What is Social Engineering
“The act of manipulating people into performing
actions or divulging confidential information.....
Origin of “Social Engineering”
 Social Engineering this word came in the year of 1894 by a
Dutch guy.
 Social Engineerin...
Some Popular Conn Artists in 20th Century
Victor Lustig
 The person who sold the Eiffel Tower number of times.
 Used current events.
 He made a deal with Scrap D...
Hotel Ritz
Social Engineering 40-50 years ago
Frank Abagnale Jr
Frank Abagnale Jr
 Fake pilot arrested in cockpit.
 He acted as a Lawyer, Doctor and pilot.
 Abagnale‟s cons were often...
Social Engineering in 20th Century
Kevin Mitnick
 20 years ago person named “Kevin Mitnick” brought social
engineering in IT security.
 He is an American S...
Weakest Link
 People are the largest vulnerabilities in any network
 Social engineering is based on decision making of h...
Motivation
 There are variety of motivations exists which includes,
 Financial Gain
 Self-Interest
 Revenge
 External...
Cycle of Events
 It consists of 4 phases
 Information Gathering
 Developing Relationship
 Execution
 Exploitation
Information Gathering
“If you know the enemy and know yourself you
need not fear the results of a hundred battles”
-Sun Tzu
Cycle of Events
 Information Gathering
 A Variety of techniques can be used by an aggressor to
gather information about ...
Cycle of Events
 Exploitation
 The target may then be manipulated by the „trusted‟
aggressor to reveal information (e.g....
How Social Engineering is accomplished
 Telephone
 Online
 Dumpster Diving
 Shoulder Surfing
 Reverse Social Engineer...
How Social Engineering is accomplished
 Telephone
 Using telephones to contact individuals of a company to
persuade them...
How Social Engineering is accomplished
 Shoulder Surfing
 Simply looking over someone‟s shoulder while they are using a
...
Biases
 Biases are nothing but the deviations from a standard of
rationality or good judgments.
 There are many types of...
Preventive Measures
 Organizations must, on an employee/personnel level,
establish frameworks of trust. (i.e.,
When/Where...
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
Upcoming SlideShare
Loading in...5
×

Social Engineering Techniques - The Dark Arts

1,040

Published on

null Hyderabad Chapter - May 2014

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,040
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
248
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Social Engineering Techniques - The Dark Arts

  1. 1. What is Social Engineering “The act of manipulating people into performing actions or divulging confidential information..” Wikipedia (also sourced on social-engineer.org)
  2. 2. Origin of “Social Engineering”  Social Engineering this word came in the year of 1894 by a Dutch guy.  Social Engineering is there 100 years ago also.  The person who do Social Engineering we call as Conn Artists
  3. 3. Some Popular Conn Artists in 20th Century
  4. 4. Victor Lustig  The person who sold the Eiffel Tower number of times.  Used current events.  He made a deal with Scrap Dealers, selling the structure to them for $40,000.  An extremely good deal for buyers – too good to be true
  5. 5. Hotel Ritz
  6. 6. Social Engineering 40-50 years ago
  7. 7. Frank Abagnale Jr
  8. 8. Frank Abagnale Jr  Fake pilot arrested in cockpit.  He acted as a Lawyer, Doctor and pilot.  Abagnale‟s cons were often check frauds.  Did it will work today ?
  9. 9. Social Engineering in 20th Century
  10. 10. Kevin Mitnick  20 years ago person named “Kevin Mitnick” brought social engineering in IT security.  He is an American Security Consultant, author, convicted criminal and Hacker.  According to US department of justice, Kevin gained unauthorized access to dozens of computer networks.
  11. 11. Weakest Link  People are the largest vulnerabilities in any network  Social engineering is based on decision making of human being
  12. 12. Motivation  There are variety of motivations exists which includes,  Financial Gain  Self-Interest  Revenge  External Pressure
  13. 13. Cycle of Events  It consists of 4 phases  Information Gathering  Developing Relationship  Execution  Exploitation
  14. 14. Information Gathering “If you know the enemy and know yourself you need not fear the results of a hundred battles” -Sun Tzu
  15. 15. Cycle of Events  Information Gathering  A Variety of techniques can be used by an aggressor to gather information about the target(s). Once gathered, this information can then be used to build a relationship with either the target or someone important to the success of the attack.  Developing Relationship  An aggressor may freely exploit the willingness of a target to be trusting in order to develop rapport with them. While developing this relationship, the aggressor will position himself into a position of trust which he will then exploit
  16. 16. Cycle of Events  Exploitation  The target may then be manipulated by the „trusted‟ aggressor to reveal information (e.g. passwords) or perform an action (e.g. creating an account or reversing telephone charges) that would not normally occur. This action could be the end of the attack or the beginning of the next stage.  Execution  Once the target has completed the task requested by the aggressor, the cycle is complete.
  17. 17. How Social Engineering is accomplished  Telephone  Online  Dumpster Diving  Shoulder Surfing  Reverse Social Engineering  Persuasion
  18. 18. How Social Engineering is accomplished  Telephone  Using telephones to contact individuals of a company to persuade them to divulge in confidential information.  Online  Persuading or gathering information through the use of an online chat.  Dumpster Diving  Looking for information discarded by a company employees.
  19. 19. How Social Engineering is accomplished  Shoulder Surfing  Simply looking over someone‟s shoulder while they are using a computer.  Reverse Social Engineering  This is a more advanced method of social engineering and is almost always successful.  Persuasion  Persuading someone to give your confidential information either by convincing them you are someone who can be trusted.
  20. 20. Biases  Biases are nothing but the deviations from a standard of rationality or good judgments.  There are many types of biasing, but these five are important ones:  Pretexting  Phishing  IVR or Phone Phishing  Baiting  Tailgating
  21. 21. Preventive Measures  Organizations must, on an employee/personnel level, establish frameworks of trust. (i.e., When/Where/Why/How should sensitive information be handled?)  Organizations must identify which information is sensitive and question its integrity in all forms. (i.e., Social Engineering, Building Security, Computer Security, etc.)  Organizations must establish security protocols for the people who handle sensitive information. (i.e., Paper-Trails for information disclosure and/or forensic crumbs)
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×