Social Engineering »Introduction - Methods - Strategies

Social Engineering »Introduction - Methods - Strategies

Social engineering is in short "the art of penetrating the minds"

Before I start with you today, let us first understand why we need social engineering in our technical life, and if you are interested in information security and hacking!

Let us first look at defining the digital hack in its simplest form:

Digital hacking means exploiting the gaps in the digital system "site or application" in order to enter the illegal system and achieve goals that differ from the normal course of the system.

Let's simplify a few examples ...

Example (1)

A bank site, which aims to protect depositors' accounts while providing a secure environment to deal with their accounts, and the penetration of the bank means illegal entry to those accounts and manipulation.

Example (2)

A government site whose objective is to communicate with the people of the city or town, or to present a presentation of the activities of the governmental institution. The site is often penetrated by a member of the city, the "governed" or the hostile parties. Which is called Bal Hactivism

When a hacker hacks a Web site, the first step is to discover the gaps by which you can access the "survey" site. After the gaps are discovered and access is achieved, "Building the Relationship and Crossing the Bridge of Trust" seeks to achieve the goals for which you infiltrated, such as stealing information or sabotage Or leave messages to the officials of the site or visitors, or leave Trojan on the site helps you to enter the site at any time and control it .. Etc

This is not limited to penetrating the sites, but also to penetrate the devices and digital networks and the most recent incidents in this area was the CIH virus

But what does all this have to do with social engineering !!!

Far from the complexities of terms and definitions, social engineering is the art of penetrating minds, let us agree on this point first, because it is the basis of the record today.

The beginnings of computer programming were simple calculations performed by the computer, and then evolved into more complex processes, to reach the most advanced stages of technology is artificial intelligence or simulation of the human mind.

These simulations differ from one system to another. for example :

Log in to the sites: It was done manually in the beginning by entering the user name and password and then send it to the member to be able to login.

Things have evolved and the registration in the database is digitized without human intervention "degree of artificial intelligence" to enter your data and the password and user name are sent to you via e-mail.

Things have evolved and it is possible to protect the recording platform from penetration by making sure the symbols or numerical equations "we call captcha

Things later evolved to prevent the user from trying to register incorrectly more than 5 times. In order to avoid attempts to penetrate the control panel.

All these stages of evolution are based on the human mind and simulation. My brother, you should remember that those who programmed digital systems are human minds. Thus, your penetration of the social system depends on 75% of your understanding of the human mind and ways of thinking, and 25% on your mastery of technical matters. Hence the names of social engineering and reverse engineering.

Definition of Social Engineering:

Social engineering or so-called brain-breaking art is a set of techniques and engineering methods used to make people do something or give away confidential information.

If we apply this digit we will find two ways:

The first is to exploit the technical support gap, to connect with the human mind and penetrate it to obtain information that facilitates the penetration of the digital system. Such as passwords.

The second way is to study, analyze and dismantle the digital system to understand the nature of its design "based on understanding the thinking of the programmer" and then detect the gaps and penetrate the system.

Methods of Social Engineering:

There are many strategies and strategies in the penetration through the use of social engineering, for example:

Use of phone calls: The hacker impersonates someone and makes a phone call with technical support for some information that is useful in the implementation of the penetration.

Search in the Trash: You often find useful information about the victim or the digital system If you search the trash, you may find personal data to help you use the telephone call, or be lucky to find passwords or signatures in one of the printed papers that were torn and thrown in a basket Trash.

Persuasion: An advanced level and magic method in implementing social engineering breakthroughs, such as flattering the target or victim and persuading him to give you confidential information that will not be disclosed in normal circumstances.

The above is nothing more than an introduction that has never before been in a series of detailed posts on social engineering and reverse engineering, but it is not all.