When I studied Sociology and Law, the term social engineering was used to designate all such activity, mostly instigated by the state, that attempts to steer society to develop in particularly desired direction. Social engineering was a macro-subject and entailed among others the study of Karl Popper's plea for piecemeal engineering. Anything on a micro-level I would have called applied social psychology.
The latest edition of the excellent Hebrew podcast Making History with Ran Levi (עושים היסטוריה! עם רן לוי), however speaks of social engineering (הנדסה חברתית) in this applied micro-context. The object of the show (מה מסתתר בתוך הטלפון של פריס הילטון) is to show how hackers succeed in what they do, more thanks to the application of social psychology than their wizardry in computer programming or other outstanding technical ability. Several examples are delivered to show how this has played out and they all show the same pattern. Technical and procedural shields against security breaches are in place and functioning well, yet the hacker acquires a crucial entry into the system by manipulating the weakest link in the chain: people.
One of the most eloquent examples is that of a failed hacking attempt. The user was aware that he was subject of a hacking attempt and fenced it effectively off. Yet, the hacker made a follow-up attempt by impersonating a security officer and approached that same user to report on the attempted security breach. "Oh and by the way, what was the info the hacker was after," he asked, upon which he immediately received the answer.
Apart from being informative and entertaining as this podcast always is, in this particular subject it is also very useful. The episode provides for one of the best training sessions everyone could get in order to be better prepared for hacking attacks.
More Making History with Ran Levi:
Ran Levi, then, now and about the Long Now,
Of nightmares and sleepwalking,
Mass Extinctions,
Making History with Ran Levi - עושים היסטוריה! עם רן לוי,
From Pavlov to Milgram.
No comments:
Post a Comment