Title: How Attackers Hack Humans
Author: Williesha Morris
Publish Date: October 15, 2021
Website: DarkReading.com
We talked about social engineering and how employees are targeted to gather information. Recon 101! Email, phone, text. It’s an interesting perspective article on hacking humans told from the POV of former CIA operative Peter Wamka. He speaks about how tools 20 years in the making are being used now to rely on soft targets to get to hard targets.
Some key points we talked about in class were distinctly pointed out in the article:
- insider targets: overworked, underpaid, and underappreciated employees
- job postings: can detail all of the systems and databases that a company uses that can be targeted for infiltration
- media releases: show how an organization is growing and changing and name potential targets and their job titles or even hobbies and interests.
- internet searches: “employee manual” and “PDF” can reveal benefit packages, rules, and other confidential information
- social media: work history, certifications, volunteer work, political leanings, relationship statuses, and favorite books and movies.
- pictures: demonstrate socioeconomic status
An interesting take on the article is that it provides an interesting alternative option to protecting their employees. Not jus the IT Security mandatory employee training, but taking “protecting your people” to another level.
- Offering training or classes with guidance on how to secure their social media profiles.
- “Helping employees use privacy controls and restricted settings is good for their personal safety and can help the organization, as well.”
- Show how social media posts can be used against a person.
- Training to include what work details shouldn’t be posted socially.
Essentially, the company is protecting itself by virtue of protecting you.
Very good read!
Also, if interested: Peter Wamka has a book out that could prove to be very fun: Confessions of a CIA Spy: The Art of Human Hacking
Vanessa
Matthew Bryan says
Great read! We’ve started focusing on social media more at my work. I’ve started showing people https://osintframework.com/ to give them a sense of what’s available publicly and how someone can build a profile by piecing together open source intelligence.