Social engineering, this is a scariest word to any one because this is
the most widely used technique by hackers to exploit your systems. So in
this post we are going to learn what is social engineering, effects of
social engineering and how to avoid it.Note: Social engineering is not a software but its a hardware in the form of most intelligent/cunning human ;)
What is Social Engineering: Social engineering is often defined as manipulating people to do what they should not do or make people to give the confidential information required to a hacker. In simple SE is a psychological game played by a sophisticated hacker which can’t avoid(mostly).
How hacker do stuff with SE: Doing stuff with SE is pretty much easy and also hard, Basically it doesn’t matter that if a company or a person have a high end/sophisticated software of hardware because in SE the hacker plays with the mind set of human and there are several examples(like the one below) to show you how hackers use SE to hack your confidential data. It is said that humans are security’s weakest links.
This example is given by Kevin Mitnick who is a famous social engineer and the word Social Engineering is popularized by this guy.
AN MLAC QUICKIE Want to know someone's unlisted phone number? A social engineer can tell you half a dozen ways (and you'll find some of them described in other stories in these pages), but probably the simplest scenario is one that uses a single phone call, like this one.
Number, Please
The attacker dialed the private phone company number for the MLAC, the Mechanized Line Assignment Center. To the woman who answered, he said:
"Hey, this is Paul Anthony. I'm a cable splicer. Listen, a terminal box out here got fried in a fire. Cops think some creep tried to burn his own house down for the insurance. They got me out here alone trying to rewire this entire two hundred- pair terminal. I could really use some help right now. What facilities should be working at 6723 South Main?"
In other parts of the phone company, the person called would know that reverse lookup information on non pub (non published) numbers is supposed to be given out only to authorized phone company MLAC is supposed to be known only to company employees. And while they'd never give out information to the public, who would want to refuse a little help to a company man coping with that heavy-duty assignment?. She feels sorry for him, she's had bad days on the job herself, and she’ll bend the rules a little to help out a fellow employee with a problem. She gives him the cable and pairs and each working number assigned to the address.The example given above is just a sample and there are lot more dirty things done by using SE. By the above example you can know that how a real social engineer exploits human nature to get the information required.
Effects of SE:
Do you think that the biggest pray of SE is common people then your
wrong because guys like Kevin Mitnick played and succeeded with FBI,
NOKIA, MOTOROLA and many more biggest prays. Due to which Mitnick was a
most wanted hacker to FBI(in past), but now Mitnick is a famous security
consultant and a ethical hacker.
How to avoid SE:
Mostly this is difficult question because SE is based on human
psychology and is very hard to avoid it, though I'm not a pro but i just
wish to give some tips to avoid.
Tip #1: Never share your personal information with any unknown people or things ;)
Tip #2:
Never throw your credit or debit card bills in garbage which may
contain lots of information like bank account number or your card number
etc.., If you wish to get rid of them just destroy them.
Tip #3: Improve your intelligence and common sense.
There are several tips like this, but i couldn’t remember right now!!! So, if you wish than share your tips and help others.
"Social engineering bypasses all technologies, including firewalls." - Kevin Mitnick
I tried to give this post in short and sweet, So if you find any thing odd or confusing then ping me.
- also read what is hacking ?
0 comments:
Post a Comment