After Wired.com’s Mat Honan suffered a widely-publicized hack last week, blogs have been abuzz with the the term “social engineering.” The hack wasn’t a traditional one, where hackers digitally outsmarted Honan’s technological defenses. It was perhaps a more insidious kind of hack–a con if you will–long referred to as social engineering by the tech industry.
Social engineering is the process of gaining access to systems using human psychology instead of exploiting a software or hardware vulnerability. In other words, it’s a con and has been around as long as there have been crooks and con men. The social engineer (or scam artist) uses psychology to exploit a person’s naivety and gain their trust. For example, a social engineer might call an employee and pose as IT support, trying to trick the employee into revealing his password or other sensitive information.
In Honan’s case, the hacker used publicly-available information to scam Amazon and Apple into giving him access to Honan’s accounts. The hacker was able to take over Honan’s digital life and ultimately wipe the data off his laptop and phone. (Why Honan didn’t have a proper backup of his data is perhaps the topic of another discussion.)
Another recent example is this year’s Defcon hackathon winner, Shane MacDougall, who was able to successfully gain 75 different pieces of sensitive information from a Wal-Mart manager during a 20-minute phone call.
The main difference between hacking and social engineering is that the former requires an adept IT department and Network Security plan in place and the latter requires a properly-trained and knowledgeable staff–one that knows the red flags of a scam artist.
For over 10 years, Minneapolis-based OAC Technology has been helping small to medium-sized businesses maintain secure systems. We can inspect your network for common problems, misconfigurations, and security vulnerabilities that can lead to costly problems down the line. Contact us today for a Free Security Audit of your business.