Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.

The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.

Examples of techniques employed by hackers include:

  • Unobtrusively observing over your shoulder as you key in your password or PIN.

  • Calling helpdesks with questions or being overly friendly

  • Pretending to be someone in authority.

Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.

By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.

  • Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.

  • Conduct regular security awareness training so that all staff are kept up to date with security related issues.

  • Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.

  • Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.

  • Put an information classification system in place to protect sensitive information.

Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.

About The Author

Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.

www.a2solutions.co.uk, raylward@a2solutions.co.uk

In The News:

WKRG-TV
Brenner: Social Security off limits to most creditors
Newsday, NY - 1 hour ago
If I elect to start to receive my Social Security benefit, will I get the check, or will the Internal Revenue Service take it to pay down my debt? ...
Thousands may lose out on stimulus checks Salt Lake Tribune
Time is running out to get your stimulus Concord Monitor
The time is near to end 2007 tax extension procrastination Ventura County Star
TMCnet - KSL-TVall 208 news articles

Think Progress
Time works against candidates on Social Security, Medicare fixes
The Miami Herald, FL - 2 hours ago
By DAVID LIGHTMAN AND KEVIN G. HALL WASHINGTON -- Social Security and Medicare long have been considered the nation's fiscal time bombs, and the ticking is ...
Obama offers the better plan on Social Security Pueblo Chieftain
Elders' self-interest is to vote for Obama Newsday
Miller: Questions on retirement for the debate Daily News Tribune
Vineland Daily Journal - DesMoinesRegister.comall 36 news articles

ABC News
Are 401(k)s Still Viable
Washington Post, United States - 7 hours ago
Until three decades ago, Social Security and pensions, formally known as defined-benefit plans, were the main sources of retirement income. ...
House Democrats contemplate abolishing 401(k) tax breaks InvestmentNews
Americans Look to Next Administration for Help in Achieving a ... MarketWatch
Statement Shock Hits 401(k)s Wall Street Journal
Online Athens - Sarasota Herald-Tribuneall 630 news articles

Booming global demand for security products prompts Global Sources ...
MarketWatch - 5 hours ago
Security Products Pavilion at China Sourcing Fair: Electronics & Components to expand into new show at AsiaWorld-Expo Oct. 12-15, ...

Fresh News
Taleban killed in Afghan battles
BBC News, UK - 2 hours ago
Dozens of Taleban militants have been killed by security forces in fighting in southern Afghanistan, according to Afghan and British officials. ...
NATO Air Strikes Kill 64 Militants in Southern Afghanistan Bloomberg
At least 60 militants killed in Afghan strikes Radio Australia
Afghan battles kill more than 100 CNN International
Javno.hr - PRESS TVall 308 news articles

Backlog jam grows for Social Security
Minneapolis Star Tribune, MN - 8 hours ago
He waited about two years for his Social Security disability benefit claim to be resolved. His wife, Linda, returned to work full time to see them through. ...

The Associated Press
Envoy: US-Iraq Security Pact Pertains to Iraqis
Fars News Agency, Iran - 19 hours ago
Speaking in an interview by the Los Angeles Times, he noted the security pact is one-sided and emphasized the US should respect Iraq's internal affairs. ...
Iran opposes US-Iraq security deal The Associated Press
Wars without end Cobar Age
US-Iraq security pact a "pure Iraqi issue": Iran's Ambassador Payvand
Tehran Times - International Herald Tribuneall 317 news articles

US Security Agency operators eavesdrop on Americans abroad
Press Trust of India, India - Oct 9, 2008
New York, Oct 10 (PTI) The US' National Security Agency's (NSA) intercept operators spent their time eavesdropping on saucy conversations between Americans ...
No harm, no law broken? Augusta Chronicle
NSA SPIED ON RED CROSS AND INNOCENT AMERICANS American Chronicle
Inside Operation Highlander: the NSA's Wiretapping of Americans ... Wired News
CNET News - Islam Onlineall 145 news articles

Boston Globe
New voters boxed out already
Denver Post, CO - 3 hours ago
Would-be voters who used their Social Security numbers as identification, yet didn't check a box stating that they don't have a Colorado drivers license or ...
Forum: This year's soccer moms Traverse City Record Eagle
Today on the presidential campaign trail The Associated Press
Colorado to Review How It Purges Voters’ Names New York Times
Delmarva Daily Times - News & Observerall 685 news articles

RNC Announces New Security Measures Following Violence & Vandalism
MarketWatch - 16 hours ago
We are making this investment in protective security because our staff and volunteers deserve to know they are safe as they work to elect the next President ...
security - Google News

Is Spyware Watching You?

Imagine my surprise when I received a phone call from a friend who told me... Read More

Anti-Spyware Protection: Behind How-To Tips

There is no doubt that "how-to articles" have become a separate genre. One can find... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005 issue of Booster's Auction News,... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same password for more than one... Read More

Identity Theft - Dont Blame The Internet

Identity theft ? also known as ID theft, identity fraud and ID fraud ? describes... Read More

Spy Scanners ? Don?t Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually called. These are scouts that... Read More

A Basic Introduction To Spyware

Spyware is the most troublesome software to appear on the Internet in recent times. When... Read More

If You Steal It, They May Come!

Business on the internet is getting down right shameless. This week, my email box was... Read More

How To Cover Your Tracks On The Internet

Every single time you access a website, you leave tracks. Tracks that others can access.... Read More

How Free Scripts Can Create Security Problems

With the Internet entering our lives in such an explosive manner, it was inevitable that... Read More