Personal Technology Security: What Exactly is Social Engineering?
Fun fact: Not all malicious "Hacking" incidents involves actual hacking actiities. In fact, a large perceentage of so-called "hacking" victims in fact does not involve any computer hacking whatsoever. Before I continue, let me first define what hacking really is.
Hacking is a series of activities including surveying target systems and identifying and exploiting any vulnerabilites identified on the target system. Sounds rather exciting but actual hacking activities invloves a lot of patience and a little bit of luck to be successful. Depending on the implemented security of the system that is targetted for a hack, the activity will take at least a few hours up to a couple of days even weeks! Imagine taking weeks in order to compromise accounts.
That being said, we can safely say that hacking is not an easy thing to pull off in order to be "profitable". The easier way to steal enough information to compromise accounts. This is where "Social Engineering" comes in. "Social Engineering" is the psychological manipulation of people into performing actions or divulging confidential information that can further be used to compromise security. Social engineering is so effective that a lot of successful "hacks" involves some form of social engineering in one form or another.
An example of a popular social engineering is Phishing and SMISHING. Both phishing and smishing involves sending an official-looking message to unsuspecting victims, urging them to go to a particular (but fake) website to steal their login credentials (user name and password) to important faclities such as internet banking and e-commerce sites. The difference betwen Phishing and SMISHING is Phishing messages are sent via email while SMISHING messages are sent via text messages (SMS). A successful Phishing/SMISHING can actually drain the contents of a victim's bank account in a matter of hours. I know because I know of people who were victimized by this type of fraudulent technique.
Even corporate systems are known to have been compromised using Phishing techniques. A recent large-scale organized hacking of an overseas ATM network was perpetrated using social engineering. After tricking a systems administrator into opening a Phishing email with an embedded malicious code, a hacking group was able to get into the servers of an ATM network operator allowing the members of the group to withdraw unlimited cash from various ATMs controlled by the network.
Social engineering is so effective that Kevin Mitnick, one of the most famous hackers, wrote a book called "The Art of Deception". A book that illustrated how to was able to gain access to various systems mostly through various social engineering tactics (and a bit of technical know-how).
Hacking is a series of activities including surveying target systems and identifying and exploiting any vulnerabilites identified on the target system. Sounds rather exciting but actual hacking activities invloves a lot of patience and a little bit of luck to be successful. Depending on the implemented security of the system that is targetted for a hack, the activity will take at least a few hours up to a couple of days even weeks! Imagine taking weeks in order to compromise accounts.
That being said, we can safely say that hacking is not an easy thing to pull off in order to be "profitable". The easier way to steal enough information to compromise accounts. This is where "Social Engineering" comes in. "Social Engineering" is the psychological manipulation of people into performing actions or divulging confidential information that can further be used to compromise security. Social engineering is so effective that a lot of successful "hacks" involves some form of social engineering in one form or another.
An example of a popular social engineering is Phishing and SMISHING. Both phishing and smishing involves sending an official-looking message to unsuspecting victims, urging them to go to a particular (but fake) website to steal their login credentials (user name and password) to important faclities such as internet banking and e-commerce sites. The difference betwen Phishing and SMISHING is Phishing messages are sent via email while SMISHING messages are sent via text messages (SMS). A successful Phishing/SMISHING can actually drain the contents of a victim's bank account in a matter of hours. I know because I know of people who were victimized by this type of fraudulent technique.
Even corporate systems are known to have been compromised using Phishing techniques. A recent large-scale organized hacking of an overseas ATM network was perpetrated using social engineering. After tricking a systems administrator into opening a Phishing email with an embedded malicious code, a hacking group was able to get into the servers of an ATM network operator allowing the members of the group to withdraw unlimited cash from various ATMs controlled by the network.
Social engineering is so effective that Kevin Mitnick, one of the most famous hackers, wrote a book called "The Art of Deception". A book that illustrated how to was able to gain access to various systems mostly through various social engineering tactics (and a bit of technical know-how).
Comments
Post a Comment