And people say social engineering isn't a hack....
Got this link from the CryptoGram:
http://seattletimes.nwsource.com/htm...7_scam07m.html
Seems that Washington is having some problems with ID theft through social engineering.
Printable View
And people say social engineering isn't a hack....
Got this link from the CryptoGram:
http://seattletimes.nwsource.com/htm...7_scam07m.html
Seems that Washington is having some problems with ID theft through social engineering.
That's no hack. Interesting news that the employee could be duped so easily, though. :thumbsup:
its manipulation, not a hack. i usd it to get threw high school, LOL
Good to know my almost maxed out credit cards are good for something...lol. I don't ever have to worry about someone accomplishing anything with a credit card they stole from me!!
;)
haha so true, I got a visa buxx card, only $75 on it... not enough to do any *real* harm... but I don't think social engineering is a hack, like SarinMage said, Manipulation. :)
Then what is a hack? Isn't it just manpulating a machine to get it to do what you want?Quote:
its manipulation, not a hack
no maipulation isent hacking, it requires more of a.... i dunno.,.... presence i guess you would cal lit. hacking is more like looking for holes or solveing a problem than manipulating things (although it INCLUDES manipulating things)
I see hacking as making a system do something it wasn't supposed to do, and this leads to indepth knowledge of the system (eventually). Social Engineering is simply understanding the human mind enough to cause it to change its course of action (do something it wasn't supposed to be doing), in this aspect hacking and social engineering are very alike. Both lead to increased knowledge.
Not on manipulation or hacking argument but,
You have to admit, it takes skill to socially engineer people like that. And hell, how that guy did it is pretty smart you have to admit, I might have even fallen for it. But anyway, that is just my 2 cents.
social engineering is one of the oldest methods of "hacking".....and yes it is a hack.
I don't think that really takes any skill, it is pretty funny, but no skill, so I'd have to say naaaaah, no hacking there just taking advantage of a situation and some poor chaps that aren't secure w/ their own, or others' personal info. Really funny tho~, heh heh.
I definitely believe social engineering takes skill. You have to manipulate the other person to do what you want. However, I disagree that it is a hack. It can be used to gain information for hacking, but I think it is more mental.
It definately takes some degree of skill to successfully use social engineering. What people define as a hack varies from person to person.Ok then by your definition, it was a hack. This person was looking for holes for possible exploitation, found one, and took advantage of it. Call it what you will but it's still hacking, even by your own definition.Quote:
hacking is more like looking for holes
Isn't that, in a sense, what a hack is? Taking advantage of a situation for personal gain, knowledge, or for what ever reason. Whether you agree or not, it dose take skill.Quote:
no hacking there just taking advantage of a situation and some poor chaps that aren't secure w/ their own, or others' personal info.
Remote_Access_
I wouldn't regard social engineering as hacking - but thats just my own view and I can see where other people are comming from that say it is......but anyway thats getting off the thread topic :)
It used to be fairly wide practice in my home town for cashiers in small shops to note down credit card numbers from backs of cheques and then use the number to top up their mobile phones - this has since been stopped as all the major networks make you register your credit card with them so that you can only top up your own phone with them but for a while I had a few friends who noticed small amounts going missing from their accounts to top up phones only completely different networks than their own >_<
v_Ln
Is running a scipt considered hacking? Most script kiddies would say it is? I think social engineering takes a LOT more skill then searching google for the latest version of Sub7 (although a lot of people haven't figured that one out yet).
i think it is called wetware hacking. computer is not the only thing that can be hacked.
Well now, allright, skill, but not anymore, atleast in this case, than identifying an extremly niave person and preying on them. I personally, do not consider that skill. Give me a good example of social engineering and I'll probably agree w/ you, but not in this case Access.
I don't think the kiddies are hackers either, soulman, but I would put this bit of social engineering, just a small notch above 'em.
It just shows now more than ever that you cannot. trust anybody. You need to know your surroundings, in this case the cashier.
I believe that social engineering the one of the biggest problems for us IT Security folk. I reckon that I could socially engineer myself just about anywhere.
You can have all of the firewalls, IDS's, Access Lists... and it still isnt going to stop some dumb arse letting an unauthroised person into your comms room and start playing around, and no matter how much you try and educate your users, there will always be that one dumb arse.
Social enginering is a hack. It is manipulating a person into them giving you what you want. Just like manipulating a box into doing a desired action. Kevin Mitnick is proof that the government beleive that this is a form of hacking. People are most times more easy to manipulate then the machines on which they work. A few issues ago 2600 had a very nice article on Network Profiling and it went into social enginering. I found it very informative. I'll reply with the issue number when I return home as I am sitting in Visual C++ class in my high school.
social manipulatin is jsut having really good people skills, its not necessaraly a hack.
as i tried to say before
social engineering is a form of manipulation
hacking is a form of manipulation,
BUT
they arent the same thing
they are related
but not the same
Seems to me social engineering would not be a hack per se, but it would certainly qualify as a "tool" crackers use. I guess I'm making a distinction between "hacks" and the "tools" people use to do hacks.
For those of you that say social engineering is not a hack:
If you take spare parts from you garage, a few parts from Radio Shack, and put together a ham radio, do you consider this a hack? It appears that you would say no, because this has nothing to do with computers. If you look into the history of people becoming "hackers" that is where the term started. It was people that would do hardware "hacks" to get things to work. Then it became software "hacks." Many good pratical jokes were also considered hacks. If a joke can be a hack, that basically shows my point.
Hacking isn't about manipulation. When I used the comparison before, it was because someone else said it was. Hacking is about accomplishing a goal through non-standard means. Writing a report in Word isn't a hack, but if you create a word document (with formating and all) from vi or ed or even notepad, that would be a hack. IF you fix the muffler on your car with a coat hanger, you have hacked a fix.
The word hack can be applied to more then just computers.
Definitions:
http://www.instinct.org/texts/jargon...23.html#TAG824Quote:
hack
1. /n./ Originally, a quick job that produces what is needed, but not well.
2. /n./ An incredibly good, and perhaps very time-consuming, piece of work that produces exactly what is needed.
http://www.cs.berkeley.edu/~bh/hacker.htmlQuote:
A ``hacker'' is the opposite: someone who never goes to class, who in fact sleeps all day, and who spends the night pursuing recreational activities rather than studying......What does this have to do with computers? Originally, nothing.
http://www.instinct.org/texts/jargon...jargon_44.htmlQuote:
Hacking might be characterized as `an appropriate application of ingenuity'. Whether the result is a quick-and-dirty patchwork job or a carefully crafted work of art, you have to admire the cleverness that went into it.
An important secondary meaning of hack is `a creative practical joke'.
Example:
http://www.instinct.org/texts/jargon...jargon_44.htmlQuote:
In 1961, students from Caltech (California Institute of Technology, in Pasadena) hacked the Rose Bowl football game. One student posed as a reporter and `interviewed' the director of the University of Washington card stunts (such stunts involve people in the stands who hold up colored cards to make pictures). The reporter learned exactly how the stunts were operated, and also that the director would be out to dinner later.
Yeah, soulman, if you want to play at symantics, I agree. . .but I think you missed one of the defi's for hack, as I remember it, it was a writers term, originally. . .ie. hacking out a novel, 'he's not a novelist, he's a hack'. . .
I think you missed my point. My point was that not all "hacking" is directly used on a computer. If you look at the link for my example above, you will see that they considered that a hack, even to computer people, because they "reprogramed" the card stunts.
Maybe to you Social Engineering is not a hack. To other people it is. I personally believe that SE is a form of computer hacking, because of the security aspects. I don't care how good you are at security, the weakest link in any system is always the human, like SoggyBottom said. You can have your companies entire network offline, but if I can convince the person watching the door to let me in, your systems are now vulneable. It is a different set of skills, but I know people that have absoutely no people skills. If you go to the irc channel sometime, you will see what I mean. Quite often, there are people that couldn't convince their own parents that they were not really 5 years old, and still wearing diapers.
why even search Google when you can just visit the Sub7 homepage ;)
Sub7 is the best tool I've ever used on my own system to get around windoze.
SSJVegeta-Sei
hacking=manipulating something to do something it origionally was not intended to do.
on a side note, i have a HAM license
my call is: N2ZLL
hacking=manipulating something. Does this mean that when im manipulating my girl, im hacking? :D
yes alien... lol
Alien> are you sure she isn't hacking you?