Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around.
You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self.
And The "Social Engineering" Game Is In Play:
People Are The Easiest Target
--------------------------------------------
You make it to your desk and insert the CD-ROM. You find several files on the CD, including a spreadsheet which you quickly open. The spreadsheet contains a list of employee names, start dates, salaries, and a note field that says "Release" or "Retain". You quickly search for your name but cannot find it. In fact, many of the names don't seem familiar. Why would they, this is pretty large company, you don't know everyone. Since your name is not on the list you feel a bit of relief. It's time to turn this over to your boss. Your boss thanks you and you head back to your desk. You have just become a victim of social engineering.
When Did I Become a Victim of Social Engineering?
--------------------------------------------
Ok, let's take a step back in time. The CD you found in the restroom, it was not left there by accident. It was strategically placed there by me, or one of my employees. You see, my firm has been hired to perform a Network Security Assessment on your company. In reality, we've been contracted to hack into your company from the Internet and have been authorized to utilize social engineering techniques.
The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there.
This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it?
What Does It Mean to Be "Human"
--------------------------------------------
As human beings we are pretty bad at evaluating risk. Self preservation, whether it be from physical danger or any other event that could cause harm, like the loss of a job or income, is a pretty strong human trait. The odd thing is, we tend to worry about things that are not likely to happen. Many people think nothing of climbing a 12 foot ladder to replace an old ceiling fan (sometimes doing so with the electricity still on), but fear getting on a plane. You have a better chance severely inuring yourself climbing a ladder than you do taking a plane ride.
This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target.
In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must.
Conclusion
--------------------------------------------
Defining The Term "Social Engineering": In the world of computers and technology, social engineering is a technique used to obtain or attempt to obtain secure information by tricking an individual into revealing the information. Social engineering is normally quite successful because most targets (or victims) want to trust people and provide as much help as possible. Victims of social engineering typically have no idea they have been conned out of useful information or have been tricked into performing a particular task.
The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target.
About The Author
----------------
Darren Miller is an Industry leading computer and internet security consultant. At the website - http://www.defendingthenet.com you will find information about computer security specifically design to assist home, home office, and small business computer users. Sign up for defending the nets newsletter and become empowered to stay safe on the Internet. You can reach Darren at darren.miller@paralogic.net or at defendthenet@paralogic.net
|
|
|
|
|
|
|
|
New Mass Mailing Spamming Internet Trojan for the Windows Platform
May. 16th 2005 - MicroWorld has reported the discovery of... Read More
Free Ways to Tackle Threats to Your Computer
Protect Your PCHaving problems with your pc? Do your kids,... Read More
HackAttack
P C. owners are constantly at risk from attacks by... Read More
Is The Internet Over Regulated
Today's Internet or World Wide Web is being over regulated.But,... Read More
Spyware Protection Software
Spyware protection software is the easiest way of removing spyware... Read More
Blogs as Safe Haven for Cybercriminals?
To blog or not to blog? Well, why not? Lots... Read More
Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support... Read More
I Spy...Something Terribly Wrong (In Your Computer)
This really chapped my lips...I recently bought a new computer.... Read More
Be Aware of Phishing Scams!
If you use emails actively in your communication, you must... Read More
Website Security - Creating a Bulletproof Site in 5 Easy Steps
When it comes to a secure website and passwords it... Read More
Cybercriminals Trick: Targeted Trojan-Containing Emails
Threats we ordinary Web users face online leave us no... Read More
Crack The Code - Thats A Direct Challenge
I Challenge You To Crack The Code ------------------------------------- I had... Read More
Computer Security
What is computer security? Computer security is the process of... Read More
Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk
The trash folder in my main inbox hit 4000 today.... Read More
Everything You Need To Know About Spyware and Malware
You are at your computer, checking out software on EBay.... Read More
Dont Miss Information Because of Misinformation
It has been said that with the wealth of information,... Read More
IPv6 - Next Step In IP Security
IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More
How To Be Your Own Secret Service Agency
So you want to know who your kids are chatting... Read More
Dont be a Dork ? Protect Yourself
There are folks out there who use their powers for... Read More
Spyware Attacks! Windows Safe Mode is No Longer Safe
Many of us have run into an annoying and time-consuming... Read More
Reducing Fraudulent Transations ? 5 Simple Ways To Protect Yourself
The money being spent online is steadily growing. With billions... Read More
Don?t Become An Identity Fraud Statistic!
"You've just won a fabulous vacation or prize package! Now,... Read More
3 Steps to Ending Scams and Virus Problems
Watching how the traditional media covers the latest virus or... Read More
Internet Scams: Dont be a Victim
As the number of people using the Internet as an... Read More
Is Shopping Online For Your Horse Gifts Safe?
Shopping for horse gifts or other gift items on the... Read More
Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is
A week or so ago, I received an inquiry from... Read More
Click Here To Defeat Evil
Microsoft routinely releases new security updates, many of which are... Read More
Free Spyware Removal - Its Not As Easy As It Sounds
Nobody wants to pay to remove spyware. At the very... Read More
Identity Theft -- 10 Simple Ways to Protect Your Good Name!
Identity Theft is one of the most serious problems facing... Read More
Spyware Symptoms
Spyware symptoms happen when your computer gets bogged down with... Read More
The Truth About Hiding Your Tracks on the Internet
Ok, ok, I know you've seen them. All those pop... Read More
Protection for Your PC - Painless and Free!
Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More
Identity Theft Article ? A Phisher Is Trying To Steal Your Identity!
Sooner or later everyone with an email account will receive... Read More
Spyware, This Time Its Personal!
First the basic definition of Spyware: It is a type... Read More
Computer-Virus Writers: A Few Bats In The Belfry?
"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More
All About Computer Viruses
Your computer is as slow as molasses. Your mouse freezes... Read More
Don?t Become An Identity Fraud Statistic!
"You've just won a fabulous vacation or prize package! Now,... Read More
Internet Small Business and Fraud
Be careful of sites that promise to send you "instant... Read More
Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing
The Internet offers a global marketplace for consumers and businesses.... Read More
Viruses and Worms: The Problems and Their Solutions
History and BackgroundThe virus was one of the first ever... Read More
5 Simple Steps to Protect your Digital Downloads
A couple of days ago, I was searching for a... Read More
If You Sell Anything Online Your ePockets Are Being Picked
You and I are a lot alike. We are both... Read More
An Open Door To Your Home Wireless Internet Network Security?
This is not some new fangled techno-speak, it is a... Read More
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living... Read More
Personal Firewalls - Secure Your Computer
There has not been a time in the history of... Read More
Top Five Spyware Fighting Tips
Spyware and adware are becoming major problems for online surfers... Read More
Online Shopping: 10 Tips For Safe Online Shopping
Have you ever bought a product or service from the... Read More
How To Prevent Spyware Attacking Your Computer
Spyware is software or hardware installed on a computer without... Read More
Is Your Email Private? Part 1 of 3
In a word, no - an email message has always... Read More
Internet/Network Security
Abstract Homogeneous symmetries and congestion control have garnered limited interest... Read More
Temporary Internet Files - the Good, the Bad, and the Ugly
A little bit of time invested into learning about internet... Read More
How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances
Spyware/adware is a new major concern for PC users everywhere.... Read More
Viruses and Worms, Protection from Disaster
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
Spyware, What It Is, What It Does, And How To Stop It
Spyware is software that runs on a personal computer without... Read More
3 Simple Steps to Stay Safe from Spyware
There are several basic concepts to keep in mind when... Read More
Online Cell Phone Scams and Spam
They're out there. Individuals trying to make a quick buck... Read More
Phishing: An Interesting Twist On A Common Scam
After Two Security Assessments I Must Be Secure, Right? ... Read More
Can I Guess Your Password?
We all know that it's dangerous to use the same... Read More
Dont be a Dork ? Protect Yourself
There are folks out there who use their powers for... Read More
A New Era of Computer Security
Computer security for most can be described in 2 words,... Read More
Are You Surfing Safe?
Ok, you've got a computer, and you get online. You... Read More
File Sharing - What You Need to Know!
File sharing on p2p is soaring despite the music and... Read More
Identity Theft -- 10 Simple Ways to Protect Your Good Name!
Identity Theft is one of the most serious problems facing... Read More
How to Get Rid of New Sobig.F Virus?
As you know, this time the virus under the name... Read More
Is The Internet Over Regulated
Today's Internet or World Wide Web is being over regulated.But,... Read More
Phishing ? Its Signs and Your Options
Phishing is the act of some individual sending an email... Read More
Internet Security |