An article in Hacker News inspired me to write this blog post.
Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud. (Wikipedia explains in this way but I never understood the meaning of it…) 🙂
Well I explain Social Engineering as “The simplest and most tactical way of making people to believe and making them to do things that they weren’t supposed to…”
There are lot of Social Engineering techniques right from getting a free pizza to getting a 100$ worth product for free from Amazon. (Yes!! There are incidents)
Even there are incidents that I myself tried to sniff others passwords while typing. Huh.. Then think what top social engineers can do!!!
There are events in the past where social engineers entered into highly secured data center rooms with just a few minutes conversation with people…!!! (Same old boring statement but again… “Human is the weakest link ever”)
Unfortunately(but i personally feel fortunately… :-)) these days there’s a ready made baked cake called Social Engineering Tool Kit (no explanation for Linux users) that’s making people to try various techniques for exploiting data and stealing credentials. And even some websites are training people this course for huge lot of bucks naming it as “Social Engineering Framework” (as if it is some .net framework… :-))
Social Engineering (SE) is both incredibly complex and amazingly simple. And once if you start that you’ll even quit your profession and start it as a full time hobby… 🙂
The main point to be stressed is companies like Microsoft are no less to be exceptional in this aspect. Recently a social engineering attack on Skype has almost affected its brand reputation.
Social Engineers are everywhere(like air… 🙂 ). That’s our responsibility to not believe people easily.