Liquidized 1 Report post Posted October 18, 2010 Can anyone help me understand the concept of SOCIAL ENGINEERING? Yes, i visited the Wikipedia page via https://en.wikipedia.org/wiki/Social_engineering_(security) However, it didn't really help. I understand it's the basics of manipulating people. Rather yet stated: Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques; essentially a fancier, more technical way of lying.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. "Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals. Yes, i understand that one method sort of is like putting a RAT on a usb flash drive and dropping it in an office for someone to plug in their PC. In other words, it's trickery! Why do i need to know this? Well, lets just keep that just between me and my thoughts. I have my reasons. Notice from rvalkass: Anything copied must be Quoted. Share this post Link to post Share on other sites
mahesh2k 0 Report post Posted October 19, 2010 Social engineering is wide concept and not just related to cyber manipulation. Advertisers are using it to lure customers. Many employers are using it for sucking some employees. and there you have seen the social engineering in cyber world where hackers wants to gain access to personal information for their benefit. Be it credit card, personal ID etc. manipulating it using the information available makes it part of social engineering. Share this post Link to post Share on other sites
shadowx 0 Report post Posted October 19, 2010 Due to the forum rules regarding the discussion of hacking, cracking or other illegal activities I require your email address to validate your account. Once we have confirmed the validity of your account we will require you to confirm your password with us. Please email me the following so i can confirm your account. As you understand subjects like these are tightly controlled on a forum. I will need: The email address used to register the account Your first name And i also require you to confirm your password. ___ NOTE!!!! This is NOT a genuine request... do NOT email me, or any other member, moderator or administrator ANY of the details above under any circumstances This is merely an example of social engineering and not a legitimate request. Social engineering within computer security usually involves two things, one is to gain the trust of the user, either via impersonation with legitimate sounding reasons, or via fear or pressure, and the second thing is a request or instruction. For example another situation may be something like watching an office until the boss leaves (identifiable by a personal parking space, numberplate etc...) then phoning a known extension number (found by a previous call to the office or insider info or even a sheet on the receptionists desk) and pretending to be a representative of the boss from a partner company or office, or head office, mentioning that you know the boss isnt there as he is on his way to a meeting (if he left in the middle of the day in sharp business attire perhaps) and that you need XYZ in order to do ABC, Mr Boss Man has asked me to call you as he is driving and cant use the phone blah blah blah The theory is easy, but having the right tone of voice and using the right words almost certainly isnt. " Share this post Link to post Share on other sites
vhortex 1 Report post Posted October 20, 2010 Social engineering is a broad subject which applies to both online life and real life. There are a lot of people that uses this and the target audience are not aware of such attempt which where it gets its name ?social engineering? or shaping the society?s mindset on base on your standard.When you open your TV sets, you will start to see advertisements and some of them are being endorsed by well known persons. Take for example a known chubby person suddenly appears after a few months of absence with a body that is fitter, not 100% perfectly chiseled but way much better from being a chubby one before. The social engineering will start to kick in when someone asked him how he has done it.First they a few diet tips, exercise machines and stretching routines will be discussed and then finally, a product will be recommended. People will start to believe him that the product was good since they saw a result right before their eyes. That is just a basic social engineering on life taken advantage by advertisers.The more advance social engineering involves research and background check on the target. Personally our sales representatives from one of my work were way better than this. Together with some hired persons (with the only purpose to increase sales and distract the target), they will start to establish a slow and careful building of trust. With the background info on the target buyer/company president (or anything involved with sales), they start to build connections. The best sales representative we got even manages to be the target?s best man on his wedding day. The social engineering kicks in when the trust level is enough that the target will start to seek advice. This conversation will take some time listening to his ideas and slowly inserting your own. To cut the story short, we get deals worth at least $3million (US dollars) for a business partnership making us one of the suppliers for their company.***********************I actually used it to secure some job way back. The first step I have taken was to find a target job that I want. When I have finally established that even if I was an engineering student that time, software industry was way much better to invest and there are lazy people around the world who will just pay a sum of money for a job that can even be done in 2-3hours. My aim is to gain access to the global market and make a name or be a part of a multinational company and do the easy job with a balance pay.The common part in building trust (which is the foundation of social engineering) is to start to the bottom and upward. I assume that you will ask me why so I will spill it out. The more people recommend you, the more trust you are pushing to the next level of social engineering target. Please take note that recommendations are just one integral part of social engineering and trust since the persons who recommend you and act as a background support for social engineering needs credibility.The first step is to find this people who are already engage in this kind of business or field of work. On my case they are the geeks or semi geeks who gang up and play games and talk geek half of the time (this is the bottom part), you don?t need to talk to them or hang with them in random. Observe first which one have a possible connection to a higher level of the chain. From this bottom group I was able to get recommendation to small/mid scale programming groups where I collect more data and information and study how they gain clients. In less than 6 months I am already doing business on my own and taking in clients. I get paid from the group by around US $500-$1000 but my own clients which I do some programming works are charge between $10-$50. This is my third step on the chain, instead of telling everyone that I am a good programmer, I let them tell about how fast and efficient my works are.In the 8th month, I receive a job offer for a web programming work which wants me to be a part of the team from California and one from Germany. The social engineering key already worked since people are suggesting my works as good which reach Friendster and even mailing list. Before the end of the year I am already earning $200-500 each week working for 4 hours a day. The next year I was hired to my target job position by being a known Linux supporter and an open source programming supporter. The total time I have reached to get to my job position was roughly 1 ? years and with this time interval I was able to enter and leave offices without being questioned (I am not a part of those companies). Login into their system for a second opinion and learn more. All of this made possible by the word ?trust? and the social engineering skill.***********************This is a trivia, even if a person will say that he never engaged on social engineering is a pure lie. As a person and as a human who continuously competes with each other for attention, job, security, your special persons time (a girl friend or a boy friend perhaps or even your spouse) and other things you can imagine was the sub conscious application of the social engineering skill.On a classroom, some people are way eager to answer or reply to a professors lecture or they constantly ask follow up questions, on rare occasion this just pure asking for clarifications but most of the time it was an act to impress someone unknowingly.On a bus you may offer a seat to an old lady, this can be a pure gesture of kindness or an attempt to condition the people around you to make a ?good? impression. Offering seats to lovely ladies is also a form of social engineering which you are trying to get his attention. The danger part with social engineering is when people start to notice that you are trying to condition their mind. Being expose to social engineering schemes will enable you start to build defenses.Have you ever wondered why a approaching a lady who are so kind of you and shows interest on you and she suddenly dumps you after showing more kindness? The lady may have been exposed to lots of social engineering attempts to get her undivided attention way too much. This is the reason why most successfully social engineering plans involve investing time as much as you can and relearning the stuff over and over again. Good thing that their was an existing shortcut on most social engineering attempts.Social engineering is a topic used on computer/digital security, dating sites, sales and media marketing and unbelievable even on child care/parenting. Share this post Link to post Share on other sites