Scribd Logo
Upload

Welcome to Scribd!

  • Social Engineering

    Uploaded by

    marcod50
    98 views30 pages
    Social engineering is the evolution of a hacker's modus operandi. Wide range of techniques. Exploits flaws in the human character to perpetrate a crime.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Social engineering is the evolution of a hacker's modus operandi. Wide range of techniques. Exploits flaws in the human character to perpetrate a crime.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    98 views30 pages

    Social Engineering

    Uploaded by

    marcod50
    Social engineering is the evolution of a hacker's modus operandi. Wide range of techniques. Exploits flaws in the human character to perpetrate a crime.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    12/22/2010 1

    12/22/2010 2
    Click to edit Master title style

    • Art of manipulating people into


    performing actions or revealing
    confidential information.
    • Using trickery to gather
    information or computer
    system access.
    • In most cases the attacker never
    comes
     face-to-face with the victim.

    12/22/2010 3
    I need a
    password reset.
    What is
    Click to edit Master title style the password set to

    Email: s
    nk ha
    C Bapassword?
    John, the System Admin. What isAByour
    a
    noticed ith
    w
    problem
    your
    account…
    I have come to repair your
    What ethnicity are you? Your mother’s maiden name?

    and have some software patches

    12/22/2010 4
    Click to edit Master title style

    ( source : BusinessWeek / Symantec )


    12/22/2010 5
    12/22/2010 6
    Risks in Companies
    Click to edit Master title style

    Common techniques used


     Dumpster diving
     Office snooping
     Shoulder surfing
     Phishing
     Phone phishing
     Vishing
     Spear phishing
     Quid pro quo

    12/22/2010 7
    Impact in Companies
    Click to edit Master title style

     Credit card information stolen


     ID Theft
     Computer credentials compromised
     Account numbers
     Access to facilities
     Confidential information
     Usernames/passwords

    12/22/2010 8
    Risks in Individuals
    Click to edit Master title style

    Common techniques used



     Dumpster diving
     Shoulder surfing
     Phishing
     Phone phishing
     Baiting

    12/22/2010 9
    Impact in Individuals
    Click to edit Master title style

    • Credit card information stolen


    • ID Theft
    • Account numbers
    • Social security
    • Confidential information
    • Usernames/passwords

    12/22/2010 10
    Click to edit Master title style

    What would happened if your


    E-mail gets compromised?

    12/22/2010 11
    Click to edit Master title style

    What would happened if your


    email gets compromised?
    Your email may contain many important
    confidential information
    This is what we found when we audited the email

    account
     We found account Statements
     Facebook account access
     Confidential information
     Credit card information
     Resumes
     Pictures
    12/22/2010 12
     Usernames/passwords
    12/22/2010 13
    Click to edit Master title style

    • Social engineering is the evolution of


    a hacker’s modus operandi.
    • Wide range of techniques.
    • The attack exploits flaws in the
    human character to perpetrate a
    crime .
    • Awareness and preventive measures.

    12/22/2010 14
    Click to edit Master title style

    • Security Policy
    • Physical Security
    • Acceptable Use
    • Help Desk

    12/22/2010 15
    Click to edit Master title style

    12/22/2010 16
    Click to edit Master title style

    • Listing all possible measures that an


    organization or individual can take
    to prevent a SE attack would be a
    daunting task.
    • Once measures are implemented a
    continuous cycle of awareness,
    training and rule enforcement is
    required.

    12/22/2010 17
    12/22/2010 18
    Click to edit Master title style

    • Key Logger experiment (First


    Exercise)
    – Placed physical key logger on lab tech
    machine in the BA lab
    – Attempted to obtain password to
    printing system.
    – Key logger was used to obtain
    additional information.

    12/22/2010 19
    Click to edit Master title style

    • Social Engineering Attempt

    12/22/2010 20
    Click to edit Master title style

    • Key Logger Experiment Evolved…

    12/22/2010 21
    Click to edit Master title style

    • MP3 Files on CD (Second Exercise)


    – Created VB Script file to obtain
    information such as PC Name, IP
    Address, MAC Address and other
    information
    – Grabbed MP3 files and put the files
    together in an executable file
    created by winzip
    – Purpose was to see who would open
    the CD and open the file (going
    fishing).
    12/22/2010 22
    Click to edit Master title style

    • Results during testing…

    12/22/2010 23
    Click to edit Master title style

    • Results during testing…


    12/22/2010 24
    12/22/2010 25
    Click to edit Master title style

    • Our demonstration clearly showed the


    simplicity of performing a social
    engineering attack and how secure
    information can be exposed
    • As the United States is the leader in
    malicious activity in regards to social
    engineering, it is important to
    constantly be aware of these attack
    techniques and to practice mitigation
    in order to prevent your business or
    yourself from becoming a victim.
    12/22/2010 26
    Click to edit Master title style

    • Retrospective
    – Social Engineering used maliciously is
    a crime
    – Social Engineering attacks pose a
    threat to businesses and individual
    security by attacking the human
    element
    – These techniques are not only used to
    gain access to technical controls,
    but to steal identities and
    proprietary information
    12/22/2010 27
    Click to edit Master title style

    • For businesses, reputations can be


    tarnished, proprietary information can
    be lost, or massive monetary losses
    can be incurred
    • Individuals can have their identity
    stolen, credit destroyed and also
    suffer monetary losses
    • Business and Individuals should
    practice mitigation techniques to
    minimize impact

    12/22/2010 Through Education 28
    Click to edit Master title style

    12/22/2010 29
    Questions?

    12/22/2010 30

    You might also like