Feliixbook

Social Engineering: Subject Introduction

    Alright, now we all know what social engineering is. If not there is a quick solution to all our problems, a small square box located at the top right hand corner of your browser. A simple click of this magical figure can solve all your problems here.

    Social engineering = hacking humans

    The art of manipulation, cheating, tricking and even lying can all be known as social engineering. One who performs such tasks can be known as a Social Engineer or (S.Engineer).

     Social engineering is older then computers themselves, it dates back thousands of years ago when the first caveman probably con’d his way into a free meal brought back from some other primitive man. As we might know (hopefully), social engineering is frowned upon in our society, no matter where you come from. The art of manipulating someone is somewhat globally illegal.

     Now as for modern day S.Engineering, it has been able to adapt and merge well with the use of technology (computers and phones etc). Since it’s ability to go hand-in-hand with technology, such as the internet (an invention literally made to connect people together) social engineering has become a grand tool for hackers.

     In more then all cases, social engineering is preformed as an art, such as a dance, and like a dance it has steps. These steps include preplanned web-shaped flowcharts to accurately predict the outcome of any event taken within the “dance”.

    The first step and one that pumps the adrenalien into most S.Engineers is:

Targeting - Is starting event, targeting is the most essential step in “dancing” For more information on targeting.

Investigation - This second step in the process is known to be most crucial. Getting valid, updated and useful information is the key to success. Having incorrect or outdated information while performing another step, could lead to a failed attempt.

Pretexting - Creating and inventing scenarios to persuade the targeted victim to release “inti-information” (Not exactly classified, but slightly intimate information about the company.) Many examples of pretexting can include hiding as a priest in order to get treated slightly different. Pretexting is also the art of gathering props and costumes used to help persuade the victim.

Phishing - This step in the ladder must be taken after pretexting! Phishing is the art of obtaining personal and private information. For example “an attacker can send an email to a victim stating they are a trusted bank. They provide legitimate websites, logos and appearance through (pretexting) they may ask that they give whatever information the desire or fear deletion of their account.”

Clean up - The last step to the “dance” and probably the one that gets most S.Engineers caught and thrown away to jail. The clean up literally is the action of talking, restoring or fixing any holes or traps you may have set. It is the art of being able to cover your footprints and ghost your existence, and even total event.

Tools of the Trade 

•  Cognitive biases - The skilled reading of the pattern of deviation in judgment that occurs in certain situations. The “pattern of deviation” is a standard comparison that can be brought out by a skilled Engineer.
• Cognitive Distortion - This is the skill of continuously feeding inaccurate thoughts to lead to negative thinking. Cognitive distortion is a long preformed skill in which the victim is put under extreme attention by the attacker. This skill results in depression and anxiety. Example: the “all or never” tactic. Using human behavior and events to an extreme, over generalizing situations and behaviors are the key to Cognitive distortion. (Truth, few aspects in human behavior and events are so absolute.
• Quid pro quo - Which literally means, “Something for Something” The attacker will claim to be giving a certain service to the victim on order to obtain access to certain information and servers. Such as a repair technician/IT member etc…
• Badir Impression - The advance art of phreaking, hiding the attacker’s voice and impersonating another’s. Their impersonations went as far as police officers credit card company and executive company owners.
• The Road Apple - This is an art preformed to the most dilatory of victims. An attacker will leave something behind where the target is sure to find it. Such as an elevator or parking lot. What is not known by the target is that the “apple” (USB/Floppy/etc) is poisoned. The road apple is used to anticipate and control the events in the “dance”. (”Don’t be fooled by this tactic, it is well underestimated by all.”)
• More tools will be published in the up-coming weeks.

Trackback URI | Comments RSS