SOCIAL ENGINEERING

Social Engineering is something that is not done through the using the technical hacking strategies. It’s about convincing the authenticity of your exploit. So, when is this used? Exactly when the attackers can’t find the vulnerability for their exploits. Right? Its like playing trickery for the purpose of gathering crucial information from the target users. They might be Human Based or Computer Based.

If it’s Human Based, we have the Shoulder Surfing in this. It like silently peeping into the keyboard while someone is typing the password. If it might be possible that the attacker calls the victim and convinces him to have the permission from authorized source to his system. The victim in turn gets convinced and provides most crucial data to the attacker. The attacker might also make the target believe that he is the employee or the contractor, thus providing him with all the required details. It’s also possible that the attacker goes for the social network profile of the victim, chooses one of his friends (say X) and later convinces the victim that he is the friend of X and he needs to know this.

If it’s Computer Based, the most important source for this attack are the email attachments which convinces the users to open it, promising to be from a trusted source. The moment the user opens it, results in the execution of the malicious code contained in the attachment. The another types of social Engineering technique are the Phishing and the Spear Phishing, the technique that was used to hack theInternational Monitory Fund(IMF) days back. What was done in the case of IMF, according to the sources, that an email was sent from within the IMF to the two groups of employee with the subject “2011 Recruitment Plan” and this was intriguing enough to make them click on the attachment or the links. As an attachment was a file named 2011 recruitment plan.xls, that contained the 0-day Exploit, installing a backdoor through Adobe flash Vulnerability. So this indeed is very actively popular Social Engineering strategy these days. You can take a look for further details @ http://www.castigliola.com/index.php?option=com_content&task=view&id=125&Itemid=1