Social Engineering Tactics Hackers Employ


From social media to eCommerce, online services have become an indispensable part of daily life in this day and age. However, it also has become an entry point for hackers to do a lot of
malicious and nefarious activities from stealing your hard-earned money to your own identity itself. As more people go online and entrust their personal information to the world wide web, hackers are constantly looking for loopholes, exploits, and vulnerabilities to target unsuspecting users.

Common Tactics Used

According to leading technology training provider InfoSec Institute, hackers have been utilizing these common social engineering tactics to victimize a lot of people around the world at any given time and circumstances:

Phishing

Sounds like fishing? It somewhat resembles one apart from the spelling. Phishing is one of the most common tactics hackers employ to compromise user security and privacy. Such attacks involve the use of emails, social media posts, and instant messages that direct users to visit malicious websites and URLs (oftentimes closely resembling legitimate personalities, websites, and online services) in an effort to gain access to sensitive personal information and online accounts.


Typical phishing attack often involves the following modus operandi:

  • Baiting is the classic method used to stimulate curiosity and attract attention so that users would end up clicking that malicious link. Quid pro quo is a variant where it offers the user a benefit or special information in return for a specific action the hacker wants.
  • Another method involves impersonating legitimate websites and email messages to extract confidential personal information and sensitive access credentials often involving a false sense of urgency like recovering your disabled account, resetting a password, or updating financial information from the tax office.
  • Pretexting involves the use of false identities and hinges on the ability of the hacker to build trust with its victims. The more sophisticated attacks will manipulate users to perform certain actions that will enable the hacker to find exploits and points of failure that they can leverage.

Watering Hole

This strategy involves compromising a commonly-visited website and online service where hackers surreptitiously inject a malicious backdoor code that auto-installs into the user’s computer. Once installed, it keeps an eye on the user’s online activities from visited websites to actual keystroke log information. Watering hole attacks are usually done by state actors doing massive cyber-espionage operations or hacker groups looking to cash in on ransomware.

Tailgating

It basically works like a Trojan horse that goes through a particular vulnerability or exploits. Also known as “piggybacking,” the attack gains entry to a restricted area without proper authentication. It literally goes along an authenticated user by spoofing it thereby gaining access once the user is authenticated.

Social Norms of Hacker Subculture

In an examination of the hacker subculture, a research conducted by Thomas Jeffrey Holt of the University of Missouri-St. Louis found that the hacker subculture is shaped by technology, knowledge, commitment, categorization, and law.

Technology

Obviously, it is the main social norm that kick-starts hacking culture from the moment you’re introduced to computers and other gadgets for the first time. Nowadays, many are exposed to technology at a very young age thereby spawning a keen curiosity as to how it all works. As one understands how to harness technology for his/her personal benefit, the common good, or something malicious, the latter would become the main motivating factor as to how hackers came to be. Impressionable young users normally try to expand the limitations and capabilities of their gadgets by finding exploits and vulnerabilities as evident in mobile phone jailbreaking, video game modding, and homebrew communities.

Knowledge

Knowledge is indeed power and it goes hand-in-hand with technology. Hackers learn the tricks of the trade from all sorts of information on the world wide web from detailed schematics posted in online forums to step-by-step guides posted on Youtube. Young people consume a lot of information every day so when it comes to hacking basics and fundamentals, they will eventually learn it on their own without the benefit of going to school at all.


Curiosity and desire to learn are what drive them to know more and expand their knowledge on how to overcome the limitations and capabilities of the technology they used. When something is wrong with your computer, you normally open it up and figure out what’s wrong with the hardware and software through “trial and error.” Moreover, online forums and social media facilitates learning and shared knowledge.

Commitment

As technology grows, develops, and advances, hacking is not a one-off knowledge or skill. It takes a lot of time, learning, practice, and effort to become good at it. A very good hacker is very much committed to his/her craft. It especially rings true to software development where everyone is committed to providing regular updates and patches throughout its lifecycle. Hackers are committed to future-proofing their techniques and tools of the trade.

Categorization

Whether white hats or black hats, hackers have their own intentions and motives so that they vary from one to the other in their own subculture. Defining what a hacker is can be categorized in so many different ways. Even hackers don’t call themselves such. What matters the most is curiosity, commitment, and continued learning as part of the hacker evolution as technology progresses.

Law

Hacking has always been about circumventing established procedures and systems that’s why there is always a discussion on the legality or accepted use of such activity. Aside from that, there is a split between those who support white hat and black hat hackers when it comes to justifying their actions. Big tech companies and Fortune 500 corporations see hackers as enemies since they violate their intellectual property.

However, there are also some groups that believe that ethical hacks can help identify flaws and improve security as long as it’s mutually agreed upon. At the end of the day, hacking remains a contentious issue especially when it comes to revealing private information for public consumption like in the case of Wikileaks.

Hacking in the News

The media regularly covers stories about hacking but mostly paint such activity as an illegal and malicious act perpetrated by shadowy figures, criminal syndicates, and even socially-awkward teenagers. Here are a couple of recent news items from major media outlets that covered hacking incidents for the past month:

  1. Twitter Hack May Have Had Another Mastermind: A 16-Year-Old (New York Times)

This article tells the story of teenage hackers (a 16-year-old from Massachusetts and a 17-year-old named Graham Ivan Clark) who compromised the security of prominent Twitter accounts like that of Barack Obama, Joe Biden, and Jeff Bezos. It also mentioned that it is rare for the FBI to go after minors perpetrating such crimes. However, Mr. Clark was prosecuted as an adult along with other older accomplices. More teenagers, like Mr. Clark, are now smart enough to use an encrypted messaging system to cover their tracks. The news story also mentioned the family background: he has divorced parents with a history of financial distress.

  1. 16-year-old arrested for hacking Miami Dade school system (ABC News)

ABC News reported a junior high school student who carried out a series of crippling cyberattacks on the Miami-Dade County Public Schools resulting in the DDOS of the school’s network server. The suspect was charged with a 3rd-degree felony “Computer Use in an Attempt to Defraud” and a 2nd-degree misdemeanor “Interference with an Educational Institution.” The story suggests that teenagers are clever and intelligent enough to perpetrate such well-thought and complicated cyberattacks.

  1. Code of practice released to help stop smart devices from being hacked (Sydney Morning Herald)

In this news, Australia’s Home Affairs Minister Peter Dunn said that a new code of practice will be released so that consumer electronics and tech manufacturers should abide by it in order to ensure cybersecurity features to their smart devices and other tech products. It suggests that hackers are ingenious when it comes to utilizing gadgets and devices that you don’t normally think can be hacked or repurposed for something malicious and dangerous to the end-user. They use Internet-of-things devices like home security cameras, baby monitors, and other WiFi-connected hubs so they can gain access to your personal space.

No comments:

Post a Comment