Social Engineering Introduction
There is a well-known saying that “There is no patch to human stupidity”. An organization may spend thousands of dollars relying on Anti-virus solutions, IDS, IPS, Firewalls and all those things, but one single human security breach, could bypass all of them.
Let’s start this chapter with the case study of one of the most famous hackers and social engineers of all time, Kevin Mitnick. He breached the security networks of most of the top companies at that time including Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens.
He was also convicted of hacking and gaining administrator level privileges on the IBM Minicomputers at the Computer Learning Center in Los Angeles. In his interviews and his books, he said that most of his hacks weren’t all just technical expertise. All his hacks were a combination of technical security breach plus the Human Factor. So what exactly is the human factor?
Social Engineering is the art of manipulating an individual in order to make them do or think, according to you. This may include telling you their private information such as password,
home address or anything which may be useful. This often involves the attacker, to talk or act with his target, in such a way, so that the individual builds a trust relationship with the attacker.The age old phishing attack is also a classic example of Social Engineering, in which the victim receives a legitimate looking mail from the attacker which appears to be from a trustworthy person or organization.
These days’ hackers are much more aware of the new and sophisticated Social Engineering techniques, which prove to be much more efficient than the technical hacks. Often in top-attack scenarios, the technical hack is combined with Social Engineering. SET or the Social Engineering Toolkit, is one such tool which combines technical hacking with the Human Factor.
We will be reading more about the Social Engineering Toolkit later in this book. Social Engineering is a study of human behaviors and emotions and using it for personal gain.
It is more of an art and science, rather than some lines of code being executed on your computer screen, The most commonly exploited human emotions include Greed, Empathy, Lust, Curiosity, Vanity, Anger and Fear.
Sometimes a malicious action by the attacker may be hidden behind the attempt to Social Engineer attempt, such as installing a Trojan or disabling the firewall or so on.