Friday, 11 November 2011

What is Social Engineering?





What’s Social engineering?
Social engineering is the art of manipulating people into performing actions or taking confidential information.Social engineering can be any and all of these things, depending upon where you sit. The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system, or taking password of anyone.
 Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact. No matter how many articles are published about network holes, patches, and firewalls, we can only reduce the threat so much by our own sense…
What are the target and how to attack?
 Basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, identity theft, or simply to disrupt the system or network. Typical targets include telephone companies and answering services, big-name corporations and financial institutions, military and government agencies, and hospitals, and peoples account . The Internet boom had its share of industrial engineering attacks in start-ups as well, but attacks generally focus on larger entities.
Social engineering attacks take place on two levels: the physical and the psychological. First, we'll focus on the physical setting for these attacks: the workplace, the phone, your trash, and even on-line. In the workplace, the hacker can simply walk in the door, like in the movies, and pretend to be a maintenance worker or consultant who has access to the organization. Then the intruder struts through the office until he or she finds a few passwords lying around and emerges from the building with ample information to exploit the network from home later that night. Another technique to gain authentication information is to just stand there and watch an oblivious employee type in his password. The most prevalent type of social engineering attack is conducted by phone. A hacker will call up and imitate someone in a position of authority or relevance and gradually pull information out of the user. Help desks are particularly prone to this type of attack. Hackers are able to pretend they are calling from inside the corporation by playing tricks on the PBX or the company operator, so caller-ID is not always the best defense.
 New form of social engineering, Reverse social engineering….
A final, more advanced method of gaining prohibited information is known as “reverse social engineering”. This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around. If researched, planned and executed well, reverse social engineering attacks may offer the hacker an even better chance of obtaining valuable data from the employees; however, this requires a great deal of preparation, research, and pre-hacking to pull off.
According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.
Hope you liked this and can try social engineering your self!!!!But be alert if you are a victim or any one tries to hack your account or your industry system, Your hospital information etc!!!!!!



No comments:

Post a Comment