Operating as a social engineer June 2, 2013

 


  Before I get too wrapped up on the Hometown political scene and what it means to have so many former members of our office involved, I should make a better assessment of what likely occurred in our office when she came to us almost two years ago, and whether or not it was a calculated move, orchestrated by outside forces who needed to influence our editorial policy by having a mole within our organization.

Hacking experts – who usually focus on technical intrusions by black hat hackers – call what she apparently did “Social Engineering” – different from the political stuff we see churned out in colleges as education.

“Social Engineering takes advantage of what’s likely the weakest link in any organization’s information security defenses: people,” one expert concluded recently. “Social Engineering is people hacking; it is maliciously exploiting the trusting nature of human beings to obtain information that can be used for persona and often political gain.”

Social engineering, this expert says, is one of the toughest hacks to pull off.

“It takes bravado and skill to come across as trustworthy to a stranger,” the expert wrote. “By far, it is the toughest things to protect against because, again, people are involved and they’re often making their own security decisions.”

In social engineering, those with ill intent pose as someone else to gain information or position in a company that they cannot gain otherwise. Sometimes social engineers act like confident, knowledgeable managers or executives; at other times, they play the roles of extremely uninformed or naïve employees – such as being a cub reporter.

“Social engineers are great at adapting to their audience,” this expert wrote. “It takes a special type of personality to pull this trick off, often resembling that of a sociopath.”

Many social engineers perform their attacks slowly to avoid suspicion, although many begin their operation against a person through emails, phone calls or texts.

“The methods used depend on the attacker’s stye and abilities,” the writer said. “Either way, you’re at a disadvantage.”

Social engineers often know a little about a lot of things, often using social media to gather information about their target. Social engineers’ knowledge and determination give them the upper hand over management and employees, who don’t realize they are under attack and trust their attackers.

They often operate in an environment where a company has multiple locations, taking advantage of distance between employees.

The target can be anybody in an organization from receptionist to security guards to executives – trickling up.

People who operate the phones and interact with the public are often vulnerable targets since they like to be helpful and share information.

“Because the objective of social engineering is to coerce someone to provide information that leads to ill-gotten gains, anything is possible,” this writer points out.

Social engineering attacks are difficult to detect or protect against. Often, they aren’t well documented. And social engineers are limited only by their imaginations. Many such attacks don’t become obvious until after they have concluded.

“With social engineering, you never know the next method of attack,” the writer says.

Trust is the essence of social engineering.

“Most people trust others until a situation forces them not to,” this writer says. “People want to help one another, especially if trust can be built and the request seems reasonable.”

Most people want to be team players.

“This trust allows social engineers accomplish their goals,” the writer says. “Building deep trust often takes time, but crafter social engineers can gain it within minutes or hours.”

The friendlier social engineers are – without going overboard – the better their chances of getting what they want.

“Social engineers often begin to build a relationship by establishing common interests,” he says.

They often use information they get to determine what the victim likes and then the social engineer pretends to like those things, too.

“They can phone victims or meet them in person and based on information the social engineers have discovered about the person, start talking about local sports teams or how wonderful it is to be single again. A few low key and well-articulated comments can be the start of a nice new relationship.”

The whole hack depends upon believability, which is based in part of the knowledge social engineers have and how likeable they are.”

They often come into an organization as new employees.

“Often they modestly claim authority to influence people,” the writer said. “The most common social engineering trick is to do something nice so that the victim feels obligated to be nice in return or to be a team player for the organization.”

After the social engineers obtain trust of their unsuspecting victims, they coax the victim into providing them with what they wanted in the first place.

“Social engineers do this through face-to-face or electronic communication that victims feel comfortable with, or they use other technology,” the writer says.

Careless or overly anxious social engineers, however, sometimes give themselves away. They act overly friendly or eager. They brag about their growing authority, act nervous when questioned, appear rushed, using insider slang they haven’t achieved yet, asking strange questions, and other things.

“A good social engineer isn’t obvious,” this writer says. “Social engineers often do a favor for someone and then turn around and ask that person whether they mind helping them. This common social engineering trick works pretty well.”

Social engineers also engage in reverse social engineering. They offer to help if a specific problem arises (sometimes something they themselves orchestrated) and helps fix the problem.

“They may come across as heroes, which can further their cause,” he writes. “Social engineers may ask an unsuspecting employee for a favor. Yes – they outright ask for a favor. Many people fall for this trap.”

Technology makes things easier for the social engineer.

“The process of social engineering is pretty basic,” this expert says. “Generally, social engineers discover details about people, organization processes and information systems to perform their attacks. With this information they know what to pursue.”

There are four basic steps to social engineering: doing research on the target person, building trust with that person, exploiting the relationship through words, actions or technology, then use this information or status for personal gain.

“When social engineers have a goal in mind, they typically start the attack by gathering public information about their victim,” he writes. “Many social engineers acquire information slowly over time so that they don’t raise suspicion. However, obvious information gathering it the tip off.”

Sometimes, social engineers gather information about their victim by listening in on conversations or asking others about their victim. They sometimes listen into their victim’s voice mail when their victim I out of the office.

“Never underestimate the power of social engineers and the gullibility of your uses in helping them get their way,” he writes.

Now, a whole year or more later, it becomes obvious that she operated as a social engineer in our office.

The question remains, did she do it on her own behalf (trickling up) or was she operating on behalf of RR or some of the other political people who wanted to control the content of our editorial?

This leads to the next question. Does she still have influence over us in our office? And if so, will she and A, use that influence in the upcoming election.

 

  2012 menu 

 


email to Al Sullivan

Comments

Post a Comment

Popular posts from this blog

Take me to the river July 7th, 2013

Image
  I'll go into the possible inspiration later for this poem she posted today for now she is once more delving into the concept of a row isolation and the struggle to retain strength during several years of adversity her geography is located next to a river named after Henry Hudson as she draws on an important metaphor for life as she lives it similar to an earlier poem that had her kneeling beside the sea in order to let things go, she can no longer retain in her life the wide Hudson with its never ending ripples sits on her doorstep a safe place she goes to breathe new life into her war worn bones and hot raw nerves she goes to the river side to keep from bursting what she is full to spilling and to avoid leaking out and wasting the essence of survival she cannot afford to lose the last few years she says have been truly deep and rough like the storms that rip across the river at times I'm strong she writes but sometimes I'm tired on the shore she watches the ships...
Read more

Cancer for two July 2, 2013

Image
    I touched upon this yesterday, and will likely explore it more in depth in the future because of all the odd things that have transpired in telling this tale over the last year or so, the fact that she and our former temporary boss came up with the same kind of cancer and announced this fact to the world over the same weekend is the oddest of all, increasing suspicion about how they have been connected, even though our temporary boss is doing everything possible to hush it up. This is a type of cancer that is contagious and is often transmitted through oral, something our former temporary boss fully admitted to, only claiming he contracted it at some point prior to his marriage. Since the cancer can lie dormant for decades in some cases, this gave him the needed to keep his marriage from imploding. It appears his diagnosis came about last month as he informed us and the world that he would need surgery to remove the growth from his throat. She made her announcement...
Read more

The mouse trap game June 19, 2013

Image
    It’s a trap; but whose trap is it? At dinner with our former temporary boss, he confirmed he’s still in contact with our poet. Unfortunately, he thinks he’s clever and fed me information about his plans to work for R in the upcoming Hometown election. I might have believed it if only because of my suspicion that our poet is also working for R. But our former temporary boss rarely sounds convincing when he does things like this, making me think he’s still enraged about our poet being forced to resign last October, and would like to get me to compromise myself by feeding this phony bit of information to GA, the Hometown blogger. He has no poker face and so I can clearly see him biting back his rage over the last couple of weeks – just the way he looked a year ago when I threw him under the bus by telling our poet that we had met and talked about her (still one of the stupidest things I’ve ever done.) I’m just not sure what he thinks I’ve done this time to deserve s...
Read more