At the recent Defcon event, social engineers
proved that it doesn’t take much more than asking to get the necessary
information that may lead to penetrating a person’s computer.
Social engineering is a fancier, more technical form of lying.
alternative to traditional hacking, it is the act of manipulating
others into performing certain actions or divulging confidential
information. Social engineering or “social penetration” techniques are
used to bypass sophisticated and expensive hardware and software in a
Social engineering is all based on telling a
lie and getting others to tell the truth in response. Thousands of years
of civilized conditioning and cultural teaching to help and trust one
another has made people just a little too eager to help.
Participants in the contest successfully got employees from some Fortune 500 companies to provide full profiles of the inner workings on network PCs and software that could easily be used to launch an attack.
revealed what operating system they had, the version of their service
pack, antivirus software, browser, email, which model their laptops
were, the virtual private network software the company used, and even what garbage collector hauled the company’s trash.
some cases, the tricksters even got the Fortune 500 employees to visit
certain websites while on the phone. Sometimes the simple act of
visiting a website can install a malicious program on your PC if it’s
not properly protected.
Based on the answers provided by the
employees, the social engineer can guide the person to whatever website
that would infect their computer based on the answers provided.
that while you are generally not being swindled by those who call you,
there is a chance that you may be. This means having systems in place
regarding what can be said to whom, when, and why.
social engineering and how to prevent it is a must for any company and
frankly for any individual who doesn’t want to fall victim to a conman.