This week’s goal is to finish of the posts that have been lying around my drafts folder. Let’s start off with a little tutorial on a devious little trick known as social engineering.
I recently brought this topic up in a college level class and received a wide range of reactions. People were astonished, defensive, and impressed. The idea is simple. You don’t have to hack to get information. You just need to be smart. The human being has always been the weakest link in the security chain. Unfortunately, we can’t get rid of that link, and techniques like social engineering are extremely effective.
Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information
A person’s life is like a web or network of information (like the internet). By grabbing on to a single strand you can essentially go anywhere you like. The results are astonishing becausethe more peope there are, the better this works. If you know Susie, that may give you a path to her coworker Scott, and that gives you a path to his cousin Vinnie, who knows the boss… You get the idea. It’s all about being connected.
Here’s how I usually go about:
Using the outlined methods is relatively simple, but can be an overwhelming thing. There isn’t really any useless information because any kind of information can inch you closer to your goal… whatever that may be. For those that may be wondering, the only real defense against social engineering is knowledge. If somebody comes sniffing around, it may be difficult to recognize. Read up, be aware, and don’t be stupid.