What's New: Social Engineering Dupes Users

Out to show the ease of breaking into networks via "social engineering," a London firm convinced dozens of workers to load a CD-ROM on their office computers. The Training Camp, a consulting and training firm, handed out 100 CDs promising the chance to win a free vacation if the user would run load the CD on their computer. When run, the CD opened a web browser that accessed a special web site, which the firm used to track which computers ran the program. They even put a warning on the CD label for users to check their firm's security guidelines before running the CD. The firm claims that employees at two prominent insurance companies and a bank were among the people duped.

Social engineering is the technique of trying to bypass a network's security layers by getting humans to bypass the security for the malicious user. Another example would be a "repair technician" who shows up to "work on the boss's computer, since he's complaining it's down again." If the cracker lucks out, the office manager waves him or her on in, possibly even providing a login and password.

Monday, Mar 13, 2006 03:15 pm CST

Tell a friend about this news item!

Return to the article list...