ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Inside the mind of a social engineer

Davey Winder looks into how a social engineer’s brain works and what tactics they use to manipulate people into becoming hack victims.

By Davey Winder, 30 Jul 2010 at 12:21

Inside the mind of a social engineer
Inside the mind of a social engineer gallery

The Slug: The not so high-flyers, or those already passed over for promotion, go into autopilot and just go through the motions. I always agree with these slugs in that life is unfair and befriend them by sharing my own woes with them. In return they share theirs and away we go.

The Sheep: Then come the rest of the crowd, those on the lower rungs of the ladder. Their behaviour is driven by human nature rather their position in the company. Human nature predicates that we accommodate our fellow humans and try to be nice and helpful; it is less effort to say ‘yes’ as a ‘no’ could lead to conflict.

Case Study: VeriSign attack

Ramses Martinez, director of Information Security for VeriSign, is also a member of FIRST, a body which brings together internet emergency response teams from more than 200 corporations, government bodies, universities and other institutions around the world.

He told IT PRO how, in late 2009, VeriSign was subjected to an unsuccessful, yet sophisticated social engineering attack.

"In this case the person, or people responsible, employed a number of tactics - some quite technically sophisticated - in an attempt to hijack a registrar's access to the registry,” said Martinez.

“The attacker created a VOIP infrastructure that he used for all voice communication with the customer service desk during the attack. He also compromised a number of personal computers, which he then used to conduct all IM chats with the customer service desk. All of these systems were in a geographical region (at an ISP) near the person he was impersonating.”

“He provided very specific and sensitive information relevant to the person he was pretending to be – this was done in an attempt to convince the customer service representative that he (the attacker) should be granted access to the data he was requesting. We suspect that he prepared for the attack by using open sources and the knowledge of the DNS industry that he likely gained through several attacks he had conducted in the past against entities other than VeriSign."

Previous
1 2 3
Next

Email to a friend

Print this page

< Previous   Security : Analysis & Insight Next >

Be the first to comment on this article

You need to Login or Register to comment.

    You may also like...

 Sponsored Links

advertisement

    You may also like...

    Latest Security News

Cloud computing

Huddle: Amazon, Google clouds not Government ready

Huddle claims big public cloud vendors don't offer enough security to be used by central Government.

Read more

 

More Security News

    Latest Security Tutorials

PC on a drip (virus protection)

How to protect a group of office PCs from viruses

Safeguarding multiple office computers from malware doesn't have to be difficult or expensive, as Simon Edwards shows in our step-by-step guide.

Read more

 

More Security Tutorials

advertisement

    Most popular

    Latest Analysis & Insight Videos in Security

Cloud Security

Why security should top the cloud agenda

Play Why security should top the cloud agenda   Play

Security should always be paramount in business, but with a cloud based infrastructure it’s arguably even more important. Steve Cassidy and...

 
Sponsored Links
Advertisement