Social Engineering by Anne-Marie Laliberté-Denis
As a psychologist major the first thing that came to mind was socialization. As psychologists and sociologists studied human behaviour they recognized various types of learning ( ex. cognitive, conditioned) and explained that we as humans teach children and other people how to behave.
Humans become socialized, influenced, conditioned to behave certain ways. Though as human beings we are given free will and a mind to make our own choices these socializations take place often without our knowing. For example, a child will learn and react to be terrified of spiders as they were conditioned to do so because of experience, modelling by an adult or to avoid discomfort or to gain pleasure. Whatever the motivations~ people’s behaviour can be shaped.
Social Engineering by definition
If you love psychology, watch this little documentary to see social engineering sociology style as babies’ behaviours are manipulated by testing and experimentation. Scott Noble’s documentary entitled “Psywar” documents how founder of Behaviourism, John B. Watson. I have included an ‘edited’ version ( as original is a little difficult to watch)
Social Engineering~ Watson's behaviorism to shape behaviour through generalization
Now, social engineering as a term we talk about today is a collection of techniques used to manipulate PEOPLE into behaving and performing actions in a way that easily and willingly divulges confidential information. It can be looked at as how someone can be ‘tricked’ because they are gullible or uninformed~ social engineering does this but focusing on gathering information on or access to your computer. It is an exploitation of the basics of human behaviours like willingness to please,trust, greed to gain free rewards, respect for authority or even indifference or lack of education.
There are technical strategies such as:
Pnishing~ fronting legitimate authority, business that is requiring your authentication like pin, password or even VISA and often install viruses on your computer.
Vishing~ using phone solicitors
Spam~email viruses that snatch info without your knowing
Pop Ups~ my shame was falling for a pop-up message that I had a virus and the logo looked very familiar! The computer crashed and only way out was giving out my info. I didn’t completely fall for it and brought computer in to my techie!
Software downloads often attach viruses.
The social engineering movement, however is discovering that the shortcut to hacking, and working their way through your computer is simply watching YOU, picking up a business card, following the easy info you give out to newsletters or falling prey to impersonators who trick you.
The worst part is that you may never even know you have been exploited or manipulated.
Just as little Arthur learned to fear rats because of Dr. John B. Watson’s experiments with conditioning...we have changed our behaviour vis a vis giving out information to anyone without more information and education as a result of this blog post!
Look below for more ways to stay educated and up to date on ways to recognize illegitimate collection of computer info.
http://alternativenewsreport.net/category/american-society/facebook-twitter-social-behavior-engineering/
http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
http://www.simplysecurity.com/2011/06/21/beware-of-the-latest-facebook-attacks/
http://fearlessweb.trendmicro.com/
http://blog.trendmicro.com/
Window Security online newsletter
Malaware blog
No comments:
Post a Comment