social engineering by rakesh nagekar
TRANSCRIPT
![Page 2: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/2.jpg)
![Page 3: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/3.jpg)
What is Social Engineering
“The act of manipulating people into performing actions or divulging confidential information..”
Wikipedia (also sourced on social-engineer.org)
![Page 4: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/4.jpg)
Origin of “Social Engineering”
Social Engineering this word came in the year of 1894 by a Dutch guy.
Social Engineering is there 100 years ago also.
The person who do Social Engineering we call as Conn Artists
![Page 5: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/5.jpg)
Some Popular Conn Artists in 20th Century
![Page 6: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/6.jpg)
Victor Lustig
The person who sold the Eiffel Tower number of times.
Used current events.
He made a deal with Scrap Dealers, selling the structure to them for $40,000.
An extremely good deal for buyers – too good to be true
![Page 7: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/7.jpg)
Hotel Ritz
![Page 8: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/8.jpg)
Social Engineering 40-50 years ago
![Page 9: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/9.jpg)
Frank Abagnale Jr
![Page 10: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/10.jpg)
Frank Abagnale Jr
Fake pilot arrested in cockpit.
He acted as a Lawyer, Doctor and pilot.
Abagnale’s cons were often check frauds.
Did it will work today ?
![Page 11: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/11.jpg)
Social Engineering in 20th Century
![Page 12: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/12.jpg)
Kevin Mitnick
20 years ago person named “Kevin Mitnick” brought social engineering in IT security.
He is an American Security Consultant, author, convicted criminal and Hacker.
According to US department of justice, Kevin gained unauthorized access to dozens of computer networks.
![Page 13: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/13.jpg)
Weakest Link
People are the largest vulnerabilities in any network
Social engineering is based on decision making of human being
![Page 14: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/14.jpg)
Motivation
There are variety of motivations exists which includes,
Financial Gain
Self-Interest
Revenge
External Pressure
![Page 15: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/15.jpg)
Cycle of Events
It consists of 4 phases
Information Gathering
Developing Relationship
Execution
Exploitation
![Page 16: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/16.jpg)
Information Gathering
“If you know the enemy and know yourself you need not fear the results of a hundred battles”
-Sun Tzu
![Page 17: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/17.jpg)
Cycle of Events
Information Gathering A Variety of techniques can be used by an aggressor to
gather information about the target(s). Once gathered, this information can then be used to build a relationship with either the target or someone important to the success of the attack.
Developing Relationship An aggressor may freely exploit the willingness of a
target to be trusting in order to develop rapport with them. While developing this relationship, the aggressor will position himself into a position of trust which he will then exploit
![Page 18: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/18.jpg)
Cycle of Events
Exploitation
The target may then be manipulated by the ‘trusted’ aggressor to reveal information (e.g. passwords) or perform an action (e.g. creating an account or reversing telephone charges) that would not normally occur. This action could be the end of the attack or the beginning of the next stage.
Execution
Once the target has completed the task requested by the aggressor, the cycle is complete.
![Page 19: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/19.jpg)
How Social Engineering is accomplished
Telephone
Online
Dumpster Diving
Shoulder Surfing
Reverse Social Engineering
Persuasion
![Page 20: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/20.jpg)
How Social Engineering is accomplished
Telephone
Using telephones to contact individuals of a company to persuade them to divulge in confidential information.
Online
Persuading or gathering information through the use of an online chat.
Dumpster Diving
Looking for information discarded by a company employees.
![Page 21: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/21.jpg)
How Social Engineering is accomplished
Shoulder Surfing Simply looking over someone’s shoulder while they are using a
computer.
Reverse Social Engineering This is a more advanced method of social engineering and is
almost always successful.
Persuasion Persuading someone to give your confidential information
either by convincing them you are someone who can be trusted.
![Page 22: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/22.jpg)
Biases
Biases are nothing but the deviations from a standard of rationality or good judgments.
There are many types of biasing, but these five are important ones:
Pretexting
Phishing
IVR or Phone Phishing
Baiting
Tailgating
![Page 23: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/23.jpg)
Preventive Measures
Organizations must, on an employee/personnel level, establish frameworks of trust. (i.e., When/Where/Why/How should sensitive information be handled?)
Organizations must identify which information is sensitive and question its integrity in all forms. (i.e., Social Engineering, Building Security, Computer Security, etc.)
Organizations must establish security protocols for the people who handle sensitive information. (i.e., Paper-Trails for information disclosure and/or forensic crumbs)
![Page 24: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/24.jpg)
DEMO
![Page 25: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/25.jpg)
![Page 26: Social Engineering By Rakesh Nagekar](https://reader036.vdocument.in/reader036/viewer/2022062419/55a5f3501a28abdd3d8b4769/html5/thumbnails/26.jpg)