Tuesday, February 18, 2014

Part II-1: Social Engineer

Engineers are those who build things. Social engineers build society for you. They are harmful because the society they built for you isn’t the real one.
Society is comprised of people, and their interaction  around you. Real society gives you purpose of life. Society created by social engineers makes you want to be a part of it, when, in fact, it doesn’t really exists.

Social Engineer in Our Society

Socially engineered schemes are quite common. We often see emails from exotic countries claiming that the senders want to inherit millions of dollars but having legal issues in their countries. They need you to open account for them with, say, 10,000 dollars. In return, they will give you a big portion of their inheritance. If you do what they say, you will never hear from them again. Another common example is when an attacker claims to call from your bank, asking you for your personal information, e.g., date of birth or social security number. If you give out those information, your identity will be stolen.

These are quite common attack. But, what may seem more innocuous are your parent. Well, your parent use every means to manipulate you to do things they seem fit, regardless of what you want to do. It may be because of  their good will. But you should know that you have been socially engineered since birth.

About Social Engineers

We tend  to believe social engineers because

  • They dress nicely to make a good impression.
  • They are very good at finding out what ticks you. 
  • They offer help to establish rapport. 

What about Computer Hackers

     When talking about security, a lot of people think about computers, firewalls, servers, and so on. They want to protect themselves from computer hackers. But computers are just a part of our life. A bigger part of our life consists of non-computer stuff. And, this is the target of most social engineers. Social engineers can make us give out information we don’t want to give out. They can make us do what we don’t want to do. They are far more widespread and more dangerous than computer hackers. Social engineers armed with computer skill are even more  dangerous.

Disgruntled Employees

     One of the fallacy is that the greatest threat is from hackers. Insiders are far more dangerous. These people know a lot about your system and internal lingo. They can easily deceive other employees into revealing secret information.
Disgruntled employees are those who resent the employer or the company for firing them. They will seek revenge and are very likely to succeed, since they know a lot of inside information. At the minimum, when an employee leaves the company, you should have a guard accompany that person while he or she is collecting his or her personal belonging. Be with him or her, until he or she leaves the facility. At the same time, revoke all his or her electronic identification and permission (e.g., name, email, permission to servers) from the company’s systems.

Source: The Art of Deception: Controlling the Human Element of Security

Book or Audiobooks?

          Personally, I prefer audiobooks. It's fun, and I can listen when I'm doing something else. It also makes other activities (e.g., jogging) a lot more fun. For more detail about audiobooks, please read [this post].   
          There is one more reason that may encourage you to go for the audiobook version. You can get it now for FREE. Audible offers you a free trial for 14 days. Even if you get the book and cancel the subscription right away (so that you don't have to pay), you can keep the book. And, don't worry if you lost the audiobook file. Just log into audible.com. You can keep downloading the over and over again.

    About the summary: It takes time to finish up a book. And, when you do, sometimes, you want to review what you learn from the book. If you do not make  notes as you read, you might have to go through the book once again. This can be time-consuming when you are dealing with a book. But you can still flip through the book and locate what you are looking for.

However, when the material is an audiobook, it is extremely hard to locate a specific part of content. Most likely you will have to listen to the entire audiobook once again.

This book summary will help solve the pain of having to go through the book all over again.

I am leaving out the details of the books. Most books have interesting examples and case studies, not included here. Reading the original book would be much more entertaining and enlightening. If you like the summary, you may want to get the original from the source below.

No comments:

Post a Comment