Social Engineering – Another kind Of Hacking
Computer break-ins are mostly mistaken by the average computer users for being purely technical, due to the technical flaws that intruders can exploit to gain access to computer systems. But in reality, social engineering has a major role to play in enabling an attacker to slip past the initial security barriers. It is often due to the lack of awareness of computer users and their carelessness that make it easy for attackers to enter systems to which they have no authorized access.
Social engineering in computer security is a non-technical intrusion that depends mainly on human interaction. It involves deception, which misleads people into breaking normal security procedures. Social engineers can be said to indulge in con games.
Social engineering has a lot in common with the business of hacking, particularly in the context of its objective of securing unauthorized access to data or systems, for committing hoax, network invasion, identity theft, industrial espionage, or merely disruption of the network or just the system. Telephone companies, answering services; major corporations, financial institutions, military, government agencies and hospitals are typical targets for social engineers. With the Internet boom there were plenty of industrial engineering attacks in start-ups even though larger entities are more likely to be targeted.
Newcomers to social engineering are surprised at the ease involved in carrying out their intrusions. However most people with natural skills for social engineering may not be the type one can trust and invite to one's home. Social engineering involves lying and those who have the ability to do it well are very likely to resort to it again and again.
As the human element plays a key role in social engineering, the solution is to put yourself in the place of the hacker and try to see things from his point of view. History suggests that the motivation is about intellectual challenge, bragging rights, access to sensitive information, mere curiosity or the one that is feared the most, malicious intent. Once the motive can be ascertained, you are in a better position to take the right precautions and protect your computer against social engineers from exploiting our weaknesses.
Related article: SoCal Computer Hack Traces to Watsonville
» SPAMfighter News - 25-08-2006