Social Engineering – part 2 Why SE :Because there is no patch for human stupidity

Why Attackers Use Social Engineering

Attackers Use Social Engineering For two simple reasons :

· "Because there is no patch for human stupidity"

· "People are the largest vulnerability in any network"

While a hacker can spend days trying to break a a password or hack into a server a simple phone call or email with the right pretext and perfect questions can get you the same results , Utilizing the human side of people can get some more information than hacking any system , As software vendors get more and more secure and their products get harder to crack the role of social engineering becomes greater. Understanding what it is a social engineer will try, how they will try it and what methodology they may use can help you develop a plan how to protect from such attacks.


Typical Goals of a Social Engineer

The answer is simple ,The need of knowledge is what drives a social engineer , We all need to know , whether this knowledge is the actions of our girl/ boy friend or the secrets of a multi-billion organization , the need of knowledge is what drives us to try to obtain information .Knowledge is powerful, the more you know, the easier it may be to succeed.

“Data Data Data , I cant make bricks without Stone “ – Sherlock Holmes

Malicious social engineers portray some of the same goals that an everyday Joe or Jane may have with one difference; ethics. Ethics are the base standards of what is good and bad within a society. If the society, as a whole, feels strongly enough that the behavior is bad, laws may be formed to prevent the behavior. Ethics are what separates the money making goals of the everyday Jane or Joe from the social engineer; out to make their money or their name by stealing knowledge and using it in an unauthorized fashion.

Dr. Max Kilger, co-author of the Honeynet Project, has identified six motivations for non-ethical computer activity. These motivators can be applied with regards to social engineering. The six motivators are: money, entertainment, ego, cause, entrance into a social group and status within that social group.

Maslow’s Hierarchy of Needs


Figure depicts the basic needs to survive at the bottom of the triangle. Esteem needs and self-actualization are at the top of the hierarchy . this clarifies the cognitive need of knowledge, a main motivator for criminal behavior.



The goals of a malicious social engineer can be compared to the goals of any criminal activity; knowledge, power, money, control, bragging rights, etc. Malicious social engineering with the purpose of data theft, is like any other crime, it contains motive and a goal.



In the Next Article isa I will try to discuss The Common Social Engineering Attacks and Will give some real world examples of Social Engineering in Action

No comments:

Post a Comment