Monday, August 2, 2010

Hacking Humans: The Art of Social Engineering

In broad terms, Social Engineering is the collection of practices – ranging from negotiation through deception all the way into threatening – used to get other people to do what we want. In that sense, we are all "social engineers", sporting varying degrees of expertise and diverse brands of ethics. In an Information Security context, however, the definition is often narrowed to the practice of fooling people into surrendering sensitive information about a system, facilitating later computer-based exploits. As was demonstrated in the latest DEF CON, this can be a very effective penetration tool, to the point where actual computer hacking skills become secondary.

Social Engineering: Expl()iting Human Vulnerabilities is a website dedicated to the study and documentation of Social Engineering. It is mainly meant as a resource for InfoSec professionals and security-conscious users – but it really is of interest to everyone, as the Internet is far from being the only place where scammers and con artists are likely to be found. Among the site's sections, two of special interest are the blog, which illustrates the use of Social Engineering best practices in daily life; and the Framework section, which provides a systematic documentation of Social Engineering techniques.