In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon) I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. At the recent Defcon event, social engineers proved that it doesn’t take much more than asking to get the necessary information that may lead to penetrating a person’s computer.
Social engineering is a fancier, more technical form of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network.
Social engineering is all based on telling a lie and getting others to tell the truth in response. Thousands of years of civilized conditioning and cultural teaching to help and trust one another has made people just a little too eager to help.
Participants in the contest successfully got employees from some Fortune 500 companies to provide full profiles of the inner workings on network PCs and software that could easily be used to launch an attack. Some revealed what operating system they had, the version of their service pack, antivirus software, browser, email, which model their laptops were, the virtual private network software the company used, and even what garbage collector hauled the company’s trash.
In some cases, the tricksters even got the Fortune 500 employees to visit certain websites while on the phone. Sometimes the simple act of visiting a website can install a malicious program on your PC if it’s not properly protected. Based on the answers provided by the employees, the social engineer can guide the person to whatever website that would infect their computer based on the answers provided.
Recognize that while you are generally not being swindled by those who call you, there is a chance that you may be. This means having systems in place regarding what can be said to whom, when, and why. Training on social engineering and how to prevent it is a must for any company and frankly for any individual who doesn’t want to fall victim to a conman.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Women Proved “Securest” in the Defcon Social Engineering Game
In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon), I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out too much information. All five holdouts were women
- Hackers Play "Social Engineering Capture The Flag" At Defcon
Social engineering is a fancier, more technical form of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees
- Hackers Hacked Away in Las Vegas
For the uninitiated, per Wikipedia “DEF CON” (also written as DEFCON or Defcon) is one of the world’s largest annual hacker conventions, held every year in Las Vegas, Nevada. The first DEF CON took place in June 1993. Many of the attendees at DEFCON include computer security professionals, journalists, lawyers, federal government employees, crackers, cyber-criminals, security
- Top 5 Business Security Risks
1. Data Breaches: Businesses suffer most often from data breaches, making up 35% of total breaches. Medical and healthcare services are also frequent targets, accounting for 29.1% of breaches. Government and military make up 16.2%, banking, credit, and financial services account for 10.5%, and 9.2% of breaches occur in educational institutes. Even if you protect your PC
- 10 Types of Criminal Social Media Impersonators
Social media is the fifth form of mainstream media. At this point, most people know how to use social media, and how to navigate the various websites. But what most users don’t yet realize is how social media can be used against them. Social media identity theft occurs for a number of reasons. 1. An online impersonator
Leave a Comment
You must be logged in to post a comment.