Exploitation of the dumb: 101 on social engineering in the IT aeon

Posted in ..utt. by Thee Triode on maijs 19, 2013

NB!/Disclimer/Reminder/Some sort of BS at the begining of the article to get things straight and get Your attention to read further… : Yet the phrase ‘social engineering’ is used and present in this short article, it is not to be confused with the same term used in social sciences . This is to be understood in the context of computer and information security.  So hold yer horses before jumping on that subject and pointing that out for me. This facial expression is pretty much the best example of the amounts of phoque’s I will give at that particular moment —> ( ._.). I do not encourage anyone to attempt anything illegal described in the text below – this is just a informational material about the security of ones identity and data on the internet!!!

Internet stalkers: Annoying gossipy no-lifers trying to fulfill their thirsty curiosity for information and facts about other people personal and social lifes, pretty much creeps, right? Sad to say this word has this stigma to it, but let’s try to see past this, especially considering  that we live in the IT aeon and things are different now than a decade or so ago even on this subject. At first let’s separete these people into two distinct groups: the stalker vulgaris that we could define as described above and the exploiter/investigator. Not worth to mention the first bunch of people any further, because they really have nothing better to do in their past time and there is no reason to acknowledge them  – they are not accomplishing anything. It’s really just a hobby for them, an emotional kick (atleast I guess so, dunno lol).  They just use social portals and, well, don’t have the thinkering it takes to do some real damage. Now, it’s different with the exploiter/investigator-type stalkers.

The key word here is ‘exploitation’. Using security flaws and exploits that woundn’t be there or at least would be harder to deal with if only people would pay more attention what information and where they post it on the internet. It is suprisingly how easily it is to get to some compromising or valuable, heck – even life ruining info by just browsing some social portals and pin-pointing some clues and hints together. I’m not even talking about using such tools as nmap or Metasploit or anything like that, yet this is to be well considered – in just a couple of steps one can become a grey-hat hacker (let’s be honest – with this method one can not be considered white-hat hacker. At some point You WILL feel the lust to do some damage and evil stuff :> ).   Exploiter/Investigator -> script kiddie -> grey-hat hacker. Ofcourse this is over-simplyfied, but You see the big picture. Let me give an example how this fiddling-around with the search engine and social portals works.

Suppose You have a victim in mind that You want to… Well, what the devil do I care You want to do or accomplish, it’s just the fact that You need to access his/hers e-mail account. Now, the only thing You are ahold for now is the name and surname. A quick Google search and we should be able to see all the social portals and some other sites where the person is registered. At this point it’s important to check if the person has his Curriculum Vitae posted somewhere on the web. That would not be unusual considering, for example, this person is searching for a job, is registered at an searching-for-job-site, something like that. Is the person even aware that his CV is so easily accessible on the web? There’s such info as address, phone number, schools attended, ect. You wouldn’t post Your address that simple somewhere in the web just like that, now would You? Ain’t no reason to act as a brave cock on the web in forums and think that You are like behind a mystic invisible and invincible cloak (I’m behind 7 proxies, lol) and noone can come knocking at Your door for something You have done.  Quick search on Your nickname -> seeing where else it appears -> searching for the name and surrname -> then CV -> et voila – I have Your address! And You didn’t took my warning seriously about calling the glasscutters in advance for I will smash Your home windows out…

Oh, secret questions for when You get wasted and forget Your e-mail’s password. This is another easy exploitable flaw. The e-mail is given in the CV so I can try to get a temporary pass. Hmm, the secret question is his/hers favourite movie . Lemme go though all the flicks You have liked on Your Facebook account and eventually there’s a high chance I’ve nailed it and found the answer for Your oh-secret password. Now, this is where the fun really begins. Mails from the bank, online game accounts, PayPal info… This is where the gray-hat-hacker-phase kick’s in. No need to mention the possibilities from here on now. Look how quick and easy that was!

This was just an example of how valuable information can be accessed and turned against You (blackmailing, scaming, fraud, ect.) with not even turning to such things as phishing, keyloggers, viruses, remote connection,  cookie reading, password cracking with Cain and Abel, nmap’ing, using Metasploit, choosing the right Linux distributive… You see? This is how the path to hacking starts.

You are on Your own now. Secure Your shit and have some fun exploiting those who… Well, deserve to be punished for something they have done.



Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Mainīt )

Twitter picture

You are commenting using your Twitter account. Log Out / Mainīt )

Facebook photo

You are commenting using your Facebook account. Log Out / Mainīt )

Google+ photo

You are commenting using your Google+ account. Log Out / Mainīt )

Connecting to %s

%d bloggers like this: