We all trade passwords, PIN codes, Credit cards numbers. Just a "small" sacrifice for the convenience it causes. Why not tell it all that to a "genuine" looking person so that we had the comfort of portability while being outside?? And then we soon wipe that single incident off. Sounds similar?? Let’s have a closer look.
Picture this; A Big Bazaar cashier innocently takes your ATM card to other processing holder (not present on his booth). He offers you to tell him the pin no. to speed things up for you as "obviously" the queue is long. W/o blinking, you tell him the PIN for the time being and voila ! your checklist is cleared !! Both of you are happy & satisfied. Later you forget that incident. Coming out of the mall you search you pocket and get surprised that the ATM containing wallet is not there. By the time you inform bank to freeze the card withdrawal, things are already over. The "installed" pick-pocketer overhearing your conversation has already swiped out your hard earned money.
Welcome to "Social Engineering". The weakest security link which concerns playing with human psychology to get the confidential details out of him by appearing to be "genuine and concerned".
A broad survey showed that even in developed economies like UK,US, 75% of citizens were willing to share their online web passwords in exchange of a free pen. Consider the consequences for India, where "Most profit with least amount of work" mentality happily buys "social engineering".
How to get maximum output from the Reliance-to-Reliance FREE talk plan??. Talk 24 hours non-stop !! Think again!! My personal experience has it otherwise. Along with my clever friends, we devised an ingenious way to fill our stomachs in our graduation days. We use to befriend a canteen serving boy to have him talk for free through our Reliance phone to his village. He happily agreed to bring in extra Samosa’s or cold-drinks when our crowd was huge and bills ran up high. For price of few items, we used to get almost double the food. Need I say anymore??
Obviously, in world of computing, threats like phishing, spoofing, and malicious morphing are too based on the basic fundamental undertones of Social engineering. Somebody may also use this heavily to defame the reputation or to break confidence of an individual or an organization. Consistent victims of social engineering malice are typically growing up teens or small children who are lured into adopting this technique as a easy bypass to shoulder their responsibilities if not timely checked or disciplined by adults. We may consider the classical case of famous hacker Kevin Mitnick who used social engineering as his surviving tool due to his troubled childhood. After his imprisonment, he came out as a much better person. His book on social engineering continue to be the hallmark of the subject matter to this day.
Voting for your favorite star, sport, celebrity icons coming from unidentified numbers also raise the serious question of privacy intrusion and misguidance. Sometime back, people happily voted for KBC serial SMS which were in fact a private company quietly retrieving the customers’ phone numbers for their marketing and sales publicity. In each SMS, the offer was that the more you spread the same SMS to your friends; relatives etc., more stronger will be your chances of getting a call from KBC (which in reality had no connection whatsoever). A link also contained a flashing offer for one of their advertised products.
It has also became an indispensable technique for industrial espionage as well. For getting sensitive information like passwords through planted "troubled" customer calls through a "genuinely" sounding situation works like a "messiah's" gift to the competitors in cut-throat competitive corporate world.
Hence we see that social engineering not only is a serious threat but also the inherent human weakness for misperception of human mind to guess the true motive of the standing individual. Perhaps, there may be no perfect solution to that; but yes, as always experience, awareness and education are the strongest elements that aid strength to this weakest security link to great extent.
3 comments:
Well written Manas...
Pointed out the right things. I liked most the Reliance mobile-Canteen episode.
Nice article manas,
Thats true manas.. we indians got the technology but many of us are not really aware hoe to use it properly and safely..and nobody take these threats so seriously and suffer later. There should be more
Post a Comment