SlideShare a Scribd company logo

Social Engineering

N
Neelu Tripathy
Technology
1 of 20
Agenda What is it? Real life cases Traits Exploited Phishing Methodology Scenarios Tricks of the Trade Physical Pen testing? Defenses Demo!
Watch it! Human Link is the weakest in the Security Chain Perception Authority, Slow Response, Fear & Anxiety http://www.youtube.com/watch?v=q7V4U2RUaeg&feature=related Hackers Mentalist Rockford Files James Bond!
Engineering the Socials & The Rest Manipulation of Human Trust (and Traits) to elicit information. This could be further used to directly/indirectly steal data, identity, money, etc., get access to systems, further manipulate others, for financial gain or otherwise. A combination of the standard security checks was identified by engineering and ethically manipulating the processes, trust levels and human aspect of day to day operations in the company. Modes: • Human Based • Computer Based
Traits Exploited[Generally.. ;P] Helplessness Through Guilt Situations Anxiety Urgency Fear[Authority] Impersonation- Partially Known Factors Trust Persuasion Moral Duty Request Helpfulness Orders/Demand Cooperation .. Delegated Responsibility Technology[Modems, Malware, OSINT, Exploits, Phishing, Spoofing, Websites, other computer based techniques and Help Desk ;) ]
Phishing - Vishing 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond Phone Phishing (IVRs) A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. (courtesy – Wikipedia)
Barge In! Fake ID Fake Authorization Letter Uniform? Recorder Videos Bag? Suit Up!
Target Asset Identification – Information? No I don’t have a Gun Diversion theft - "going straight out" or "urgently required somewhere else". Passive - Tailgating, Eavesdropping, Shouldersurfing Baiting Cold Calling Backdoors, Rootkits, keyloggers Device!
Catch Me if you can Frank Abegnale Vistor Lustig Kevin Mitnick Badir Brothers – Again Mike Ridpath
Frank William Abagnale Notorious in the 1960s for passing $2.5 million worth of meticulously forged checks across 26 countries over the course of five years, beginning when he was 16 years old He attained eight separate identities as an airline pilot, a doctor, a U.S. Bureau of Prisons agent, and a lawyer. He escaped from police custody twice (once from a taxiing airliner and once from a U.S. federal penitentiary
Cases Lustig had a forger produce fake government stationery for him Invited six scrap metal dealers to a confidential There, Lustig introduced himself as the deputy director-general of the Ministry of Posts and Telegraphs. Lustig told the group that the upkeep on the Eiffel Tower was so outrageous that the city could not maintain it any longer, and wanted to sell it for scrap. Due to the certain public outcry, he went on, the matter was to be kept secret until all the details were thought out. Lustig said that he had been given the responsibility to select the dealer to carry out the task. The idea was not as implausible in 1925 as it would be today. Later, Lustig convinced Al Capone to invest $50,000 in a stock deal. Lustig kept Capone's money in a safe deposit box for two months, then returned it to him, claiming that the deal had fallen through. Impressed with Lustig's integrity, Capone gave him $5,000. It was, of course, all that Lustig was after
Cases Contd.. 1st Source Information Specialists Illinois became the first state to sue an online records broker when Attorney General Lisa Madigan sued 1st Source Information Specialists, Inc., on 20 January, a spokeswoman for Madigan's office said. The Florida-based company operates several Web sites that sell mobile telephone records, according to a copy of the suit. The attorneys general of Florida and Missouri quickly followed Madigan's lead, filing suit on 24 and 30 January, respectively, against 1st Source Information Specialists and, in Missouri's case, one other records broker – First Data Solutions, Inc.
Involves - C*****S**** Physical Security [Dumpster Diving, Shoulder surfing, Eavesdropping, stealing in Remote Devices, covert entry/exits] impersonation , dressing, IDs, badges, etc] Perimeter Security General Intelligence Emails, Phishing, Websites, OSINT[social networks, forums, portals, public knowledge] Research Social Engineering ;) .. TRUST
Scenarios - 1 Social Engineering “They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. ” LUCK You have won “ 100000$”!
what I call a chain reaction Mr. Smith:Hello? Caller:Hello, Mr. Smith. This is Fred Jones in tech support. Due to some disk space constraints, we’re going to be moving some user’s home directories to another disk at 8:00 this evening. Your account will be part of this move, and will be unavailable temporarily. Mr. Smith:Uh, okay. I’ll be home by then, anyway. Caller:Good. Be sure to log off before you leave. I just need to check a couple of things. What was your username again, smith? Mr. Smith:Yes. It’s smith. None of my files will be lost in the move, will they? Caller:No sir. But I’ll check your account just to make sure. What was the password on that account, so I can get in to check your files? Mr. Smith:My password is tuesday, in lower case letters. Caller:Okay, Mr. Smith, thank you for your help. I’ll make sure to check you account and verify all the files are there. Mr. Smith:Thank you. Bye. [- Taken from Melissa Guenther]
Defenses Least Privileges Layered Security Password Policy Access Controls Safe Disposal Physical Removable Device Policy Process Latest Set Up Content Management and filtering Tech Change Management Monitoring Awareness
References http://www.symantec.com/connect/articles/social-engineering- fundamentals-part-i-hacker-tactics https://www.trustedsec.com/ http://en.wikipedia.org/wiki/Social_engineering_(security) http://www.social-engineer.org/se-resources/

Recommended

Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...n|u - The Open Security Community
 
Computer crime
Computer crimeComputer crime
Computer crimeUc Man
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
Phishing
PhishingPhishing
PhishingDeepak Kumar (D3)
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case studyShubh Thakkar
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issuesRoshan Mastana
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet CrimeGerman Teran
 

Recommended

Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...n|u - The Open Security Community
 
Computer crime
Computer crimeComputer crime
Computer crimeUc Man
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
Phishing
PhishingPhishing
PhishingDeepak Kumar (D3)
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case studyShubh Thakkar
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issuesRoshan Mastana
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet CrimeGerman Teran
 
Final Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayFinal Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayCallum Craigie
 
Cyber crime lecture pp update
Cyber crime lecture pp updateCyber crime lecture pp update
Cyber crime lecture pp updateyahooteacher
 
Module vi mis
Module vi misModule vi mis
Module vi misArnav Chowdhury
 
Greendeana unit 8 project cj216 copy
Greendeana unit 8 project cj216 copyGreendeana unit 8 project cj216 copy
Greendeana unit 8 project cj216 copyDee Green
 
Powerpoint
PowerpointPowerpoint
PowerpointMarcelomazzocato
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
Cyber crime against children
Cyber crime against childrenCyber crime against children
Cyber crime against childrenAnchalanshri Dixit
 
Computer crime
Computer crime Computer crime
Computer crimeAnika Rahman Orin
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaDr. Arun Verma
 
Computer Crimes
Computer CrimesComputer Crimes
Computer CrimesIvy Rose Recierdo
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrTushar Rajput
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Computer crime
Computer crimeComputer crime
Computer crimeVinil Patel
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipstephensc
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 
Cyber crime
Cyber crimeCyber crime
Cyber crimePardeep Kumar
 
Code & Creativity
Code & CreativityCode & Creativity
Code & CreativityPeepCode Screencasts
 
La pascua
La pascuaLa pascua
La pascuajuanfelipegarcia
 

More Related Content

What's hot

Final Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayFinal Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayCallum Craigie
 
Cyber crime lecture pp update
Cyber crime lecture pp updateCyber crime lecture pp update
Cyber crime lecture pp updateyahooteacher
 
Greendeana unit 8 project cj216 copy
Greendeana unit 8 project cj216 copyGreendeana unit 8 project cj216 copy
Greendeana unit 8 project cj216 copyDee Green
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaDr. Arun Verma
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrTushar Rajput
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipstephensc
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 

What's hot (20)

Final Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research EssayFinal Copy Cyber Crime Research Essay
Final Copy Cyber Crime Research Essay
 
Cyber crime lecture pp update
Cyber crime lecture pp updateCyber crime lecture pp update
Cyber crime lecture pp update
 
Module vi mis
Module vi misModule vi mis
Module vi mis
 
Greendeana unit 8 project cj216 copy
Greendeana unit 8 project cj216 copyGreendeana unit 8 project cj216 copy
Greendeana unit 8 project cj216 copy
 
Powerpoint
PowerpointPowerpoint
Powerpoint
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crime
 
Cyber crime against children
Cyber crime against childrenCyber crime against children
Cyber crime against children
 
Computer crime
Computer crime Computer crime
Computer crime
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in india
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hr
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenship
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 

Viewers also liked

Redes sociales e internet
Redes sociales e internet Redes sociales e internet
Redes sociales e internet andresdacoca
 
VMM desde PowerShell
VMM desde PowerShellVMM desde PowerShell
VMM desde PowerShellDiego Gancedo
 
Influential Strategies Case Studies
Influential Strategies Case StudiesInfluential Strategies Case Studies
Influential Strategies Case StudiesMichael Teeling
 
7th math -c2--l9--sept7
7th math -c2--l9--sept77th math -c2--l9--sept7
7th math -c2--l9--sept7jdurst65
 
Connecting prototype
Connecting prototypeConnecting prototype
Connecting prototype예인 조
 
CS core presentation
CS core presentationCS core presentation
CS core presentationshilpa447
 
Nova orchestra overview
Nova orchestra overviewNova orchestra overview
Nova orchestra overviewMrIthen
 
Plan De Gestion De Tic
Plan De Gestion De TicPlan De Gestion De Tic
Plan De Gestion De TicJORGE FIGUEROA
 
Exploring Our Solar System Part 1
Exploring Our Solar System Part 1Exploring Our Solar System Part 1
Exploring Our Solar System Part 1guest9a7a6a
 
La Présentation de Jobingenieur
La Présentation de JobingenieurLa Présentation de Jobingenieur
La Présentation de JobingenieurEdineos
 
100 guilherminos haicais_encadeados
100 guilherminos haicais_encadeados100 guilherminos haicais_encadeados
100 guilherminos haicais_encadeadosJosé Marins
 

Viewers also liked (20)

Code & Creativity
Code & CreativityCode & Creativity
Code & Creativity
 
La pascua
La pascuaLa pascua
La pascua
 
07 septima sesion
07 septima sesion07 septima sesion
07 septima sesion
 
Redes sociales e internet
Redes sociales e internet Redes sociales e internet
Redes sociales e internet
 
VMM desde PowerShell
VMM desde PowerShellVMM desde PowerShell
VMM desde PowerShell
 
Influential Strategies Case Studies
Influential Strategies Case StudiesInfluential Strategies Case Studies
Influential Strategies Case Studies
 
7th math -c2--l9--sept7
7th math -c2--l9--sept77th math -c2--l9--sept7
7th math -c2--l9--sept7
 
Em presento...
Em presento...Em presento...
Em presento...
 
Connecting prototype
Connecting prototypeConnecting prototype
Connecting prototype
 
CS core presentation
CS core presentationCS core presentation
CS core presentation
 
Nova orchestra overview
Nova orchestra overviewNova orchestra overview
Nova orchestra overview
 
Plan De Gestion De Tic
Plan De Gestion De TicPlan De Gestion De Tic
Plan De Gestion De Tic
 
三到
三到三到
三到
 
Exploring Our Solar System Part 1
Exploring Our Solar System Part 1Exploring Our Solar System Part 1
Exploring Our Solar System Part 1
 
Romane Galleria Vittorio Emanuele
Romane Galleria Vittorio EmanueleRomane Galleria Vittorio Emanuele
Romane Galleria Vittorio Emanuele
 
Open services
Open servicesOpen services
Open services
 
La Présentation de Jobingenieur
La Présentation de JobingenieurLa Présentation de Jobingenieur
La Présentation de Jobingenieur
 
100 guilherminos haicais_encadeados
100 guilherminos haicais_encadeados100 guilherminos haicais_encadeados
100 guilherminos haicais_encadeados
 
Associatie Willem
Associatie WillemAssociatie Willem
Associatie Willem
 
피피티
피피티피피티
피피티
 

Similar to Social Engineering

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxchrixymae
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing & spamming
Phishing & spammingPhishing & spamming
Phishing & spammingKavis Pandey
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 

Similar to Social Engineering (20)

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Security Primer
Security PrimerSecurity Primer
Security Primer
 
Ethical Hacking Essay
Ethical Hacking EssayEthical Hacking Essay
Ethical Hacking Essay
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptx
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat Landscape
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing & spamming
Phishing & spammingPhishing & spamming
Phishing & spamming
 
Seminar
SeminarSeminar
Seminar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Cyber crime ethics and un ethics
Cyber crime ethics and un ethicsCyber crime ethics and un ethics
Cyber crime ethics and un ethics
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

Social Engineering

  • 1.
  • 2. Agenda What is it? Real life cases Traits Exploited Phishing Methodology Scenarios Tricks of the Trade Physical Pen testing? Defenses Demo!
  • 3. Watch it! Human Link is the weakest in the Security Chain Perception Authority, Slow Response, Fear & Anxiety http://www.youtube.com/watch?v=q7V4U2RUaeg&feature=related Hackers Mentalist Rockford Files James Bond!
  • 4. Engineering the Socials & The Rest Manipulation of Human Trust (and Traits) to elicit information. This could be further used to directly/indirectly steal data, identity, money, etc., get access to systems, further manipulate others, for financial gain or otherwise. A combination of the standard security checks was identified by engineering and ethically manipulating the processes, trust levels and human aspect of day to day operations in the company. Modes: • Human Based • Computer Based
  • 5. Traits Exploited[Generally.. ;P] Helplessness Through Guilt Situations Anxiety Urgency Fear[Authority] Impersonation- Partially Known Factors Trust Persuasion Moral Duty Request Helpfulness Orders/Demand Cooperation .. Delegated Responsibility Technology[Modems, Malware, OSINT, Exploits, Phishing, Spoofing, Websites, other computer based techniques and Help Desk ;) ]
  • 6. Phishing - Vishing 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond Phone Phishing (IVRs) A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. (courtesy – Wikipedia)
  • 7. Barge In! Fake ID Fake Authorization Letter Uniform? Recorder Videos Bag? Suit Up!
  • 8. Target Asset Identification – Information? No I don’t have a Gun Diversion theft - "going straight out" or "urgently required somewhere else". Passive - Tailgating, Eavesdropping, Shouldersurfing Baiting Cold Calling Backdoors, Rootkits, keyloggers Device!
  • 9. Catch Me if you can Frank Abegnale Vistor Lustig Kevin Mitnick Badir Brothers – Again Mike Ridpath
  • 10. Frank William Abagnale Notorious in the 1960s for passing $2.5 million worth of meticulously forged checks across 26 countries over the course of five years, beginning when he was 16 years old He attained eight separate identities as an airline pilot, a doctor, a U.S. Bureau of Prisons agent, and a lawyer. He escaped from police custody twice (once from a taxiing airliner and once from a U.S. federal penitentiary
  • 11. Cases Lustig had a forger produce fake government stationery for him Invited six scrap metal dealers to a confidential There, Lustig introduced himself as the deputy director-general of the Ministry of Posts and Telegraphs. Lustig told the group that the upkeep on the Eiffel Tower was so outrageous that the city could not maintain it any longer, and wanted to sell it for scrap. Due to the certain public outcry, he went on, the matter was to be kept secret until all the details were thought out. Lustig said that he had been given the responsibility to select the dealer to carry out the task. The idea was not as implausible in 1925 as it would be today. Later, Lustig convinced Al Capone to invest $50,000 in a stock deal. Lustig kept Capone's money in a safe deposit box for two months, then returned it to him, claiming that the deal had fallen through. Impressed with Lustig's integrity, Capone gave him $5,000. It was, of course, all that Lustig was after
  • 12. Cases Contd.. 1st Source Information Specialists Illinois became the first state to sue an online records broker when Attorney General Lisa Madigan sued 1st Source Information Specialists, Inc., on 20 January, a spokeswoman for Madigan's office said. The Florida-based company operates several Web sites that sell mobile telephone records, according to a copy of the suit. The attorneys general of Florida and Missouri quickly followed Madigan's lead, filing suit on 24 and 30 January, respectively, against 1st Source Information Specialists and, in Missouri's case, one other records broker – First Data Solutions, Inc.
  • 13.
  • 14. Involves - C*****S**** Physical Security [Dumpster Diving, Shoulder surfing, Eavesdropping, stealing in Remote Devices, covert entry/exits] impersonation , dressing, IDs, badges, etc] Perimeter Security General Intelligence Emails, Phishing, Websites, OSINT[social networks, forums, portals, public knowledge] Research Social Engineering ;) .. TRUST
  • 15. Scenarios - 1 Social Engineering “They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. ” LUCK You have won “ 100000$”!
  • 16. what I call a chain reaction Mr. Smith:Hello? Caller:Hello, Mr. Smith. This is Fred Jones in tech support. Due to some disk space constraints, we’re going to be moving some user’s home directories to another disk at 8:00 this evening. Your account will be part of this move, and will be unavailable temporarily. Mr. Smith:Uh, okay. I’ll be home by then, anyway. Caller:Good. Be sure to log off before you leave. I just need to check a couple of things. What was your username again, smith? Mr. Smith:Yes. It’s smith. None of my files will be lost in the move, will they? Caller:No sir. But I’ll check your account just to make sure. What was the password on that account, so I can get in to check your files? Mr. Smith:My password is tuesday, in lower case letters. Caller:Okay, Mr. Smith, thank you for your help. I’ll make sure to check you account and verify all the files are there. Mr. Smith:Thank you. Bye. [- Taken from Melissa Guenther]
  • 17.
  • 18. Defenses Least Privileges Layered Security Password Policy Access Controls Safe Disposal Physical Removable Device Policy Process Latest Set Up Content Management and filtering Tech Change Management Monitoring Awareness
  • 19.