Definition of Social Engineering

When we watch the typical white-collar robbery movie, we don't hesitate to empathize with the thief's character for his wit, his class and elegance, and the apparent safety of their acts, based not on the violencebut in cunning deception and audacious mockery of the system.

But let's put ourselves in the victim's shoes for a moment. Would it bother us if, for example, someone impersonated a co-worker from the same company and steals our building access codes to enter at night and steal?

More than bothering me, it would give me a superb fit of anger, both for the fact itself, and for how I have been mocked. Welcome to the world of social engineering.

The so-called "social engineering" consists of the art of impersonating someone to trick a person into open access to your computer, his account in an online service, or facilitate in any way the work of the cybercriminal

One of the most famous hackers for using these techniques that do not involve any technical knowledge (but the good hacker must know how to combine with them) was Kevin Mitnick.

In the mid-90s of the last century, Mitnick starred alongside his pursuer, another hacker called Tsutomu Shimomura, a game of the mouse and the cat after the first committed, among others, some crime of theft using social engineering.

The case of a well-known mobile phone company from which it stole the firmware of a modem after calling its facilities, talking to the security guard, stands out. safety on duty, and persuade him that he was a member of the company's staff, that he had to deliver an urgent job to Monday (it was a Friday night) and please give him the private modem number for the executives of the company.

After arguing that his bosses were not very happy with him and that dismissal was at stake and hinting at the problems that this would mean for the company. family of the character that had been created, Mitnick managed to soften the heart from the security guard, who gave him the number reserved for company personnel to connect via modem.

Social engineering does not necessarily involve technical knowledge, although it is generally used by the same person who “finishes the job” at a technical level, or by others who do buddies

They are social engineering practices, for example, calls from Microsoft technical assumptions who claim to have remotely located a problem in our computer and that you can solve it (upon payment, of course), if we let them access it remotely.

Needless to say, never do it. There is no technique that infallibly counteracts social engineering.

The best way not to fall for social engineering tricks is to think carefully about what they have told us and our answer before giving it, be prudent and doubt everything a little

Social engineering is also sometimes used by those people who call from the call centers of the telephone operators and who offer us to improve our invoice but trying not to refer to specific prices or indicating that, in reality, what they are looking for is to change us to another operator, of which they take care not to say their Name.

We must be very careful with social engineering, since we can protect ourselves from attacks on our computer systems by installing a antivirus, patching the holes in the software, or hiring a professional in the field and, ultimately and whenever possible, disconnecting the computer from the electricity.

But, as I said before, there is no formula for social engineering to protect yourself, it is to see it come and be attentive.

Photos: Fotolia - philllbg / comicsans

Topics in Social Engineering