Cat Techie

Monday, November 29, 2010

Social engineering- an act of manipulation


 “The term had previously been associated with the social sciences, but its usage has caught on among computer professionals. Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.

Social Engineering is defined as the process of deceiving people into giving away access or confidential information. Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
I keep a simple mindset for this: Any stranger, who is interested in you, wants something from you, and it probably isn't you. This article is about manipulation of individuals. For social engineering in terms of influencing popular behavior, Social engineering has become passion of many hackers. There are many successful hackers they have perfect nag over this subject. To deal with these kinds of physiological attacks you need to have special skills. Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. Social Engineering is tricking people into doing something you want them to, so it's been around since the beginning of time. The person who brought it into common knowledge was Kevin Mitnick one of the most famous hackers in history wanted by the U.S. Marshalls and after a while caught by them. As his parole he couldn't profit from his experience with hacking for ten years meaning he couldn't write any books, but after the ten years he wrote the Art of Deception which is a great book and has great stories of social engineering. The idea of black ops hypnosis, also known as underground hypnosis or covert hypnosis is to manipulate other people using only your mind. The difference between this technique to that of traditional hypnosis is that, you can use black ops on covert occasions. Meaning you can use this technique on any social gathering such as meetings, parties, interviews among others. However in traditional hypnosis, the hypnotist requires an approval to let him manipulate your mind to identify the causes of your problems. There are strategies in order to be an effective mind manipulator. Of the most common technique are the Majors. This is the first black ops hypnosis invented which are comprised of four main strategies: hypnosis, neuro-linguistic programming or NLP, social Engineering, and seduction. The majors are used as a preparation to make other people (persons you are talking to) be manipulated at your own advantage. The strategies listed for the majors are divided into four arts.
These are the following: alpha functions, this is a tactic to make you the Alpha Male or Female in any social gathering through the use of the social engineering; The Iron Man Pattern on the other hand is a technique to achieve humongous chutzpah; The black mirror operation deals more on making the other person like you in a blink of an eye; and lastly, the no cleaver technique is use to let someone into a limbo without him/her knowing about it. In order to be a practitioner of the Black Ops Hypnosis, you can research the Internet or go to your library. There are a lot of hardbound books and digital books that provide information regarding this skill.But in order to achieve definite results, make sure that you are giving your 100% to learn everything regarding this infamous technique. If you are interested in learning hypnosis, I recommend Igor Ledochowski's The Power Of Conversational Hypnosis. Igor is a master of hypnosis and has taught in many seminars. Check out the power of conversational hypnosis review here. The idea of black ops hypnosis, also known as underground hypnosis or covert hypnosis, is to manipulate other people using only your mind. The difference between this technique to that of traditional hypnosis is that, you can use black ops on covert occasions. Meaning you can use this technique on any social gathering such as meetings, parties, interviews among others. However in traditional hypnosis, the hypnotist requires an approval to let him manipulate your mind to identify the causes of your problems. There are strategies in order to be an effective mind manipulator. Of the most common technique are the Majors. This is the first black ops hypnosis invented which is comprised of four main strategies: hypnosis, neuron-linguistic programming or NLP, social Engineering, and seduction. The majors are used as a preparation to make other people (persons you are talking to) be manipulated at your own advantage. The strategies listed for the majors are divided into four arts.These are the following: alpha functions, this is a tactic to make you the Alpha Male or Female in any social gathering through the use of the social engineering; The Iron Man Pattern on the other hand is a technique to achieve humongous chutzpah; The black mirror operation deals more on making the other person like you in a blink of an eye; and lastly, the no cleaver technique is use to let someone into a limbo without him/her knowing about it.
In order to be a practitioner of the Black Ops Hypnosis, you can research the Internet or go to your library. There are a lot of hardbound books and digital books that provide information regarding this skill.But in order to achieve definite results, make sure that you are giving your 100 % to learn everything regarding this infamous technique. Do you think 007 movies employ some social engineering methods in some James Bond missions? Do you know that 89.7% percent of emails coming to you about get rich quick themes are spam? The attacks are no longer just in emails, now the use of images, logos and known company names are employed. The attack exploits vulnerability in 2Wire modems allowing attackers to modify the DNS servers. Mexico is one of the largest suppliers of this type of modem. There are hundreds of thousands of them. That means, more than two million users are at risk. Many attacks are been carried out by means of social engineering, which is the practice of obtaining confidential information by manipulating legitimate users. "Users are the weak link here". Practically, the commonly used methods are achieved via the telephone, web 2.0(social networks), internet etc. The engineers, either claims to be employees of a bank or company, a colleague, a technician or a customer.
is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.While some schemes scam you into giving out social security numbers, bank account numbers or other confidential identity pieces, others are as simple as a pickpocket distracting you emotionally while another thief steals your wallet or purse. Here are what a few of the most widely used savvy cyber attacks look like:
·         Phony charitable phishing scams, many of which are designed to look as if they come from real charities. Always enter in the exact URL for the Charity that you wish to donate to rather than clicking on a link.
·         Urgent email or text notices from your bank. They tell you to click on a link to access your account to fix an important, time sensitive problem. Don’t click on a link via email. Always type in the exact URL of your your bank or call the number on the back of your card. Nothing is that urgent.
·         Nigerian Email Scam. This scam has been around for decades in different versions and states that a wealthy foreigner needs help moving millions of dollars from his homeland and promises a hefty percentage for helping him. This scheme is designed to part you with your money. Once you send a check or bank account numbers you won’t see a dime in return and most victims report losing thousands and hundreds of thousands of dollars to this scam.
·         Notices via email, phone, or mail that announce that You Have Won the Lottery! The message usually claims that you will be paid a large sum of money after you pay them a small amount now. Although this is tempting, just say no. Legitimate lotteries don’t ask you pay anything after you have already won.
·         Facebook or Twitter distress messages from your friends. If you see a friend asking for money and you are considering helping them out, you should ALWAYS call that friend first. Make sure that their account hasn’t been hacked by a thief.
·         Malware-ridden E-cards. It is sad, but true that it is no longer safe to open E-cards. Many contain malware to attack your desktop and gain access to confidential information. Make sure you have updated virus software protection to notify you of viruses that come through emails or the Internet.
·         Make fast cash now! AKA: Make thousands a day working from home! All you have to do is send $50.00 for the starter kit. More often than not people will send their $50.00 and never receive anything in return. This scam has become more popular with our nations high nemployment rate.
These are only a few of the many variations of Identity Theft through Social Engineering. Since social engineering often plays on emotions, you should be careful not to get duped during a tragedy or commemorative event. This is when people are in a mood of giving and their emotions run high.  So remember to stop and think about the possible consequences of an offer that may just be too good to be true. Never be afraid to say no! From a security standpoint, it is more a collection of tools and techniques that range from negotiation, sales, psychology and ethical hacking. While social engineering can include physical security this framework focuses on art of manipulating people to achieve a goal. Generally this goal will involve showing a company or organization where weaknesses may lie with training of their people to maintain a security focused mind. As you will see reading through this framework, the principles can be used in developing and enhancing communications, relationships and our own understanding of those we interact with.

Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

No comments:

Post a Comment

thanks for visiting this blog