Social Engineering

Once the jargon of political scientists only, "social engineering" has now become the language of hackers. Wikipedia defines social engineering as, "a collection of techniques used to manipulate people into performing actions or divulging confidential information."

Hackers have known for some time that it can be very difficult to brake into a computer; it'a a lot easier to trick the user into letting them in voluntairly.  An accepted article of faith states: “in any system, people are the weakest link.”

Relying on social engineering techniques, hackers are able to get people reveal information that should be kept secret or perform tasks outside their norm or behave ways that are contrary to their own selfinterest.

For example, suppose that one day you get an email with the subject of "I Love You," with an attachment called "loveletter.txt," and you don't know the person wo sent it.    You know that you shouldn't open attachment from strangers, but you just can't resist the temptation to find out who loves you...so you double-click the attachment and open it.  You have just been sicially engineered into infecting you scomputer with malware.  You and 1000 other people!

virus writers use social engineering techniques to compel e-mail recipients to open attachments that carry viruses and worms.  Would-be hackers use the phone to get users to reveal passwords or  other sensitive information.  Lastly, it's not just malware that you need to be on the look out for.  Internet cons (scams, fraud and hoaxes) and to some extent spam, all require the unwitting cooperation of the user in order to succeed.

Not all social engineering takes place via the Internet.  Dumpster-diving for pieces of paper that contain sensitive information (e.g., credit card numbers) is a common loy. Another favorite trick is to call up low-level employees and get them to reveal information that hackers will later use will to compromise a system or network.