Social Engineering

Only available on StudyMode
  • Download(s) : 180
  • Published : January 28, 2012
Open Document
Text Preview
Identity Theft: Social Engineering
December 5, 2011
Daniel Sama & Stacey Smith Sr
Computer Ethics CIS-324, Fall 2011
Strayer University
Identity Theft: Social Engineering
December 5, 2011
Daniel Sama & Stacey Smith Sr
Computer Ethics CIS-324, Fall 2011
Strayer University

Abstract
Social Engineering from the outset may seem like a topic one might hear when talking about sociology or psychology, when in fact it is a form of identity theft. To an information technology (IT) professional, Social Engineering is a form of voluntary, unintentional identity theft. Many victims fail to realize they are being victimized until it is too late, while many others may never know. This paper will provide a definition of social engineering as it applies to information technology while introducing some the pioneers of social engineering; those who have, essentially, written the book on social engineering. We will provide real world examples of how social engineers apply their trade and provide important points to consider with regards to social engineering attacks. In conclusion we will propose counter-measures, which individuals and organizations should take in order to guard against social engineering.

Social Engineering as defined by IT professionals is the practice of deceiving someone, either in person, over the phone or using a computer, with the express intent of breaching some level of security, either personal or professional (Ledford, 2011.) Implementing quality risk analysis solutions while maintaining data integrity is a crucial element of successful system modeling; within the context of social engineering in the workplace, there are several factors that can make implementing those solutions rather challenging. Social engineering is a type of intrusion, which relies heavily on human interaction and usually involves the tricking of other people to break normal, everyday security policies. Social engineers (SE) often prey on the natural helpfulness of other people. When analyzing and attempting to conduct a particular attack, a SE will commonly appeal to vanity or authority as well as simple eavesdropping to acquire the desired information. Social engineering, in a nutshell is a hacker’s clever manipulation of the natural human tendency to trust. This will provide the unauthorized access to the valued information, system or machine. “Never interrupt your enemy when he is making a mistake” (Bonaparte, n.d.) This is a mantra for all successful SE’s, as they take any and all information about and from a target for later use against said target. The SE will gather as much information as possible about their target in advance, most of which is readily available online, usually, with just a few keystrokes; anything from hobbies to their favorite lunchtime meal. This information helps build a connection and instills trust with the target. With this trust, seemingly innocuous information will come flooding out of the target. Akin to fictional spies like James Bond and Michael Weston, SE’s assume a persona that is not their own and attempt to establish with their target a reasonable justification to fulfill a request. The aforementioned tactics allow the SE to maintain the façade and leave an out to avoid burning his or her information source. Bottom line; a good SE is a good actor. “All of the firewalls and encryption in the world will never stop a gifted social engineer from rifling a corporate database or an irate employee from crashing the system,” says pioneer Kevin Mitnick, the world’s most celebrated hacker who popularized the term. Mitnick firmly states in his two books The Art of Deception and The Art of Intrusion that it’s much easier to trick someone into giving a password for a system than spending the time using a brute force hack or other more traditional means to compromise the integrity of sensitive data. Mitnick who was a world famous controversial computer hacker in the late 1980’s...
tracking img