Social engineering is a technique of obtaining access or information to people without them realizing it. Unlike other attacks, it does not require software.
The hacker uses the confidence of a person to obtain information generally about a computer system (operating system version, credit card number, password, etc.). This practice exploits the human and social vulnerabilities of the victim, to which the target computer system is linked.
The classic technique is to appear in a company with a "mission order" to update the antivirus on the desktop assistant, for example. Instead, we will install a keylogger that will capture all passwords entered.
Social engineering is not new and has been around forever, with famous engineers such as Kevin Mitnick and Frank Abagnale. According to Kevin Mitnick: it is easier to exploit human nature than to exploit vulnerabilities in software.
In this article, we'll look to see in detail the different techniques used social engineering hackers.
The social engineering by phone
On the phone, it is easy to be fooled by an individual posing as your telephone company, or even your banker. The goal of the hacker is to have the information as quickly as possible. A good hacker has prepared his character and his speech. With a few well-placed words and the right tone, it will be quite simple for him pretexting. Some hackers have some techniques to enhance their credibility, like playing on a tape a previously recorded tape of office noise, or use a material that changes the timbre of the voice to mimic that of a secretary.
A test performed during the Defcon conference assessed the risk of disclosure of secret information by employees of the company subject to social engineering techniques by phone: 135 employees from 17 large companies including Coca-Cola, Ford, Pepsi, Cisco, Wal-Mart, were tested as part of this hacking contest. The results are shocking, since 96% of them canvassed by telephone, have disclosed information considered "sensitive" version of the operating system, antivirus software and browsers used in the company, etc.
Here is a video tour between the Netherlands and Ukraine or young pirates explain how they are credited EUR 100 000 poor gullible traders using social engineering over the telephone and other techniques.
The social engineering by internet
The social engineering internet is similar to that phone. It can be done by mail enamel by spoofed websites (phishing). Often these attacks begin by sending an email by a hacker claiming to be from someone or something that you know or that you trust, such as a friend or your favorite bank.
These emails make you perform an action such as clicking a link, open an attachment, or reply to a message. Hackers develop these emails so that they are very convincing, sending them to millions of people around the world. The pirates have no specific target in mind, nor do they know exactly who will be the victim. They just know that the more they send emails, there will be more people who may be deceived.
The social engineering by direct contact
Even if a hacker can do many things by phone or internet, it is sometimes necessary to go to the field to see for himself the condition of the premises and take a password written on paper or install malware, on the computer of the victim. The hacker must be well equipped for the target realizes nothing.
The appearance will greatly depend on. Suit, tie, well dressed, very clean, briefcase, filled agenda, documents, business card, badge ... He will have to have a certain attitude, look and axis head high. If the hacker takes such risks is that it is determined to get the desired information. He will be very persuasive.
The hacker uses the confidence of a person to obtain information generally about a computer system (operating system version, credit card number, password, etc.). This practice exploits the human and social vulnerabilities of the victim, to which the target computer system is linked.
The classic technique is to appear in a company with a "mission order" to update the antivirus on the desktop assistant, for example. Instead, we will install a keylogger that will capture all passwords entered.
Social engineering is not new and has been around forever, with famous engineers such as Kevin Mitnick and Frank Abagnale. According to Kevin Mitnick: it is easier to exploit human nature than to exploit vulnerabilities in software.
In this article, we'll look to see in detail the different techniques used social engineering hackers.
The social engineering by phone
On the phone, it is easy to be fooled by an individual posing as your telephone company, or even your banker. The goal of the hacker is to have the information as quickly as possible. A good hacker has prepared his character and his speech. With a few well-placed words and the right tone, it will be quite simple for him pretexting. Some hackers have some techniques to enhance their credibility, like playing on a tape a previously recorded tape of office noise, or use a material that changes the timbre of the voice to mimic that of a secretary.
A test performed during the Defcon conference assessed the risk of disclosure of secret information by employees of the company subject to social engineering techniques by phone: 135 employees from 17 large companies including Coca-Cola, Ford, Pepsi, Cisco, Wal-Mart, were tested as part of this hacking contest. The results are shocking, since 96% of them canvassed by telephone, have disclosed information considered "sensitive" version of the operating system, antivirus software and browsers used in the company, etc.
Here is a video tour between the Netherlands and Ukraine or young pirates explain how they are credited EUR 100 000 poor gullible traders using social engineering over the telephone and other techniques.
The social engineering by internet
The social engineering internet is similar to that phone. It can be done by mail enamel by spoofed websites (phishing). Often these attacks begin by sending an email by a hacker claiming to be from someone or something that you know or that you trust, such as a friend or your favorite bank.
These emails make you perform an action such as clicking a link, open an attachment, or reply to a message. Hackers develop these emails so that they are very convincing, sending them to millions of people around the world. The pirates have no specific target in mind, nor do they know exactly who will be the victim. They just know that the more they send emails, there will be more people who may be deceived.
The social engineering by direct contact
Even if a hacker can do many things by phone or internet, it is sometimes necessary to go to the field to see for himself the condition of the premises and take a password written on paper or install malware, on the computer of the victim. The hacker must be well equipped for the target realizes nothing.
The appearance will greatly depend on. Suit, tie, well dressed, very clean, briefcase, filled agenda, documents, business card, badge ... He will have to have a certain attitude, look and axis head high. If the hacker takes such risks is that it is determined to get the desired information. He will be very persuasive.
ConversionConversion EmoticonEmoticon