Social Engineering – Another kind Of Hacking

Computer break-ins are mostly mistaken by the average computer users for being purely technical, due to the technical flaws that intruders can exploit to gain access to computer systems. But in reality, social engineering has a major role to play in enabling an attacker to slip past the initial security barriers. It is often due to the lack of awareness of computer users and their carelessness that make it easy for attackers to enter systems to which they have no authorized access.

Social engineering in computer security is a non-technical intrusion that depends mainly on human interaction. It involves deception, which misleads people into breaking normal security procedures. Social engineers can be said to indulge in con games.

Social engineering has a lot in common with the business of hacking, particularly in the context of its objective of securing unauthorized access to data or systems, for committing hoax, network invasion, identity theft, industrial espionage, or merely disruption of the network or just the system. Telephone companies, answering services; major corporations, financial institutions, military, government agencies and hospitals are typical targets for social engineers. With the Internet boom there were plenty of industrial engineering attacks in start-ups even though larger entities are more likely to be targeted.

In social engineering, influence and persuasion are used to mislead people about the social engineer. Social engineers may also take advantage by manipulation. Thus the social engineer extracts valuable information from unsuspecting computer users whether or not he uses technology to achieve his intentions. For example the ILOVEYOU attack was a virus, which also used social engineering to take advantage of people's curiosity.

In using social engineering to break into a computer network, an intruder would attempt to win the confidence of a person authorized to access the network for information that harms the network security. An urgent problem of some sort could be used as a ruse to seek the help of the authorized employee. Social engineers exploit the human tendency to be helpful as well as their weaknesses. Appeals to vanity and authority and the age old eavesdropping are typical techniques used.

Newcomers to social engineering are surprised at the ease involved in carrying out their intrusions. However most people with natural skills for social engineering may not be the type one can trust and invite to one's home. Social engineering involves lying and those who have the ability to do it well are very likely to resort to it again and again.

As the human element plays a key role in social engineering, the solution is to put yourself in the place of the hacker and try to see things from his point of view. History suggests that the motivation is about intellectual challenge, bragging rights, access to sensitive information, mere curiosity or the one that is feared the most, malicious intent. Once the motive can be ascertained, you are in a better position to take the right precautions and protect your computer against social engineers from exploiting our weaknesses.

Related article: SoCal Computer Hack Traces to Watsonville

» SPAMfighter News - 8/25/2006