Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering: The Human Element of Computer Security

Published byAldous Golden Modified over 7 years ago

Similar presentations

Presentation on theme: "Social Engineering: The Human Element of Computer Security"— Presentation transcript:

1 Social Engineering: The Human Element of Computer Security
Presented by Amjad Omar

2 A Quote from Kevin Mitnick
“You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old- fashioned manipulation.”

3 What is social engineering?
. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. Psychological manipulation Trickery or Deception for the purpose of information gathering

4 What is social engineering?
It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information

5 What are they looking for
Obtaining simple information such as your pet's name, where you're from, the places you've visited; information that you'd give out freely to your friends.

6 What are they looking for
Take a close look at some of the 'secure' sites you log into. Some have a 'secret question' you have to answer, if you cannot remember your username or password. The questions seem pretty tough for an outsider looking into trying to hack into your account. What's the name of your first pet? What is your maiden name? When was your mother/father born? Where were you born? Do these sound familiar?

7 Types of “hackers” according to Kevin Mitnick
Crackers (or vandals) Script kiddies Phone phreaks Social engineers

8 A Classic (and real) Example
Stanley Mark Rifkin defrauded the Security Pacific National bank in LA in 1978 Managed to steal $10,200,000 in a single social engineering attack

9 Tactics Pretexting – Creating a fake scenario
Phishing – Send out bait to fool victims into giving away their information Fake Websites – Molded to look like the real thing. Log in with real credentials that are now compromised Fake Pop-up – Pops up in front of real web site to obtain user credentials

10 Example Chase bank

11 Example Chase bank

12 Types of Attacks Phishing Impersonation on help desk calls
Physical access (such as tailgating) Shoulder surfing Dumpster diving Stealing important documents Fake software Trojans

13 Phishing Use of deceptive mass mailing
Can target specific entities (“spear phishing”) Prevention: Honeypot addresses Education Awareness of network and website changes

14 Impersonation on help desk calls
Calling the help desk pretending to be someone else Usually an employee or someone with authority Prevention: Assign pins for calling the help desk Don’t do anything on someone’s order Stick to the scope of the help desk

15 Physical access Tailgating
Ultimately obtains unauthorize building access Prevention Require badges Employee training Security officers No exceptions!

16 Shoulder surfing Someone can watch the keys you press when entering your password Probably less common Prevention: Be aware of who’s around when entering your password

17 Dumpster diving Looking through the trash for sensitive information
Doesn’t have to be dumpsters: any trashcan will do Prevention: Easy secure document destruction Lock dumpsters Erase magnetic media

18 Stealing important documents
Can take documents off someone’s desk Prevention: Lock your office If you don’t have an office: lock your files securely Don’t leave important information in the open

19 Fake Software Fake login screens
The user is aware of the software but thinks it’s trustworthy Prevention: Have a system for making real login screens obvious (personalized key, image, or phrase) Education Antivirus (probably won’t catch custom tailored attacks)

20 Trojans Appears to be useful and legitimate software before running
Performs malicious actions in the background Does not require interaction after being run Prevention: Don‘t run programs on someone else’s computer Only open attachments you’re expecting Use an antivirus

21 Trust Model

22 Attack Model

23 Protecting Yourself A security aware culture can help employees identify and repel social engineering attacks Recognize inappropriate requests for information Take ownership for corporate security Understand risk and impact of security breeches Social engineering attacks are personal Password management Two factor authentication Physical security Understand what information you are putting on the Web for targeting at social network sites Google Twitter MySpace Facebook Personal Blogs LinkedIn

24 Responding You’ve been attacked: now what?
Have a place to report incidents People need to take responsibility Conduct audits

25 Other Thoughts What damage has been done? What damage can still be done? Has a crime actually taken place?

26 Questions?

27 References Mitnick, K (2002): "The Art of Deception", Wiley Publishing Ltd: Indianapolis, Indiana; United States of America. ISBN Social Engineering, security)

Download ppt "Social Engineering: The Human Element of Computer Security"

Similar presentations

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social Engineering: The Human Element How Does Social Engineering Work and to What Purpose? Chuck McGann.

Social Engineering: The Human Element How Does Social Engineering Work and to What Purpose? Chuck McGann.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.

Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,

The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.

Similar presentations

Ads by Google