As Mitnick said: You can have the best internet security software on the planet. The most expensive forensic team, and a host of gadgets to protect you from break ins, but all this will completely fail, as long as human error still exists. The human being, or the 'wetware' is the weak link in the chain of security. A human being is easily fooled, decieved, and can give away such valuable information.
This is just one example in thousands that could be done to gain sensitive information. Now one could easily just repute this and say its not 'social engineering', its just plain lying and stealing. I do agree with that, if you plan on keeping and using said information for nefarious purposes. I see nothing wrong with using this information to see how much information you can get out of someone.
To paraphrase Mitnick; People are very trusting, and generally want to be as helpful to you as possible. Especially if you call a help or service desk. They literally get back to bend over backwards for you. Now you don't want to aim to get the person their fired, or in any trouble, so don't ask them to reveal secrets that could cost them they're job. But just prodding around and asking for things that a normal person shouldn't know, I don't see anything wrong with that. Again, if you use this information for your own gain, then yes, you are thief. Mitnick unfortunately went to this extreme, and defrauded many companies of money, and was eventually caught, but the idea of Social Engineering, is one that I think is viable and is fun to practice.
If you go on Youtube, there is a video under Social Engineering, where these two idiots, drive into Mcdonalds, and "Socially Engineer" the manager into getting free food. Stuff like that isn't Social Engineering, its blatent lying to get free food that costs 3.99. This sort of thing should be done for sport, fun, and like hacking, just to find out how much you can find out..
Has anyone done their own Social Engineering? Stories to share?
the world is changing so quickly
ReplyDeleteGirls have sex with me with one word.
ReplyDeleteNote to self:
ReplyDeleteLie and get free food.
betrayal of trust is not a good thing
ReplyDeleteLie and free food = WIN!
ReplyDeleteSocial Engineering is a very powerful tool. It is something that cannot be prevented by software. I recently read the book "The Art of Deception" by Kevin himself. Good read (the book and your blog).
ReplyDeleteOnly in America
ReplyDeleteSounds neat, I want free McD!
ReplyDeleteIt is a dangerous game as the variable is again, human.
ReplyDeletegreat post, times are changing
ReplyDeletewell written and informative enjoyed
ReplyDeleteThat's pretty descriptive. Good stuff!
ReplyDeleteLOL @ necro
ReplyDeletei need to start lying more!
ReplyDeletei'm hungry!!
Interesting, it'd be neat to use this type of stuff to make people's day weirder rather than for personal benefit.
ReplyDeleteGreat post.
ReplyDeleteI've tried learning social engineering and NLP and all that jazz but it's a lot harder than it looks. I guess it's just a gift some people have. I wish I could pick it up. Certainly a useful tool for every aspect in life.
I'd be really interested in a follow up with tips and tricks if you ever run outta ideas for posts?
I read some of his book a few months ago, it was pretty interesting.
ReplyDeleteSocial Engineering is definitely one of the leading causes of most of the crap that happens to people, I would think.
ReplyDeletewouw cool :O
ReplyDelete@ Jim: I need to read it myself!
ReplyDelete@ Erika: I'll keep that in mind!
I was able to trick my wife into thinking i was a nice guy by taking her to les mis on our first date! lolololol!
ReplyDeletethis is so crazy this is another good example how we are giving our lifes to technology by the day! now there is social engineering, its like there are two realities now, our real physical lifes and our technological lifes lol
ReplyDeleteLol im a horrible liar, it would be a good skill to have though :P
ReplyDeleteI always act like the Fonz when I go out and everything is cool.
ReplyDeletei like your blog. keep up the good work
ReplyDeleteI really like the idea of social engineering, sounds like a smart name for being misleading, something I enjoy occasionally.
ReplyDeleteI wish you were right about customer service though.
I've never done it, but I'd like to try it out. I've read about it before.
ReplyDeleteI've tried stuff like that before, it's pretty fun
ReplyDeleteFree food sounds good to me
ReplyDeleteGlad I still have this blog on my morning coffee. Please check out mine?
http://clearthepit.blogspot.com
Wow. Great post.
ReplyDeleteI trust no one and nothing but what CNN tells me.
ReplyDeletelol
Very interesting blog! :-)
ReplyDeleteI used to work at a Verizon call center. Social engineering was annoying as hell, but knowing exactly what they're looking for totally helps with your future social engineering attempts.
ReplyDeleteIf you ever find a verizon phone, call somewhere that gives you the phone number, then google the phone number to get first/last name. if you have the name, call into verizon from the phone, tell them you forgot your password, and they'll be able to reset the password on the account for you as long as whoever owned the phone was an authorized user. Use it only for data, and don't sign in anywhere. They'll track everything you do once i'ts reported as stolen.
Read the 48 Laws of Power, goes sort of hand in hand with this/power games.
ReplyDelete