Social Engineering – Thiyaku's Blog

Social Engineering is the art of Hacking In Real Life. Social engineering is the art of getting people to tell you stuff that they usually wouldn’t disclose, through the use of words and your appearance.

A good Social engineerer (or as I love to call these types of people, “Bullshit artists”), can make people believe nearly anything.

I will use the example of someone trying to get someone’s password:

Now the most important thing is having a believable story. If you go to someone and say “hotmail have requested i get your password for account checking”, then they will most likely tell you to piss off.

One of the most common ways that i use, is “I’m doing a survey”. Make a fake survey, attach it to a clip board, and just walk up to the person and start asking him questions.

For example:
Hi, my name is Alexander, and I am doing a survey on how strong peoples passwords are. You will be surprised at how insecure most people’s passwords are, and you may find it extremely worrying about how insecure your password may be. If you don’t mind, would you allow me to ask you a few questions?

The person will think “insecure personal information” and 9 times out of 10 will agree to talk to you.

Ask them questions like “does your password contain letters numbers and symbols”, “how long is your password” (when they are counting, watch their lips to see if they spell the words/numbers out), etc.

You may also be able to give them the “i also have a good way of calculating how strong your password is. This isn’t necessary but you can give me a password you use most frequently and i can calculate how strong it is”, but that sometimes pushes the bar a little too much.

Prevention of Social Engineering

As you can probably see above, the power of SE can EASILY be used against people. It is always a good idea to be aware of people who you don’t know, but it is also good practice to watch people you DO know. Don’t be getting paranoid about things, because that isn’t what i mean, but SE is the EASIEST way to hack anything.

Here are some tips of keeping safe:

I cant have a complete list, because Social Engineers are constantly changing the ways in which they gain trust.
A few things to look out for:

Something that is too good to be true

If its too good to be true, then it probably is. Always make sure that the person is trusted, or is well known. Hey, don’t just go on that, the person may have fooled everyone, but it is always good to ask yourself “If this is such a good offer, how can he/she be offering it.”

Someone who you never usually talk to has started being really interested in you

They might just have become really interested in you, but what for? If they start asking really strange/personal questions, I would recommend you play the “Playing it hard” game. Ask them the same question as your answer, and refuse to tell them until they tell you. Then just be like “I don’t believe you”. Doesn’t matter if its true or not, but what you have just done is proven to them they aren’t as trusted as they believed they were, even if its only psychological. Then just make up an excuse so you need to go. There are plenty of ways to just get out of something, but i prefer the method where you beat them at their own game. Make it SO much more entertaining =)

Someone you don’t know asks you for your details

Obviously you don’t give them out, you would have to be stupid to do that.

As a rule of thumb, just make sure that the person isn’t trying anything. You will find it hard to pick a real good Social engineerer, but just remember that there are always people out there who aren’t that good, trying it.

Remember: Never give out details, or secure information such as your passwords. Use passwords that aren’t anything to do with your age/DOB/FirstName/Surname etc. All of that can be found too easily.

This Post was written with the beginner in mind, and just defines the basics of the Social Engineering techniques.

Source : Hack PC Online

New instances of phone hacking seem to emerge from Rupert Murdoch’s empire on a daily basis. But are the reports of interest beyond Murdoch and his detractors? Should you, as a consumer, fear that your phone will be hacked?

Not yet. Experts say that it’s still fairly easy to hack into your phone, but unless you’re a celebrity, you’re unlikely to be a target. Don’t get too comfortable, though. The era of safe mobile computing may be coming to an end as smartphones and other mobile devices become more popular than PCs.

For the moment, however, phone hacking is the farm team version of big league PC hacking. Methods — particularly in the case of the Murdoch charges which stretch back a decade in some cases — are pretty old school. Robert Siciliano, a McAfee consultant and identity theft expert, says probably the most prevalent way people hack phones is via “social engineering,” a.k.a. lying. For instance, a would-be hacker might call you and pose as the phone company saying they need to update your account and need your password. Or the hacker might get enough of your information to call the phone company and pose as you.

Steve Santorelli, director of global outreach at the Internet security research group Team Cymru, and former Scotland Yard police officer, says that the Murdoch phone hacks probably didn’t even take that much effort. It’s likely, he says, that the victims left a default password provided by the carrier on their phone and the hackers merely guessed correctly. Santorelli says that some carriers still use default passwords. Lesson: Change your passwords often.

There are, of course, more technologically savvy ways to hack your phone as well. A would-be hacker, for instance, might get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information. Smartphones also provide an opportunity to install monitoring software. iPhone owners are probably the safest in that regard, unless they jailbreak their phones, Siciliano says. Android users are less secure since publishers can upload their apps directly to Android Market. In March, hackers added malicious code to 58 Android apps, infecting 250,000 phones. “Android is more vulnerable because it’s a more open system,” says Siciliano. “While Google does vet its apps, some do slip by that are malicious.”

Once an app is installed, it can record all your calls and texts and, depending on what kind of apps you have and what you do with your phone, possibly get personal data related to banking and credit cards. There are other possibilities as well. A hacker could commandeer your phone into sending thousands of texts or making calls beyond your monthly minutes, causing you to rack up huge bills.

Such attacks are still pretty rare.”The low hanging fruit is still the PC,” says Siciliano. “If you are a criminal hacker, Microsoft’s OS is the most hacked software on the planet.” Yet that could be changing quickly. A recent survey by Flurry showed that consumers are now spending more time on mobile apps than on the web. Another by Mary Meeker of Kleiner Perkins Caufield & Byers estimated that combined tablet and smartphone shipments eclipsed those of desktops and laptops this year for the first time.

Security firms have taken notice. Market research firm Infonetics predicts sales of mobile security software will grow 50% each year through 2014, when it will hit $2 billion. AT&T also plans to start selling a security offering to customers next year.

In short, sometime soon phone hacks may not just be Hugh Grant’s problem. Says Santorelli: “If I had money right now, I’d bet on the Russian mafia. Mobile hacking is going to be huge.”

Source : Mashable.

Share this:

Share this: