In this post I will explain a very intresting way of hacking the human OS. This is known as Social Engineering.
So, first of all what is social engineering? Social engineering is an art of manipulating people to get vital information from them.This information can be used to build an attack against the respective person. Any one can social engineer, even a kid. There are various methods to perform social engineering. Your options are endless, so make use of it and exploit the most powerful OS (the Human OS). Let me give a true example of social engineering.
One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm's entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees' names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.
The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO's voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system.
In this case, the strangers were network consultants performing a security audit for the CFO without any other employees' knowledge. They were never given any privileged information from the CFO but were able to obtain all the access they wanted through social engineering.
Here are some methods of social engineering:
* Phishing - is a technique often used to obtain private information. Typically, the user sends an e-mail that appears to come from a legitimate business requesting "verification" of information and warning of some consequence if it is not provided. The e-mail usually contains a link to a web page that seems legitimate and has a form requesting everything from home address to an ATM card's PIN.
* IVR or phone phishing - also known as "vishing"; this technique uses an Interactive Voice Response (IVR) system to recreate a legitimate sounding copy of a bank or other institution's IVR system. The victim is prompted to call in to the "bank" via a phone number provided in order to "verify" information.
* Baiting - Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.
* Quid pro quo - An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware.
Advantage of Social Engineering
So to soak up what you've learned so far, which was, an introduction to social engineering and some examples on the very subject itself (SE). On to the very question that people want to hear and know. What can I GAIN from using social engineering? Anything! Like I said before, and not afraid to hesitate to say again, your options are endless when using social engineering! It all depends on your goal and how you approach it, is the defining factor of your outcome. Now with that said, don't go off thinking that you can take over the World in a matter of a few days, not going to happen. But what you can do is practice using social engineering, little by little, step by step; learn how to build your ground and the environment around it. So yes, think outside the box and learn to open new doors! Keep in mind that connections and relationships is everything in being a social engineer, without it, what can you build from nothing? Nothing! That's when social engineering comes in place, learn to make new friends, take the time to ask questions, and most importantly, learn your target! Like one once said, "My greatest enemy is also my best friend." You can achieve anything with the right mindset!
Believe it or not, more than 50% of people living on this Earth subconsciously don't know what they're capable of! That's a scary thought, that's a lot of potential lost!
So, what ya thinkin, U a social engineer? Of course you are even without knowing it.
Wednesday, September 1, 2010
Hacking Human OS (Operating System)
If you're like most people, you feel as if you are rational and logical, and most of the rest of the world is not. If you're right about this, then most of the world is illogical. If they're right, then you're illogical.
The fact is you're both wrong: neither you nor anyone else is as logical as you think you are.
You think and feel with your brain all the time, but how often do you think about your brain; its strengths and weaknesses and its limitations?
Your brain is a battlefield peppered with electrochemical explosions; a wet bundle of nerves, firing at each other within a glue-like soup. It does some things well and others poorly.
Not only do you think with your brain, you also use it to perceive: it's the primary mechanism by which you collect information about the world around you. It's a bit like the fox guarding the henhouse: the same entity that provides you with information is also telling you what it means. Any information you take in -- through your eyes, nose, ears, tongue and fingertips -- is heavily filtered before you are even consciously aware of it.
This is a necessity: if you consciously processed every piece of information you are capable of perceiving, you would be so flooded with sensation that you would be unable to function. A lack of such filters is one of the primary characteristics of autism.
Now, think of your brain as if it were a computer for a second.
Your hardware is the bundle of nerves that makes up your brain; it's simply gray matter.
Your applications are patterns of thought, which are built up over the course of years. Some of them, like basic algebra and how to read, were written by others; and some of them, like the way you kiss or buy clothes, you probably wrote yourself. Some of them run like clockwork, others are riddled with bugs; some are in beta, others are in version 9.0. If you're a life hacker [What's a hacker?] you have probably written more of your own "brain apps" than most people.
Your OS is the low-lying software that all the other apps rely on. How much do you know about it? Most people don't think about it much.
If you want to get serious about communication, it's time to learn more about the Human OS.
Understanding how your mind works will make you a more effective communicator, so you'll know the path of least resistance to getting people's attention and getting them focused on the things you think are important. If you do it well, people will even start to think that you're logical!
The fact is you're both wrong: neither you nor anyone else is as logical as you think you are.
You think and feel with your brain all the time, but how often do you think about your brain; its strengths and weaknesses and its limitations?
Your brain is a battlefield peppered with electrochemical explosions; a wet bundle of nerves, firing at each other within a glue-like soup. It does some things well and others poorly.
Not only do you think with your brain, you also use it to perceive: it's the primary mechanism by which you collect information about the world around you. It's a bit like the fox guarding the henhouse: the same entity that provides you with information is also telling you what it means. Any information you take in -- through your eyes, nose, ears, tongue and fingertips -- is heavily filtered before you are even consciously aware of it.
This is a necessity: if you consciously processed every piece of information you are capable of perceiving, you would be so flooded with sensation that you would be unable to function. A lack of such filters is one of the primary characteristics of autism.
Now, think of your brain as if it were a computer for a second.
Your hardware is the bundle of nerves that makes up your brain; it's simply gray matter.
Your applications are patterns of thought, which are built up over the course of years. Some of them, like basic algebra and how to read, were written by others; and some of them, like the way you kiss or buy clothes, you probably wrote yourself. Some of them run like clockwork, others are riddled with bugs; some are in beta, others are in version 9.0. If you're a life hacker [What's a hacker?] you have probably written more of your own "brain apps" than most people.
Your OS is the low-lying software that all the other apps rely on. How much do you know about it? Most people don't think about it much.
If you want to get serious about communication, it's time to learn more about the Human OS.
Understanding how your mind works will make you a more effective communicator, so you'll know the path of least resistance to getting people's attention and getting them focused on the things you think are important. If you do it well, people will even start to think that you're logical!
Subscribe to:
Comments (Atom)
