Presentation on theme: "Good morning - Matthias Vermeiren - Joachim Seminck Good morning."— Presentation transcript:
Good morning - Matthias Vermeiren - Joachim Seminck Good morning
Hackers... Or not? Stereotype of a hacker Uses computers, viruses, trojans, bugs Steals confidential information through a computer Stereotype of a hacker Uses computers, viruses, trojans, bugs Steals confidential information through a computer Stereotype of a hacker
Social Engineering...what? Breaching network using people skills Powers of observation Psychologically manupulating people People are often the weakest link Social Engineering...what?
Social Engineering...how? Impersonating IT staff “Your account is disabled, I need your password” Gives password Employee Social Engineer Employee Gives password Social Engineering...how?
Playing on users’ sympathy Pretending to be worker from the outside ( phone company, ISP,...) “New on the job, have to check out some wiring, or else I get fired....” Gaining physical access to computers and servers In any case: Social engineer appears to be worried, afraid, upset of some dire consequence Social Engineering...how?
Wooing them with words When the stakes are high (e.g. Big financial reward for getting into network) Slowly becoming close friends with target victims Elaborate, long-term schemes Initiating and developing a romantic relationship Victim trusts S.E. Enough to reveal confidential information (and smartcards,...)
Social Engineering...how? Intimidation tactics S.E. Pretends to be someone important Big boss from HQ Government inspector Someone who strikes fear in the employee’s heart -Angry and yelling -Threaten to fire the employee if they don’t get the information Very few people would say no out of fear of losing their job Social Engineering...how?
The greed factor S.E. Offers money or goods in exchange for the information Usually more subtle In general: S.E. Promises some benefit (better paying job at competing company,...) Social Engineering...how?
Creating confusion Creating a problem Taking advantage of it Social Engineering...how?
Shoulder surfing “Passive” form of social engineering Observe victim whilst typing passwords Without their knowledgeGaining trust so they don’t mind their being there Social Engineering...how?
Dumpster diving Predates computers Looking for hard copies of information to breach the network S.E. could pose as a janitor Access to discarted papers, cd’s, discs, etc Social Engineering...how?
Gone phishing Well-publicised internet scam Fake e-mails Sites that are identical to the originals Users enter confidential information ( passwords, id’s,...) Information gets forwarded to the S.E. Social Engineering...how?
Reverse social engineering S.E. gets others to ask him/her the questions Creating problem with network or software S.E. is expert coming to fix the problem Gets full access to the systems Requires a lot of planning Social Engineering...how?
Social Engineering...Protection Number one line of defence : User Education Backed up by Clear (written) policies Who can enter server room? To whom can users give their password?...
Social Engineering...Protection Social Engineering = Not a technological problem It does have a technological solution Multifactor authentication Social Engineering...Protection
Sources -Ten common social engineering ploys By Debra Shinder, TechRepublic -Social Engineering – An attack vector most intricate to tackle! By Ashish Thapar -Malware campaign at YouTube uses social engineering tricks By Dancho Danchev -Junk mailers get the human touch By BBC news Sources