Social Engineering - From the Trojan Horse to Firewalls

Social Engineering is, without a doubt, the oldest computer hack. A loose term defining a range of hacks and scams, social engineering has persisted through countless centuries of human history. Simple in premise, difficult to defend against, and constantly evolving, social engineering represents one of the single greatest threats to information security in the history of technology.

It’s easy to forget that even the most secure firewall combined with the latest and greatest security software is still operated by a human being behind the keyboard. That extra-tight security is only as secure as the person operating the machine. This often presents the easiest method of entry into a secure system, as human beings are much easier to trick than machines.

The ever-changing security landscape doesn’t hinder social engineering hacks. It can even enable them, allowing for more complex and effective methods to gain information from secure systems by using the humans that run them. We’re going to take a look at a few of the more creative social engineering scams seen this year, but first, we need to take a look back in time to get a frame of reference for how this method of manipulation has evolved.

Social engineering is a broad term used to encompass several different types of manipulation, often in the context of confidence tricks. This can be expanded to include a pretty wide range of techniques to influence everything from political or social change to information security.

As it pertains to information security, social engineering is used to obtain access to what would otherwise be a secure system. A tightly locked e-mail server with usernames and passwords, for example, could be cracked with a simple phone call that ends with a password reset in the hacker’s favor.

Gaining the credentials to use the company web portal with a similar technique would be another. These attacks are easy to defend against in theory, but in practice, it’s in our nature to fudge the rules a bit when we’re sympathetic to someone’s plight. Who hasn’t forgotten their login credentials once or twice in the middle of a crucial project that needed to be finished by a deadline?

This kind of manipulation of human empathy is what makes social engineering so successful. The best defense is strictly informed and enforced best security practices to counter this kind of manipulation. The use of emotional manipulation to gain access to otherwise secure locations goes back centuries, and it takes a coordinated defense to ensure things stay properly secured.

The year is 800 B.C. A decade-long war has raged between two ancient nations. The conflict comes to an end when, playing on pride, the general of one army offers a gift to the opposing nation-state’s city: A large wooden horse. The horse is loaded with elite infantry who overwhelm the city’s troops in the dead of night and allow the invading forces to crush the city’s drunken defenses.

While the story of the Trojan Horse probably isn’t real, it’s one of the earliest literary examples of a successful social engineering hack. It’s so ubiquitous in computer security that we even named a virus after it: the Trojan Horse is used as a backdoor method of entry into an otherwise secure system. It highlights that even over two-thousand years ago, the idea of misdirection and manipulation to breach security had already been established.

Moving forward a couple thousand years and a few leaps forward in technology, a more modern-day definition of social engineering began to take place. Brought into the public’s eye by rogue black hat-turned-white hat hacker Kevin Mitnick, social engineering was coined as an information security term around the mid-60’s, when a much younger Mitnick began exploiting the technique to run circles around the FBI for decades.

In several books on the subject, Mitnick outlines...

To read the full article, and others written by Columbia University Students, please refer to the source.

Source: Nexus

Topics: Social Engineering, Speaking Engagements, Surfshark, VPN, cyber security, greatest security threat, natural desire to help, operating guidelines, Password Management, phone phreaking, scams, Trojan Horse, Data Breach, Kevin Mitnick, malicious software, National Institute of Standards and Technology

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg