Tweet
URL1
Social Engineering and convincing people to part with money:
It is amazing that the alleged criminals perpetuating this for 6 years were able to get away with it for so long. Google trends shows as decline in interest in "social engineering" since 2005, but we've seen more news stories about it like coverage of the Defcon Social Engineering contest, news stories about Nigerian 419 scam, scammers & victims, and the Russian Spy group with the woman and her associates that used social engineering.
A presentation at this last Defcon 15 on "No Tech Hacking" (Johnny Long) provides commentary about not using the latest greatest techniques or skills to technology to break access restrictions. (Jump to 6 minutes 0 seconds to about 8 minutes 50 seconds in and story about Vince.)
The summary of that story is low tech attacks can work against complicated security systems or "Don't makes things more difficult (than they need to be.) Reduced even further, "keep it simple stupid," and then refined, "when attacking any system, use what is effective first; don't waste time trying to make a latest, greatest technological gizmo or toy unless that the the best choice." It is like another application of The Art of War, in choosing the path that will result in victory, where victory is defined as completing the objective with the least wasted time, fewest lost resources including men, and by gaining the most in resources from the enemy.
Considering both of these ideas together, will we see an increase in frequency of "social engineering" being used and discussed in news stories as companies improve their physical security, and use OS with improved security that require more skills or more complicated code/tools to exploit them? Will social engineering becomes the "easier" or "shorter path" and be used more often as a result? Also, will attacking the meat-space with social engineering become easier, as people with minimum-wage (or slightly above minimum wage jobs) are put in charge of being gate-keepers to the resources that are desired by attackers? What implications does this have with access-control to medical bio-hazards and guarding medical waste, or restricting access to nuclear research and radioactive materials?
Social Engineering and convincing people to part with money:
Originally posted by url1
A presentation at this last Defcon 15 on "No Tech Hacking" (Johnny Long) provides commentary about not using the latest greatest techniques or skills to technology to break access restrictions. (Jump to 6 minutes 0 seconds to about 8 minutes 50 seconds in and story about Vince.)
The summary of that story is low tech attacks can work against complicated security systems or "Don't makes things more difficult (than they need to be.) Reduced even further, "keep it simple stupid," and then refined, "when attacking any system, use what is effective first; don't waste time trying to make a latest, greatest technological gizmo or toy unless that the the best choice." It is like another application of The Art of War, in choosing the path that will result in victory, where victory is defined as completing the objective with the least wasted time, fewest lost resources including men, and by gaining the most in resources from the enemy.
Considering both of these ideas together, will we see an increase in frequency of "social engineering" being used and discussed in news stories as companies improve their physical security, and use OS with improved security that require more skills or more complicated code/tools to exploit them? Will social engineering becomes the "easier" or "shorter path" and be used more often as a result? Also, will attacking the meat-space with social engineering become easier, as people with minimum-wage (or slightly above minimum wage jobs) are put in charge of being gate-keepers to the resources that are desired by attackers? What implications does this have with access-control to medical bio-hazards and guarding medical waste, or restricting access to nuclear research and radioactive materials?
Comment