Dec 16 2011

Social Engineering Attacks

Category: Database Security,Information Security,System SecurityFatih Acar @ 17:07

All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called “bugs in the human hardware,” are exploited in various combinations to create attack techniques, some of which are listed here:

Pretexting

Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.[4] An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.
This technique can be used to blame a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one’s feet.

Diversion theft

Diversion theft, also known as the “Corner Game” or “Round the Corner Game”, originated in the East End of London.
In summary, diversion theft is a “con” exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere — hence, “round the corner”.
With a load/consignment redirected, the thieves persuade the driver to unload the consignment near to, or away from, the consignee’s address, in the pretense that it is “going straight out” or “urgently required somewhere else”.
The “con” or deception has many different facets, which include social engineering techniques to persuade legitimate administrative or traffic personnel of a transport or courier company to issue instructions to the driver to redirect the consignment or load.
Another variation of diversion theft is stationing a security van outside a bank on a Friday evening. Smartly dressed guards use the line “Night safe’s out of order, Sir”. By this method shopkeepers etc. are gulled into depositing their takings into the van. They do of course obtain a receipt but later this turns out to be worthless. A similar technique was used many years ago to steal a Steinway grand piano from a radio studio in London. “Come to overhaul the piano, guv” was the chat line.

Continue reading “Social Engineering Attacks”

10,221 total views, no views today

Tags: Oracle, System Security