Week 8 Summary

Social Engineering

Social Engineering is bad, mm’kay? It takes advantage of the weakest link in security, which are the people. Th systems can be secure, but people have the need and desire to help others or follow the rules of authority. Social engineering has the malicious actor act as either someone in need, someone in authority, or they can act as tech support in a reverse social engineering attack. This forces the average hacker to be social instead of a lurking troll in their basement who lacks people skills.

A reverse social engineering attack occurs when the malicious actor advertises his false credentials and skills as tech support. After an attack from the hacker, people will call the hacker thinking he is tech support, and thus give him their passwords.

Non technical social engineering involves dumpster diving, piggy backing, tailgating, should surfing, or just talking to employees at the smoke pit. Technical social engineering involves phishing, and creating fake websites for employees to foolishly enter their credentials. The strongest counter measure against social engineering is user education, policies, incident response strategy, and strong physical security.

News Article: China arrests hackers that were wanted by the US.
http://techti.me/2015/10/10/china-arrests-hackers-of-us-government-on-behalf-of-the-us/