Social engineering – the hidden cyber threat

During the cold war spies were used to infiltrate governments, the military, businesses and other organisations. Their job was to steal information (both non-classified and classified) that might prove valuable to another nation-state. There were some people who did this for individual financial gain, but in the main it was governments who wanted to learn about some new technology or secret weapon to find a way of developing it themselves.

This is still going on today but has evolved into more than just cyber spying – there is also something called social engineering. This is where one individual attempts to trick someone else (through manipulation) into letting them inside a network for example to crack the system (rather than attempting to hack in from the outside).

Social engineering is often misunderstood and not considered as part of corporate and government security policies. It is without doubt one of the biggest risks to a nation-states and business security.

Think about two-factor authentication in IT security – the same principles can be applied to individuals but the real advantage is that individuals can be convinced into sharing authentication details – it also will take a lot less time to extract. Social engineers would be well versed in how to extract sensitive information from individuals (people traits and behaviour patterns are good starting points). Social engineers (often referred to as security crackers) use the telephone system to learn company or corporate lingo (and they will search the Internet for additional company or corporate data to assist their knowledgebase) and weave their way in to the IT security department. Once in the security department a security cracker could impersonate someone from that department and ask for the remote login credentials. It has been done.

Why not Google Kevin Mitnick?
He’s one of the world’s leading social engineering wizards and has managed to crack many a system just using social engineering techniques. Individuals are the weakest link in the cyber security strategy but with good education and motivation it is possible to reduce the risk of this attack vector.

Source of Information :  Hakin9 November 2010

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...