Skip to main content

Hacking tutorial part-3 (Introduction to social engineering !)

By
How to hack using Social Engineering
The human mind is not immune from ]hacking. Social engineering is the art of tricking users into performing certain harmful activities or revealing confidential information to attackers. Knowing the tricks used by hackers to trick users into releasing vital login information among others is fundamental in protecting computer systems
In this article, we will introduce you to the common social engineering techniques and how you can come up with security measures to counter them.

What is social engineering?
Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain un-authorized access to a computer system. The term can also include activities such as exploiting human kindness, greed and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.

HERE,
Gather Information: This is the first stage, the learns as much as he can about the intended victiom. The information is gathered from company web sites, other publications and sometimes by talking to the users of the target system.
Plan Attack: The attackers outline how he/she intends to execute the attack
Acquire Tools: These include computer programs that an attacker will use when launching the attack.
Attack: Exploit the weaknesses in the target system.
Use acquired knowledge: Information gathered during the social engineering tactics such as pet names, birthdates of the organization founders etc is used in attacks such as password guessing.

Common Social Engineering Techniques:
Social engineering techniques can take many forms. The following is the list of the commonly used techniques.
  • Familiarity Exploit: Users are less suspicious of people they are familiar with. An attacker can familiarize him/herself with the users of the target system prior to the social engineering attack. The attacker may interact with users during meals, when users are smoking he may join, on social events etc. This makes the attacker familiar to the users. Let’s suppose that the user works into a building that requires an access code or card to gain access, the attacker may follow the users as they enter such places. The users are most like to hold the door open for the attacker to go in as they are familiar with them. The attacker can also ask for answers to questions such as where you met your spouse, the name of your high school math teacher etc. The users are most likely to reveal answers as they trust the familiar face. This information could be used to hack email accounts and other accounts that ask similar questions if one forgets their password.
  • Intimidating Circumstances: People tend to avoid people who intimidate others around them. Using this technique, the attacker may pretend to have a heated argument on phone or with an accomplice in the scheme. The attacker may then ask users for information which would be used to compromise the security of the users’ system. The users are most likely give the correct answers just to avoid having a confrontation with the attacker. This technique can also be used to avoid been checked at a security check point.
  • Phishing: This technique uses trickery and deceit to obtain private data from users. The social engineer may try to impersonate a genuine website such as yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.
  • Tailgating: This technique involves following users behind as they enter restricted areas. As a human courtesy, the user is most likely to let the social engineer inside the restricted area.
  • Exploiting human curiosity: Using this technique, the social engineer may deliberately drop a virus infected flash disk in an area where the users can easily pick it up. The user will most likely plug the flash disk into the computer. The flash disk may auto run the virus or the user may be tempted to open a file with a name such as Employees Revaluation Report 2013.docx which may actually be an infected file.
  • Exploiting human greed: Using this technique, the social engineer may lure the user with promises of making a lot of money online by filling in a form and confirm their details using credit card details etc.
Social Engineering Counter Measures
Most techniques employed by social engineers involve manipulating human biases. To counter such techniques, an organization can;
  • To counter the familiarity exploit, the users must be trained to not substitute familiarity with security measures. Even the people that they are familiar with must prove that they have the authorization to access certain areas and information.
  • To counter intimidating circumstances attacks, users must be trained to identify social engineering techniques that fish for sensitive information and politely say no.
  • To counterphishing techniques, most sites such as yahoo use secure connections to encrypt data and prove that they are who they claim to be. Checking the URL may help you spot fake sites. Avoid responding to emails that request you to provide personal information.
  • To counter tailgating attacks, users must be trained not to let others use their security clearance to gain access to restricted areas. Each user must use their own access clearance. 
  • To counter human curiosity, it’s better to submit picked up flash disks to system administrators who should scan them for viruses or other infection preferably on an isolated machine.
  • To counter techniques that exploit human greed, employees must be trained on the dangers of falling for such scams.
Summary
  • Social engineering is the art of exploiting the human elements to gain access to un-authorized resources.
  • Social engineers use a number of techniques to fool the users into revealing sensitive information.
  • Organizations must have security policies that have social engineering counter measures.
To visit previous parts click here !

Thank you !

Labels:

Comments

Post a Comment

Popular posts from this blog

COMPUTER ASSISTED KNEE REPLACEMENT

By
  COMPUTER ASSISTED KNEE REPLACEMENT What is Knee Replacement Surgery? Knee Replacement is a surgical procedure for replacing the damaged area of the knee joint. A component of metal and plastic is used to replace the damaged area of the knee joint. Through this Knee Replacement Surgery, the patient can relieve pain and disability. Computer Assisted Knee Replacement A computer is utilized to achieve the desired accuracy during a knee replacement surgery .  How does Knee Replacement work? The crucial part of the knee replacement surgery is the proper positioning of the components of the new joint. The surgeon is assisted by the computer to position the components of the new joint accurately, thereby bringing this type of surgery the name  “computer-assisted surgery” . Similar to an autopilot which assists the pilots or a GPRS that aids the driver to reach their destination easily and safely, computer helps the surgeon to achieve the desired accuracy during knee replacement...
Post a Comment
Read more

FIX THERE IS A PROBLEM PARSING THE PACKAGE ERROR

By
Android is the most popular Mobile Operating System today. The reason is because of its Versatility, User Friendly and Easy to Use for all Users. There is not Doubt that Most People Prefer Android ahead of other Mobile Operating System. But this Doesn’t Mean you will never Face any Problem or Error while using Android Smartphones. We all like to Install Different apps or Games in our android smartphones but Sometimes while installing you my be Displayed an Error which says “ There is a Problem Parsing the Package ” So if you face this kind of error while Installing any App or Game in your Android smartphone and want to get rid of it, then Do not worry because here in this article i am going to discuss About this error, The Reason and How to Fix it Etc. REASONS OF THERE IS A PROBLEM PARSING THE PACKAGE ERROR The Downloaded .apk file is Currupted or not fully downloaded You might have turned off “Allow installation of apps from Unknown Sources” If the App...
Post a Comment
Read more

ACL RECONSTRUCTION SURGERY

By
  Arthroscopic Anatomical ACL Reconstruction During the past decade, the anterior cruciate ligament (ACL) has become a familiar term. The ACL is the main stabilizer of the knee joint during abrupt change in direction. With the increase in sports participation, injury to the ACL has become one of the most common sports injuries. The operative treatment has evolved from open procedures to arthroscopically performed outpatient procedures with early weight bearing. What happens if the ACL is torn? The knee becomes unstable while abruptly changing direction. Many authors have stated that the ACL injury is career ending for the athletes. Ireland calls this a "heart attack of the knee . Why does the ACL fail to heal? Unlike other ligaments about the joint, the ACL passes through the joint and is surrounded by joint fluid. Other ligaments heal by scar formation This fluid is designed to dissolve and prevent blood clotting within the joint Without blood clot, scar tissue does not form. The...
Post a Comment
Read more