Sign in with
Sign up | Sign in
Your question

Social Engineering: The Biggest Risk to Internet Security

Last response: in Toms Network
Share
April 27, 2006 2:15:14 PM

We rely on security walls to keep intruders out, while leaving gates so that we can get in and out ourselves. Most hacking involves trying to break down or otherwise sneak past these gates, but the easiest way to get in is to convince the gatekeeper to open the door. In networking security circles, this is known as Social Engineering, and it's something you need to understand.
April 28, 2006 5:23:47 AM

It amazes me how valuable information is so easily accessible over the internet. A mortgage company legitimately purchases leads containing your name, address, social security number and FICO score. The next day, a novice hacker exploits a poorly configured LinkSys router, gains access to the system, and thousands of people have just lost thier identity.

A man goes into an interview. He fills out his paperwork, social security number and all (no one wants to omit it: they are looking for a job after all). The interviewer files the application in a desk and leaves the room to usher in the second interviewer. The interviewee opens the desk and removes all applications from the drawer and places them in his personal briefcase. A few dozen people have just lost thier identity.

A man pretends to be a mailman. He steals the mail from hundreds of local homes. For security reasons, all bills only display the last 4 digits of the social security number. This is coincidentally the same information they use to authenticate you when you call. It's a steady stream of income.

So what's the problem? What's the solution? Legislature. Especially in small companies, it's hard to justify a cisco firewall, and no one thinks to secure job applications in lockable location. The government HAS to force these companies to use proper precautions when handling personal information.

Of course, our government has laready demonstrated thier technical prowess with the Anti-Spam bill. What a joke...

You don't have to be a genius to make a fortune being a cyber-criminal.
May 1, 2006 10:28:01 PM

Quote:
conventional hacking involves breaking this gate down. Social engineering is getting the gate keepers to wave you past with a smile on their faces.


"Conventional" hacking has always involved and depended on social engineering. It's nothing new only now it has mutated somewhat into phishing and such.
!