See also: Bad Things | Bad Guy | Trojan horse
This topic is Dangerous. It both touches on and directly challenges things which are fundamental components in society:
- Religion, Leadership and Politics
- Economics
- Intelligence, Discourse, Logic and Communication in general
Social engineering is a tactic in artificial conditioning. It is a more elegant variation on con artistry, usually not resulting in a simple cash grab. Social Engineering is a skill without a degree. It is a talent by which the skilled may subtly or overtly extract information or otherwise direct the actions or thoughts of a person or persons. By most, Social Engineering is often considered a Bad Thing or outright Evil.
There is a fundamental difficulty in communicating the reality of Social Engineering in that it itself is questionable by the skills and tools it attempts to make obvious. Often times, discussing Social Engineering becomes a practice in teaching the steps taken to wield logic. In the Socratic style, one would say that it is preferred to surround a person with the topic such that they come to self-enlightenment rather than to profess and directly educate that person. In the Socratic example, the tools of logic are conveyed to a person, and then that person is asked to analyse the suspected social engineering topic to come to their own conclusions.
A warning must be made in that this topic may breed a form of paranoia or a mistrust in elements seen as using social engineering. Just remember that information and knowledge are not Truth, they are merely perspective. Derive information from multiple sources and, above all, Think. Consider the motivations of those generating, packaging, storing or transporting information. Consider forces which may act on those systems. Understand that in the real world there are real-world considerations to be made.
Contents
- 1 Computer Security Perspective
- 2 More General
- 3 Famous Social Engineers
- 4 Related Links
- 5 Related Topics
Computer Security Perspective
Where there have been advancements in software and hardware security methods and devices, such as seen with the firewall or encryption, there still remains a potential security flaw — users. Social Engineering exists as a means to exploit this user-vulnerability.
A naive user may be taken advantage of and could be lead to release sensitive information or access, or may even perform actions which in reality pose a security risk. The briefest example of social engineering in this context would be a user giving out their login and password. That login and password may have been given to a person whose intent is malicious to the security of that user’s system.
More General
A frequent, and obvious, example would be several forms of advertising and their attempts to sell one something which one does not need nor, in reality, truly want.
- Consumer Angst – In this story there are no heroes or villains, just people who believe they can buy happiness, and advertisers who support this belief. Consumerism is one of religion’s modern replacements, and, like religion, it actively encourages, then exploits, dissatisfaction with everyday reality.
Other examples include:
-
- Unwarranted faith in the opinion of another – perception of position and qualification: “I’m not a doctor, but I play one on TV.”
- Faith in media news outlets – These outlets face overt and covert restrictions. They have time and “edutainment” considerations to make.
- Faith in documentaries – Even the most hardcore documentary cannot be perfectly accurate, even if it is relaying generally accepted material.
- Unwarranted faith in the opinion of another – perception of position and qualification: “I’m not a doctor, but I play one on TV.”
Social engineering is often seen at the root of fashion, music and other fads, economics, festivals and holidays, politics, etc.
Other examples:
- The phone company releasing personal information (billing, address, relaying account notes) without verifying a caller’s identity.
- Portraying a false identity via email, which would allow someone to trust the sender, therefore divulging information which they otherwise may have keep private.
Famous Social Engineers
- Kevin Mitnick
- Defensive Thinking – Mitnick’s security site with downloadable examples of social engineering and prevention/detection techniques
- Frank Abagnale Jr. – Inspired the film ‘Catch Me if You Can’
Related Links
- Social Engineering: What is it, why is so little said about it and what can be done? – by John Palumbo
- [http://www.isr.umd.edu/gemstone/infosec/ver2/papers/socialeng.html Methods of Hacking:
Social Engineering] – by Rick Nelson
- Securityflaw’s Social Engineering Intro, Defense and Offense texts
- Social engineering texts – including “The Complete Social Engineering FAQ” – Social engineering from the cracker’s perspective.
Related Topics
TakeDown.NET -> “Social-engineering”