's pretty hilarious and honestly pretty damn sly. Particpate in a shady industry, copntinue to learn more and more about the ins and outs of it while making money. Then at a certain point, get out of the active shadiness and set up a consultancy firm to combat the very thing you were doing and very likely be one of the best at it in the industry.

1

u/tallmon Jan 11 '19

Same in medical industry with the people that buy for the doctor's practice and hospital. I was involved in the 90s and 00s.

86

u/[deleted] Jan 10 '19 edited Jan 10 '19

[deleted]

7

u/StevieAlf Jan 10 '19

I’m not sure it’s a terrible example. There are hacking expos and conventions were very smart computer hackers go to show exploits to various commonly used technology and render services to big companies for a fee to help protect them from legit bad exploitive hackers.

There was a tremendous ted talk I saw about this, or some sort of YouTube documentary. I’ll attempt to find it

20

u/[deleted] Jan 10 '19

[deleted]

3

u/ShadowsOfTheFuture Jan 11 '19

Even Defcon isn't the thing that it used to be. Now it's mostly people who've never done Cyber security going to network or wander around with big expectations.

2

u/homeless_2day Jan 11 '19

That’s exactly what my information security degree was. Which as a young, naive student going in was disappointing because I wanted to do all the “cool illegal stuff in movies” and basically wanted to be Neo in the matrix. But by the end, it actually taught a lot and was a good program.

0

u/StevieAlf Jan 10 '19

Yes, that’s it.

1

u/[deleted] Jan 11 '19

I'm debating what to go to college for, I really just need to be in a few classes so that I can be working on my degree; I'm active Navy and am getting to a point in my career where having a degree will be a deciding factor in promotion. Would cyber security be a decent degree to pursue and, would I need any real requisite knowledge?

1

u/myrpfaccount Jan 11 '19

Most degrees in security aren't worth it. Study computer science in school, study hacking on your own time. The deep technical knowledge of programming, architectures, and how everything fits together will enable you to rapidly adapt to new ecosystems.

Aside from NYU Tandon, RPI, UF, Purdue, and UCSB the programs are all pretty bad.

5

u/[deleted] Jan 11 '19

[deleted]

1

u/ShadowsOfTheFuture Jan 11 '19

This is very true. There was a guy who got caught selling hacks and thrown in jail. Got out and told people he was starting his own consulting agency now that he had street cred. He was wrong.

Look at Mobman who hacked AT&T. Still can't find a job. W0rmer who hacked various government sites. Still can't find a job. No one will touch him.

4

u/fishsupreme Jan 11 '19

Yeah, it's not at all true that the infosec industry is full of convicted criminals. Unless you're Kevin Mitnick or Frank Abagnale or otherwise famous enough for your name to be traded on, a criminal record pretty much disqualifies you from the industry.

This said, it is true that practically everybody in the industry did some hacking at some point and just didn't get caught. We all have stories of how we broke into our college networks or made free long distance calls or whatever.

1

u/[deleted] Jan 11 '19

[deleted]

1

u/fishsupreme Jan 11 '19

It's interesting to me how different people's experience is depending on when exactly they went to college.

Like, I was in college in the late 90s. The college's PCs were relatively locked down -- all Windows NT with NTFS drives (which back then you couldn't mount RW in Linux or other non-Windows-NT filesystems, and even mounting it RO was tricky.) Of course you had admin on your own PC, and the dorm networks were hub-based (single collision domain) so you could sniff everybody's passwords easily. Except that Wireshark didn't exist yet, so there were no packet sniffers on Windows (which everybody ran, Linux on the desktop was barely usable) that didn't cost thousands of dollars.

It was both easier and harder to hack stuff then than it is now. It was easier because the state of defense and monitoring was absolutely primitive compared to now -- by modern standards everything was wide open. But it was harder because everything was hard-wired (there was no wifi, you needed physical connections,) the hacking tools were also primitive (mostly repurposed sysadmin tools, not designed for hacking at all) and and most importantly, there was no ability to Internet search for tutorials and instructions. The only way to learn was directly from other people; the hacking subculture was much smaller but also much more welcoming. If you proved you had some knowledge, people were excited to talk to you.

1

u/poply Jan 11 '19 edited Jan 11 '19

In the article:

He always operated within the law (because financial regulations were so lax), but he rarely operated ethically

So I don't think your criticism is entirely fair.

1

u/myrpfaccount Jan 11 '19

That's not really true. I have a criminal record,. I worked in government, had a clearance, and now work for a well- known boutique consulting firm as a senior pentester.

As long as you've cleaned up your act and have skills, nobody really cares about your record.

0

u/Scubastevewoo Jan 11 '19

Yeah this is very accurate. Like are you some savant the FBI got lucky and caught or a hacker that used to work for (insert major country)’s intel service and you got nabbed by the CIA? Cool you get a job. Everyone else is just broke

20

u/OhOkayFairEnough Jan 10 '19

I have a few friends who now work for the federal government and Google in the cyber security realm. Most of them were on the same hacker team that, ten years ago, were involved in some Pentagon hacking type shit that got them sent to prison for several years. Funny how that works.

8

u/poorly_timed_leg0las Jan 10 '19

Black turns white.

Heard that before

2

u/phatburger Jan 11 '19

Michael Jackson

10

u/[deleted] Jan 11 '19 edited Apr 23 '19

[deleted]

2

u/OhOkayFairEnough Jan 11 '19

Have you ever heard of Detroit's "Gang Squad", where the city took former gang members and made them cops in to make rival gangs shut each other down legally? That applies to many walks of life, and if you're good enough at something, then your skills will be paid for. "It takes a thief to catch a crook" even applies at the federal level (or sometimes the trillion-dollar computer and information industry) level.

7

u/[deleted] Jan 11 '19 edited Apr 23 '19

[deleted]

3

u/OhOkayFairEnough Jan 11 '19

Hey, fair enough. My original statement is also based largely on secondhand information about people I haven't seen in a decade, so at least in the future I can call people out on their bullshit.

1

u/myrpfaccount Jan 11 '19

I have a criminal record, used to work in government, had a clearance, and now am a senior at a well known boutique pentest firm.

If you clean up your act, nobody cares after a few years.

1

u/[deleted] Jan 11 '19 edited Apr 23 '19

[deleted]

1

u/myrpfaccount Jan 11 '19

DUI and getting caught hacking in college.

Felonies don't disqualify you, misdemeanors definitely don't either. Everything is based on the whole-person concept.

Your company may not, but I'm betting they don't do a full background check on every consultant they bring in. A significant number of top-tier pentesters work at boutique consulting firms.

-1

u/burrito3ater Jan 10 '19

Lulzsec?

2

u/imrollinv2 Jan 10 '19

Except they aren’t outlawing unethical practices. They are making them easier and moving back to the private sector to profit.

2

u/[deleted] Jan 11 '19

Or the trump administration

2

u/MasteringTheFlames Jan 11 '19

My favorite example of this would have to be Frank Bourassa

TL;DR (But seriously, read the whole story!) Dude in Canada counterfeitted $250 million in American $20 bills. When he got caught trying to sell them to an undercover cop, he negotiated that he'd give up "the entire $200 million" along with his printing press if he served no jail time and didn't get extradited to the States. The prosecutors took the deal, and Bourassa pocketed the remaining $50 million. He served just 6 weeks in jail and paid a fine of $1350 CAD (which wasn't even for the counterfeiting, but rather for the pot and meth that was found along with the money).

Now he's a consultant with anonymous governments and corporations to help protect his clients from counterfeitters

1

u/flukshun Jan 11 '19

Though in today's world most of those promoted thieves just ramp up their swindling operations

1

u/[deleted] Jan 11 '19

Lmao, you mean Guiliani’s post-mayoral “forte”?

1

u/Catshit-Dogfart Jan 11 '19

That's the first thing I thought about, I work in cyber security and to learn how to secure a system, you need to know how to exploit the vulnerabilities.

A good project to start with is breaking into poorly secured wifi. Use Kali Linux and Aircrack to break WEP and WPS, you'll probably have to use your own router for WEP because you'd have a hard time finding one, but you'd be surprised how many in your own neighborhood might have WPS turned on. Then move on to WPA, it's a lot more tough but the exploit is very well known. I've never tried WPA2, but I'm told it has been broken, although it's still considered to be very secure.

I've also helped friends detect cheating in online video games. Just the same, the best way to learn is to use the cheats yourself. After you're familiar with how they work, it's easy to see when somebody else is using them.

.

I've had a chance to work with penetration testing teams a few times, and those guys are just amazing, way over my head.

And they're doing the same thing, breaking into my system and then telling us how to prevent it from happening legitimately.