Presentation is loading. Please wait.

Presentation is loading. Please wait.

Good morning - Matthias Vermeiren - Joachim Seminck Good morning.

Similar presentations

Presentation on theme: "Good morning - Matthias Vermeiren - Joachim Seminck Good morning."— Presentation transcript:

1 Good morning - Matthias Vermeiren - Joachim Seminck Good morning

2 Hackers... Or not? Stereotype of a hacker Uses computers, viruses, trojans, bugs Steals confidential information through a computer Stereotype of a hacker Uses computers, viruses, trojans, bugs Steals confidential information through a computer Stereotype of a hacker

3 Social Engineering...what? Breaching network using people skills Powers of observation Psychologically manupulating people People are often the weakest link Social Engineering...what?

4 Social Impersonating IT staff “Your account is disabled, I need your password” Gives password Employee Social Engineer Employee Gives password Social

5 Playing on users’ sympathy Pretending to be worker from the outside ( phone company, ISP,...) “New on the job, have to check out some wiring, or else I get fired....” Gaining physical access to computers and servers In any case: Social engineer appears to be worried, afraid, upset of some dire consequence Social

6 Wooing them with words When the stakes are high (e.g. Big financial reward for getting into network) Slowly becoming close friends with target victims Elaborate, long-term schemes Initiating and developing a romantic relationship Victim trusts S.E. Enough to reveal confidential information (and smartcards,...)

7 Social Intimidation tactics S.E. Pretends to be someone important Big boss from HQ Government inspector Someone who strikes fear in the employee’s heart -Angry and yelling -Threaten to fire the employee if they don’t get the information Very few people would say no out of fear of losing their job Social

8 The greed factor S.E. Offers money or goods in exchange for the information Usually more subtle In general: S.E. Promises some benefit (better paying job at competing company,...) Social

9 Creating confusion Creating a problem Taking advantage of it Social

10 Shoulder surfing “Passive” form of social engineering Observe victim whilst typing passwords Without their knowledgeGaining trust so they don’t mind their being there Social

11 Dumpster diving Predates computers Looking for hard copies of information to breach the network S.E. could pose as a janitor Access to discarted papers, cd’s, discs, etc Social

12 Gone phishing Well-publicised internet scam Fake e-mails Sites that are identical to the originals Users enter confidential information ( passwords, id’s,...) Information gets forwarded to the S.E. Social

13 Reverse social engineering S.E. gets others to ask him/her the questions Creating problem with network or software S.E. is expert coming to fix the problem Gets full access to the systems Requires a lot of planning Social

14 Social Engineering...Protection Number one line of defence : User Education Backed up by Clear (written) policies Who can enter server room? To whom can users give their password?...

15 Social Engineering...Protection Social Engineering = Not a technological problem It does have a technological solution Multifactor authentication Social Engineering...Protection

16 Social Engineering...Case study

17 Sources -Ten common social engineering ploys By Debra Shinder, TechRepublic -Social Engineering – An attack vector most intricate to tackle! By Ashish Thapar -Malware campaign at YouTube uses social engineering tricks By Dancho Danchev -Junk mailers get the human touch By BBC news Sources

18 Questions?

19 Thank you!

Download ppt "Good morning - Matthias Vermeiren - Joachim Seminck Good morning."

Similar presentations

Ads by Google