Now you might think that the single most important step of hacking is to get into the target’s device, account, or network, and the like. But you would be wrong, because the absolute most important step is to actually get into the target’s mind. The human brain has been called the most advanced computer in existence, and it too, unfortunately, has weaknesses. This is where social engineering is played by hackers. Simply put, social engineering is the attempt to gain information by playing with the target’s psychology. Human psychology, as part of our evolution, is wired to trust. This is the loophole that is hacked by attackers. Social engineering can take on many forms, some of which will be explained below.
In an office environment, an attacker might pose as an insider by wearing uniforms or even badges (those scenes you see in movies, they’re real!) Some might pretend they’re employees, while other may pretend they’re an employee from the electrical, plumbing, or any outside company, among the many other ways.
Two of the most valuable ally of a social engineer are cigarettes and dumpsters. Yup, you read that right. A social engineer can pose as just another smoker from inside the building, when he/she is in fact a trespasser. This engineer can use the conversation being held during cigarette breaks to build trust. The engineer then pretends to having forgotten the access key, and is thereby let in by other employees. This practice is known tailgating.
Dumpsters often provide critical and confidential information about a target, as not many people consider the consequences of carelessly disposing of highly sensitive material. Bank accounts, names/usernames and passwords, address, telephone number, family members’ name are ripe for the taking for the dumpster divers. The act of dumpster diving is completely legal around the world since no rule outlaws it.
Written by Charottama Oshmar and Adrian Alexander