Social Engineering - A Quick Introduction


#1

What is Social Engineering?

As there are so many different uses for SE, it is widely misunderstood. SE is a tool, and it’s neither good or evil, it just depends on how people use it. Most of the times we hear about SE or read an article about it, it’s almost always about how someone’s used Social Engineering to engage in criminal activity, like to gain access to an email account or to someones’ personal data, thus making the public believe in a big misconception that SE is an evil thing. Well, the public couldn’t be more wrong.

Wether we use it to avoid paying for something, convice your parents to let you go out at night with some friends or even for personal gains, like asking for a promotion or a raise, we are using Social Engineering.

So, to answer the question, Social Engineering is the psychological manipulation of the human mind in order to achieve our interests, “The Art of Human Hacking” if you will.

In the Cyber and Info Sec context:

In the security context, SE is mainly used to manipulate people into revealing personal and confidential information, so it can be used to simply access an email account or, in more “complicated” cases, to access a company system or even to commit identity theft.

The most dangerous thing about SE attacks is that most victims don’t even know they are being attacked, mainly due to lack of awareness. Most companies don’t even worry about these type of attacks nor do they have any type of training/guideline to their employees, making them easily exploitable.

The purpose of this post is just to make a little introduction to the Social Engineering world and to make people more aware of this kind of threat. Thankfully, this subject is being more and more talked about, thus creating a much needed social awareness.

In Popular Culture:

  1. In the videogame Watch_Dogs, the protagonist,Aiden Pearce, is adept in SE

  2. In the TV Show Mr. Robot, Social Engineering is mentioned various times as being a crucial part in a successful hack.

As this is my first post EVER, please feel free to provide any feedback and ideas, plus, if people find this topic interesting, I will try to go deeper into the SE World and talked about its steps and techiques.

Related Links:

http://anonhq.com/cia-director-hacked-by-an-alleged-teen/

http://anonhq.com/how-social-engineering-hacked-the-c-i-a/

https://www.youtube.com/watch?v=bjYhmX_OUQQ

http://ricardogeek.com/docs/taohh.pdf


#2

That was an awesome game that sadly misconceived hacking to the public. Honestly he was horrible at talking to people though…he was bumbling and trying to make up excuses for a lot of things.

If he was adept at anything it was driving – on second though nevermind.

Back to the main topic, Social Engineering takes advantage of the only vector that cannot be patched by some piece of software or secured by mechanisms. Humans however can become aware of attempts with proper training (i.e recognizing when someone you haven’t seen before suddenly follows you into the break area)


#3

Thanks! must’ve forgot that


#4

One thing you can talk about however is how real the threat is to SCADA systems.

I recently wrote an essay on it that I might publish over the summer.


(oaktree) #5

I await your publication, @Sea.

EDIT: We await your publication.


#6

Not very familiar with SCADA Systems. Definitely gonna research about it


#7

Some people might read about SCADA and think this is one big government mainframe that controls everything in the US.

It’s not particularly ONE giant system that controls everything, but is a control system that is used by a lot of utility companies. The biggest issue to it lies in the vulnurability of its systems. Outdated software, legacy systems, and poor security training result in breaches.

Stuxnut is a perfect example of how these systems can be taken advantage of (I forgot if this was scada specific or if the nuclear plants used a different system)


#8

Thanks for writing this! I’ve been waiting`! :grinning:


(Command-Line Ninja) #9

I really enjoyed reading this post! The general overview, and the references to existing content really made it an engaging read :slight_smile:

Well done! This is exactly what we are looking for :wink:


(Command-Line Ninja) #10

No? That never happened. He walked in to that underground ‘bar’ and pretended to be that weird old guy. That was social engineering, and he pulled it off well.


#11

This gives a good introduction into Social Engineering. :smiley: Really informative and easy to grasp over for beginners into this. :smile:


(Dusteh) #12

This is a good introduction to Social Engineering, we are still waiting for the next batch. :wink:


(Left) #13

He finished this series already! Look up his profile for the next post.


(Dusteh) #14

Oh I didn’t realize that, thanks for the heads up.


(system) #15

This topic was automatically closed after 30 days. New replies are no longer allowed.