Off Into The Infinite Universe...

Welcome Back My Friends, To The Show That Never Ends...
This is for everyone who has a strange fascination with loopy structures, paradoxes, science, quantum physics, the nature of duality, the internet, cyber culture, philosophy, and any one who has stayed up into the late hours contemplating infinities.If any of you have any contributions for posts, paradoxes, mathematical infinities, or anything that has loopy nature send it to DamntheMachine09@aol.com

Support The Infinite Blog!

Sunday, April 3, 2011

Social Engineering

Has anyone ever heard of this? Or more over has anyone heard of Kevin Mitnick? For those who had their ear to the techie/hacker ground in the mid 90's, you may remember him. Kevin Mitnick was a computer hacker/cracker but more accurately, he was a master of the technique called "Social Engineering". He had charisma about him that allowed people he spoke to to trust him and even let him in on information that he wasn't supposed to be privy to. These conversations would generally take place over phone lines. He may call up a bank branch, and pretend to be someone from payroll, telling one of the tellers that if they didn't reveal their certain employee number, they wouldn't be able to recieve their paycheck. Then, once he gained this info, he may politely hang up and call another branch of the bank. This time switching hats, and becoming a fellow bank employee who's need's a customers files brought up, including debit card information, account numbers, balance etc..

As Mitnick said: You can have the best internet security software on the planet. The most expensive forensic team, and a host of gadgets to protect you from break ins, but all this will completely fail, as long as human error still exists. The human being, or the 'wetware' is the weak link in the chain of security. A human being is easily fooled, decieved, and can give away such valuable information.

This is just one example in thousands that could be done to gain sensitive information. Now one could easily just repute this and say its not 'social engineering', its just plain lying and stealing. I do agree with that, if you plan on keeping and using said information for nefarious purposes. I see nothing wrong with using this information to see how much information you can get out of someone.

To paraphrase Mitnick; People are very trusting, and generally want to be as helpful to you as possible. Especially if you call a help or service desk. They literally get back to bend over backwards for you. Now you don't want to aim to get the person their fired, or in any trouble, so don't ask them to reveal secrets that could cost them they're job. But just prodding around and asking for things that a normal person shouldn't know, I don't see anything wrong with that. Again, if you use this information for your own gain, then yes, you are thief. Mitnick unfortunately went to this extreme, and defrauded many companies of money, and was eventually caught, but the idea of Social Engineering, is one that I think is viable and is fun to practice.

If you go on Youtube, there is a video under Social Engineering, where these two idiots, drive into Mcdonalds, and "Socially Engineer" the manager into getting free food. Stuff like that isn't Social Engineering, its blatent lying to get free food that costs 3.99. This sort of thing should be done for sport, fun, and like hacking, just to find out how much you can find out..

Has anyone done their own Social Engineering? Stories to share?

34 comments:

  1. Girls have sex with me with one word.

    ReplyDelete
  2. Note to self:
    Lie and get free food.

    ReplyDelete
  3. betrayal of trust is not a good thing

    ReplyDelete
  4. Social Engineering is a very powerful tool. It is something that cannot be prevented by software. I recently read the book "The Art of Deception" by Kevin himself. Good read (the book and your blog).

    ReplyDelete
  5. It is a dangerous game as the variable is again, human.

    ReplyDelete
  6. great post, times are changing

    ReplyDelete
  7. well written and informative enjoyed

    ReplyDelete
  8. That's pretty descriptive. Good stuff!

    ReplyDelete
  9. i need to start lying more!

    i'm hungry!!

    ReplyDelete
  10. Interesting, it'd be neat to use this type of stuff to make people's day weirder rather than for personal benefit.

    ReplyDelete
  11. Great post.

    I've tried learning social engineering and NLP and all that jazz but it's a lot harder than it looks. I guess it's just a gift some people have. I wish I could pick it up. Certainly a useful tool for every aspect in life.

    I'd be really interested in a follow up with tips and tricks if you ever run outta ideas for posts?

    ReplyDelete
  12. I read some of his book a few months ago, it was pretty interesting.

    ReplyDelete
  13. Social Engineering is definitely one of the leading causes of most of the crap that happens to people, I would think.

    ReplyDelete
  14. @ Jim: I need to read it myself!
    @ Erika: I'll keep that in mind!

    ReplyDelete
  15. I was able to trick my wife into thinking i was a nice guy by taking her to les mis on our first date! lolololol!

    ReplyDelete
  16. this is so crazy this is another good example how we are giving our lifes to technology by the day! now there is social engineering, its like there are two realities now, our real physical lifes and our technological lifes lol

    ReplyDelete
  17. Lol im a horrible liar, it would be a good skill to have though :P

    ReplyDelete
  18. I always act like the Fonz when I go out and everything is cool.

    ReplyDelete
  19. i like your blog. keep up the good work

    ReplyDelete
  20. I really like the idea of social engineering, sounds like a smart name for being misleading, something I enjoy occasionally.

    I wish you were right about customer service though.

    ReplyDelete
  21. I've never done it, but I'd like to try it out. I've read about it before.

    ReplyDelete
  22. I've tried stuff like that before, it's pretty fun

    ReplyDelete
  23. Free food sounds good to me
    Glad I still have this blog on my morning coffee. Please check out mine?
    http://clearthepit.blogspot.com

    ReplyDelete
  24. I trust no one and nothing but what CNN tells me.
    lol

    ReplyDelete
  25. Very interesting blog! :-)

    ReplyDelete
  26. I used to work at a Verizon call center. Social engineering was annoying as hell, but knowing exactly what they're looking for totally helps with your future social engineering attempts.

    If you ever find a verizon phone, call somewhere that gives you the phone number, then google the phone number to get first/last name. if you have the name, call into verizon from the phone, tell them you forgot your password, and they'll be able to reset the password on the account for you as long as whoever owned the phone was an authorized user. Use it only for data, and don't sign in anywhere. They'll track everything you do once i'ts reported as stolen.

    ReplyDelete
  27. Read the 48 Laws of Power, goes sort of hand in hand with this/power games.

    ReplyDelete