Friday, September 01, 2006

Social Engineering

Seven years ago on a April day I made my debut on the Internet on a WebTV unit. In those seven years I have seen so many changes on the Internet to where it would be pointless for me to even try to sort it all out, and make them a part of this post.  I kept my WebTV unit for eight months, and purchased a computer in December of the same year.  Computers have come a long way in those seven years.  So has the users that joined me online.  I welcome you all aboard this information highway. 
Has anyone ever explained to you what Social Engineering is?  Probably not.  Most don't even like those two words.  For those of you that don't know me too well I run a computer list that has almost 300 members.  I have had this list  since 2001.  They are a great bunch of people.  Occasionally you will have a stray on these list that has no clue.  They know how to turn their computer on, check their e-mail, and click a link to a website.  This is all they know.  They may of been online for a few weeks, months, and some even years.  They just happen to come across my list, or a friend or family member points them in my direction.  We have discussions, that sometimes will floor these type members, and one of those discussions is Social Engineering. 
Why would I bring such a subject up?  Someone has too.  A majority of your computer users have no clue.  For some reason a few think that if you own a website, or a IRC channel, etc... You are special online.  You are important.  What a website is offering, or asking for is legit.  The person behind the website is high up their ranks online, so therefore what a website would say, ask of me, tell me to do, is the utmost important. 
Come down out of the clouds...
Grandma has a website online.  So do children, stay at home moms and dads, Uncles, Aunts, you name it they are online.  Behind every website is a person, or persons.  They may have your interest at heart, or they may be only thinking of themselves.  They can be helpful, or be thieves. They could be out to destroy your computer.  They could be online to help you fix your computer, or to protect it.  Either way, the Internet is the same as if you was walking down the street.  You don't know whom is walking in front of you, or behind you.  They could be a pedophile, thief, robber, the list goes on.  The Internet is no different.
So what does Social Engineering have to do with the Internet?
Social Engineering affects every man woman and child in some way regardless if you are on the Internet or at home, and work. It has no boundaries on age. It's a person's instinct of how they react to social interaction when they are confronted by a individual or not. It can also be human error. You could possibly be a part of it, or a victim of it. It could be a subconscious reaction, or conscious to know what is going on is wrong, but not know what to do about it. You could be very oblivious to what is or has happened to you also. Most of the time you have no clue till it is too late. It can play with emotions too in order to get a certain response from an individual. With the Internet Social Engineering can play havoc with a Internet Business, and consumers alike. If you think you can run to your favorite IT and have a conversation about might succeed. But you could also fail. Most ITs don't want to discuss the subject because the very way instincts of human nature play a role in this, and to say that a employee won't answer a question that is not so innocent as it sounds is just as bad, because remember the IT just spent days securing the workstations, or the networks, now all of his/hers efforts are down the drain because of a simple question was asked by a stranger on the phone. So lets really say what social engineering is. It is no more than a con artist out to profit from information that they can gather anyway they can as long as it produces the results/information they are after. But the hardest reality for some to accept is that Social Engineering can also prey on your ignorance.
Is there protection out there?
Yes and no.  If anyone tells you any differently then run!  You can be stingy when it comes to the software you allow to be downloaded and installed on your computer.  You can be picky to what e-mails you open and read.  If your personal information is being sought after... back off and ask yourself if they have a real legit reason for asking for it.  Emails are not, and never have been a legit reason for asking for your personal information. Never click on the links in these type e-mails.  You are never destined to have to accept a certain software either.  The Internet is a market just like your neighborhood grocery store.  In this Internet market are many vendors trying to get your business.  You do not have to accept the first offer you come across. This is how many get burned.  They also get burned for the simple fact they don't read those End Users Licenses.  You know, those I accept agreements that read like a book when you first download and go to install a software.  Or those websites that put up policies like the privacy policies,  Terms of Use, etc.  I am sure if you read some of these you would be totally surprised.  Don't forget also your Instant Messenger chats.  IRC is another.  Social Engineering is two fold.  It has a person on one end carring out the scheme, and a person on the other end to be schemed.  So the individual on the Internet has always got to be aware of what is going on.  This is where many fail.  Plus this is why there is no clear cut 100% way to prevent it from happening.
As I have always said...
"Just use common sense online, you sure wouldn't give a total stranger your personal info on the street... neither would you hand your child over to a total stranger.  Plus you wouldn't let a total stranger place their belongings in your home. Why would you let them online?"


No comments: