Computer Crime Research Center


Hackers and social engineering

Date: October 02, 2007
Source: InfoWorld

When I was a kid, I was fascinated by hypnosis. What could be more appealing to a nerdy 13-year-old boy living in Queens than getting others to do whatever he wanted?

So I read a how-to book, invited a few friends to my house, and put my newfound expertise into practice. At first, nothing worked, then -- wonder of wonders -- my buddy David Finkelstein appeared to go into a trance. Shortly afterward, upon my direction, he began licking his right arm in an attempt to lap up the imaginary ice cream that was dripping onto his sleeve from the equally imaginary Rocky Road cone he was clutching in his hand. My friends were flabbergasted; I instantly achieved minor celebrity status. A week later David admitted to me that he had been faking it the whole time. I returned the hypnosis book to my local library and gave up on the concept of controlling others’ behavior.

I may have abandoned my adolescent dream, but the concept of getting people to do what you want is alive and well. Today, this kind of behavioral manipulation is called “social engineering,” and it has become a favored hacker tool, used for attacking unwary human beings -- the weakest link in any business’s security chain. To help you and your organization avoid the most common social engineering traps, we asked frequent InfoWorld contributor Andrew Brandt to get inside the mind of a typical social engineer and describe how he goes about his nefarious business. The result, “How to think like an online con artist,” provides a rare insider’s view of this murky world.

Much of Brandt’s information comes from professionals who are hired to perform security audits as a way of evaluating a company’s security infrastructure. Despite the stepwise nature of the article, Brandt is emphatic that he would never advocate employing the techniques he describes without getting someone’s permission first. “I wrote this story to illustrate the social engineering techniques that pros use,” he says. “I want to show you what to look out for, not offer a how-to guide on becoming a thief.”
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo