SOCIAL
ENGINEERING
The
Art of Exploiting the Weakest Chain of Security, Why try the Harder part when
the Weaker Part is there to Hack.
The
basic goals of social engineering are the same as hacking in general: to gain
unauthorized access to systems or information in order to commit fraud, network
intrusion, industrial espionage, identity theft, or simply to disrupt the
system or network. Typical targets include telephone companies and answering
services, big-name corporations and financial institutions, military and
government agencies, and hospitals. The Internet boom had its share of
industrial engineering attacks in start-ups as well, but attacks generally
focus on larger entities.
Finding
good, real-life examples of social engineering attacks is difficult. Target
organizations either do not want to admit that they have been victimized (after
all, to admit a fundamental security breach is not only embarrassing, it may
damaging to the organization’s reputation) and/or the attack was not well
documented so that nobody is really sure whether there was a social engineering
attack or not.
As
for why organizations are targeted through social engineering – well, it’s
often an easier way to gain illicit access than are many forms of technical
hacking. Even for technical people, it’s often much simpler to just pick up the
phone and ask someone for his password. And most often, that’s just what a
hacker will do.
Social
engineering attacks take place on two levels: the physical and the
psychological. First, we'll focus on the physical setting for these attacks:
the workplace, the phone, your trash, and even on-line. In the workplace, the
hacker can simply walk in the door, like in the movies, and pretend to be a
maintenance worker or consultant who has access to the organization. Then the
intruder struts through the office until he or she finds a few passwords lying
around and emerges from the building with ample information to exploit the
network from home later that night. Another technique to gain authentication information
is to just stand there and watch an oblivious employee type in his password.
Tools
for Social Engineering.
Back
Track 4 and 5 has some awesome tools which can create phishing pages and fake
Domain Name systems within Minutes. Video links
Contact => www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment