Fast trying to rationalise my targetting of Barclays Bank and the Bank of England I felt a trip across the pond was in order – let the dust settle.
It brought with it more challenges: time zone differences, subtle language variations etc. But I was very keen to see how the US stacked up against the UK.
Lloyd Blankfein was the first US Banking CEO that my OSINT stumbled across, and that seemed as good a target as any to get the ball rolling.
Target 1: Lloyd Blankstein
Goldman Sachs CEO
From: Harvey Schwartz – Me – [harvey.schwartz.gs@outlook.com]
Sunday, June 11, 2017
To: Lloyd Blankfein
Subject: You Killed it!
Just read that your ‘how did infrastructure week go?’ Tweet won some online award for most humorous tweet – Trump will be so pissed
Harvey
Sent from my iPhone
Notes: The tweet did not win any awards
From: Lloyd Blankfein
Sunday, June 11, 2017
To: Harvey Schwartz – Me –
I tweeted when landed in China how good their infrastructure was and that we had to catch up….seemed like a good way to bookend my trip.
From: Harvey Schwartz – Me –
Sunday, June 11, 2017
To: Lloyd Blankfein
Absolute genius Lloyd. You’ve never thought of heading for Vegas with a stand-up act?!
You’d clean up. Although all the girls and gambling… A man could get easily corrupted
From: Lloyd Blankfein
Sunday, June 11, 2017
To: Harvey Schwartz – Me –
I’d settle for getting away with it.
From: Harvey Schwartz – Me –
Sunday, June 11, 2017
To: Lloyd Blankfein
As would I.
I bet Trump tries to get his own back by touring with Julio Borges!
Trump has no sense of humour anyway, he’s a relic of the old ways, drunk on power and a serious danger to America.
The End
Act 2. Two birds with one stone.
My Twitter profile had attracted enough media attention by now that I could post a new email prank and it would often become a published story.
This is exactly what happened with the Lloyd Blankfein exchange, just a few hours passing from the time I tweeted it until the first story appeared online.
Keen to keep pushing the complexity I decided that the hot-off-the-press story would become the ‘hook’ for my next target; Citibank.
Could I get two banks in one day? Using a story about the first prank to build trust in the second? Let’s see…
Targets 2&3:
Stephen Bird & Michael Corbat
Citibank
From: Michael O’Neill – Me – [michael.oneill.citi@outlook.com]
Sunday, June 11, 2017
To: Stephen Bird + Michael Corbat
Subject: Have you seen this?
cityam.com/266427/goldman-sachs-boss-lloyd-blankfein-joins-mark-carne-and-jes
From: Stephen Bird
Sunday, June 11, 2017
To: Michael O’Neill – Me – [michael.oneill.citi@outlook.com]
Can never be too careful Mike. Hope that’s our real Chairman!
Stephen
Notes: Ah well now I feel bad. I’m afraid it wasn’t Stephen. At the time I did do an actual LOL, which doesn’t happen often. Although part of me wanted to be sure I wasn’t being trolled, So I had to press on for clarification I wasn’t being played with.
From: Michael O’Neill – Me –
Sunday, June 11, 2017
To: Stephen Bird
I do think we need to perhaps protect our email addresses going forward
Sent from my iPhone
From: Stephen Bird
Sunday, June 11, 2017
To: Michael O’Neill – Me –
Indeed, we are using a filtering system at the moment which is capturing most spam/non recognised new messages. You’ve probably seen it capture and then ask if you want them released back to your inbox. We can still do more. At least Lloyd was responsive…in the new economy that’s something. Some of his peers are still getting their messages printed out. Lloyd should read “Thinking fast and slow” that might have helped him!
S
From: Michael O’Neill – Me –
Sunday, June 11, 2017
To: Stephen Bird
Ah yes, I had noticed that system, it works well.
It’s the North Koreans and Russians you need to watch in this day and age. Give them an inch and before you know it your garage door is hacked so it closes on your windshield. An old friend of mine has got trapped in his car like that. He claims hackers, but in his instance I’d say it was the large Scotch he had before leaving the golf club!
From: Stephen Bird
Sunday, June 11, 2017
To: Michael O’Neill – Me –
Ha ha…i’d blame Putin too
Notes: Finally! A reply from Michael Corbat too…
From: Michael Corbat
Sunday, June 11, 2017
To: Michael O’Neill – Me –
Can’t open it..
What a great night last eve!!
Thanks for including us.. All the best to Ted and Lizzie!
M
From: Michael O’Neill – Me –
Sunday, June 11, 2017
To: Michael Corbat
Oh it was nothing, I’m glad you enjoyed it. Same time next year?
I will get out my finest Scotch.
Target 3: James Gorman
Morgan Stanley CEO
Notes: Two days had passed since I had completed the pranks against Wells Fargo and Citibank; and I was actually starting to wonder if it would be possible to successfully dupe someone else so soon afterwards. I decided my ‘MO’ needed a refresh…
I had been toying with the idea of accidental emails; emails sent to the intended target – but dressed up as if they were intended for someone else for a little while now. People have a framework of what a threat should look like, and this (in theory) should disable a lot of the human alarm systems. Incorrectly sent emails do happen – and they ask nothing of the recipient – apart from triggering a certain set of fairly predictable responses; both from the sender and the recipient.
So with that in mind I wrote an email which appeared intended for a journalist, and sent that to my intended target; James Gorman.
From: Alistair Darling – Me – [alistair.darling@outlook.com]
Tuesday, June 13, 2017
To: James Gorman
Subject: Photo to Include
Katy,
Please find attached my photo to include with the article (it will have to do!). Could you please forward me a link once it’s live?
Thank you Katy
Alistair
Sent from my iPhone
From: Alistair Darling – Me – [alistair.darling@outlook.com]
Tuesday, June 13, 2017
To: James Gorman
Subject: Sorry – wrong address
I’m sure the last thing you want is a picture of me!
Alistair
Sent from my iPhone
From: James Gorman
Tuesday, June 13, 2017
To: Alistair Darling – Me –
Subject: Re: Sorry – wrong address
It’s a good picture anyway
From: Alistair Darling – Me –
Tuesday, June 13, 2017
To: James Gorman
I can’t help but think you’re being kind, the British press were always merciless about my jet black eyebrows.
It should be a good article actually, assuming my eyebrows don’t steal the show
From: James Gorman
Sent: Tuesday, June 13, 2017
To: Alistair Darling – Me –
Send along when done
From: Alistair Darling – Me –
Tuesday, June 13, 2017
To: James Gorman
I’m presuming you don’t mean my eyebrows, James.
I can categorically state they are 100% natural
Notes: Ah, so I had indeed painted myself into a corner. Should I be content I had some replies from James; and wrap up?… Or… or do I actually write an article, right now, on my iPhone?
From: Alistair Darling – Me –
Tuesday, June 13, 2017
To: James Gorman
Here’s the full edit. Makes a good bedtime read I think
Headline: A changing landscape
Many, many years ago I was on a family holiday with my father in South Wales. Even being kind it was a particularly wet, blustery, and miserable day. A day of crumpets by a crackling log fire. Backgammon under blankets using werther’s originals as counters. Hot baths and soup scolding our tongues like fathers Scotch from his dented hip-flask. But we were breaking new ground, plotting a different course. Rucksacks straining at our shoulders like parachutes, boots grasping our feet like clamshells. This was the way of the British ‘holiday’, and this was why we both grinned like Cheshire cats.
Eventually our efforts were rewarded with the most magnificent of vistas. A silver trail of silk cut through the mountains in the distance, and sliced towards us with a roaring and spitting that made us tingle with anticipation. We were there. Our spot. It was time to fish.
My father and I were obsessed by fishing. It consumed our every conversation and every thought. I had been bought a rod at an early age and I was endlessly fascinated by its graceful movements. Like a conductor I held it tightly, the promise of a bite ever hanging in the air.
After a few hours we had caught 8 fine salmon. The rain had indeed brought us good luck today. My father placed the fish in a linen sack, and hung it from a low hanging branch on an old oak tree, ten metres or so back from the rivers edge. We both were so engrossed with the rivers rage that we only became aware we were now not alone on the bank when we heard a snarling and spitting from the tree line behind us. We spun on our heals – my father wrapping one arm around my chest and pulling me tightly against him. I could tell my father was scared, his arm vibrated and his voice stuttered into life. ‘Get back!’ He bellowed, his eyes fixed on the linen sack of salmon. My eyes darted to join his and there beneath it were 3 enormous dogs, sniffing and snorting as they began to circle in towards our supper. One by one they started jumping at the sack, tearing at it like it was made from paper, chunks of glistening salmon tumbling down to be noisily feasted upon.
We both stood and watched as the last of the fish disappeared into the mouths of the rabid dogs. They began to sniff their way back towards the woods, and slowly they vanished from sight. Scales and cotton strips was all that was left behind.
Whilst it was a frightening experience, my father and I did take away from it one important lesson – that being you cannot take chances with the security of both yourselves and your catch. It’s very easy to say it was just unlucky the dogs crossed our paths, but we knew the area was notorious for it. Dogs had been roaming the woods for many years and just because we had never caught sight of them before, it did not mean we were correct to dismiss the risks so readily. It’s exactly the same with security in all areas of finance, to minimize the risks as you don’t think it’s likely is to ignore the definite correlation between time and likelihood. Given an endless expanse of time, eventually, even the remote risks will rear their heads. You will never know if it will occur in the first second, the 10th, or even after 100 years. But eventually your preparation for the unlikely will be called upon. You can count on it.
So the moral of this torrid tale is never reduce the chances from 1% to zero just because it’s easy and convenient to do so. That 1% is as important as it would be if it was 99.9%. This is something we tirelessly enforce at Morgan Stanley to ensure our customers are never left open to risks, and we suggest everyone in the financial industry should follow our lead.
From: James Gorman
Tuesday, June 13, 2017
To: Alistair Darling – Me –
Excellent. Great personal story to make a critical point!
From: Alistair Darling – Me –
Tuesday, June 13, 2017
To: James Gorman
I’m so glad you like it. It’s also a little knowing wink and a nod towards Goldman and Citi’s flakey cyber security that’s made rather amusing reading this week.
Whilst I’m on – 1st of July, I’m having an Arabian Nights themed party, it would be an honour if you could attend? I’ve made a rather splendid new cocktail, it contains Martini and Scotch with a few closely guarded secret ingredients. Oh please say you can make it?! I’m trying to hire an actual Camel! But by Christ they are big, I saw one close up and it scared the shit out of me if you pardon my French!