written by Chris Griesemer
Over the past year, I have written several articles on vulnerabilities and social engineering. From the vulnerability point of view, I do my best to explain how important it is to keep machines updated. Machines not patched properly are a target not only to external hackers but to malicious employees.
However, as important as patching is, social engineering may be more dangerous. To take advantage of a vulnerable machine, you have to have some technical knowledge. For instance, it would help if the attacker had the ability to write a program that would exploit a machine enough to allow it to be compromised. Social engineers don’t have to be technical. They just need to know how to convince you to give up information.
In Las Vegas every year, the biggest hacking convention known as DEFCON attempts to show people different types of hacking techniques. Starting Friday at 10:00 a.m., a DEFCON attendee can choose from four sessions every hour until 5:00 p.m. This goes on all weekend.
One of the main attractions is a contest called Capture the Flag. Contestants walk into an enclosed, clear compartment that has a chair and a phone. They are given a checklist of items they need to obtain, such as the serial number on a computer to the type of phone they are using to even the model of the Wi-Fi access point located at the company. They have to get this information over the phone. This is social engineering at its best and I have yet to see a better example of how good these people are at getting information. As entertaining as it is, you can’t help to think how easy it would be for these experts to target you or your place of employment.
REAL FUTURE’s (a show on Fusion TV) Kevin Roose went to DEFCON to find out if these hackers could get any of his private information. I encourage everyone to watch this video. The video has some rough language at times, but the content will scare you more than the language: https://youtu.be/bjYhmX_OUQQ.
If you have any questions or concerns about social engineering, please contact Chris Griesemer at 417.881.0145.