Active Now

Flint Ironstag
Discussion » Questions » Life and Society » What Is SOCIAL ENGINEERING?

What Is SOCIAL ENGINEERING?

Background: In looking into why Internet Q/A sites close down, Nanoose pointed out the quandary of Experience Project, which shut down April 2016. Their stated mission is the tremendous Internet potential that I myself first noticed on Ask.com;

“...harnessing social media to bring empathy and understanding to all, through the power of anonymously shared human experience….Doing good for the world was not a side effect, it was the goal.”

 But with millions of users, EP was “being challenged like never before. Governments and their agencies are aggressively attacking the foundations of internet privacy with a deluge of information requests, subpoenas, and warrants.”

EP describes a cat-&-mouse situation with government chasing the Bad Apples, who “are better able to cover their tracks and evade user bans by using mobile and encryption networks, and they use information to exploit the trust of others through social engineering.”

http://www.experienceproject.com/until-we-meet-again
* * *
So, actually two questions here…
1. What is the social engineering that the Bad Apples try to do?
2. Is the answer to EP's target situation perhaps small size? Would both the Bad Apples, and the government regs, typically not bother with smaller sites like aMug?

Posted - March 25, 2017

Responses


  • It's when a person manipulates others into trusting them and/or uses trick methods to get people to do things they want them to do.

    Example: A person pretends to be in distress and asking for help with a problem they are having on the internet.  People try and help them since the fact they are asking for help with an issue makes them seem non-threatening, weaker so to speak.   People give info to help solve the problem while the person pretends to not understand or not get the solution to work.  Eventually something comes up about sharing a screenshot file by either the social engineer OR from someone trying to help tells them to do it.   Now the the plan has worked to set the trap.  The social engineer creates an image file with a malicious script hidden in it and the person who clicks on it to open the file downloads the malicious script.

    It can even be used just to get a piece of info out of someone.   It can be used to trip someone up into saying something that will get them in trouble with a site or law even.


    Easiest way to think about it is fast talking snake oil salesmen or the old Three Card Monty scammers that would use a shill to play the game and let them win to build the marks trust and then switch the cards so the mark always loses.    With using the shill to socially engineer the marks into believing they have a chance of winning, they won't usually fall for the trick.
      March 25, 2017 1:25 PM MDT
    6

  • Glis, I think I understand at least partially...but what would be the point?
    Sounds like a huge investment of time to, what? Give a virus to one person?

    Maybe just the 'dark joy' schadenfreude of causing distress to other people?
      March 25, 2017 1:31 PM MDT
    1

  • There's all kinds of reasons.   Some less nefarious than others.  Political parties hire people to do it to cause voter sway.  Criminals do it because often times it's the easiest and quickest way to get whatever they want for their scam and it doesn't take much tech no how to accomplish.

    Remember when people were getting ripped off or there bank accounts compromised from spam email years ago in the AOL days?   That was socially engineering.   People would say " I been hacked"  when the truth is they were manipulated into opening an email that had a malicious script or used an exploit  that was known and out there.   They didn't really get "hacked"   they were engineered into doing the dirty work on themselves.  Hacking requires IT skill,  social engineering can give a lot of the same results as hacking into someone's system but just requires a silver tongue and personality.

    It's a very powerful tool for those with less than honorable intentions.  The easiest vulnerability to attack is the human user, not the actual system.





    If you want to know more about it go to Youtube and search for DEFCON  social engineering talks.    You'll find lots of expert insight in to the tricks and scope of it.
      March 25, 2017 1:50 PM MDT
    2

  • Glis, you are informed in very many areas...ty...
    I prolly have now what I would like to know for the moment...one example coming to mind, when a friend traveled to South American, everybody back home started receiving emergency e-mails to send him money.
    Well...nobody bit, but...I have a hunch that might fall under the definition also!

    * * *
    Actually, maybe I will do that DEFCON search after all...just learn more concrete kinds of examples...
      March 25, 2017 2:17 PM MDT
    1

  • Yep,  there you go that's a low-level example exactly.
    Those emergency threat detections on some websites are another one.  Like when there was that scam going around that gave a pop-up that the FBI had found you are in possession of kiddie porn on your hard drive and to click this or face arrest.  
      March 25, 2017 2:23 PM MDT
    1

  • I had a similar emergency request from an acquaintance who was in Malaysia. I think they probably emailed everybody in his address book. 
      March 25, 2017 2:57 PM MDT
    2

  • Interesting, Dozy...not just 'rich Americans' the target, sounds like that scam was over much of the world.
      March 25, 2017 5:57 PM MDT
    1

  • Oh ....faak me sideways:/  ... this answer feeds in my paranoia .... Bah :( well q&a sites were fun :/not now!
      March 25, 2017 6:28 PM MDT
    3

  • Yah, I know.   
      March 25, 2017 6:31 PM MDT
    1

  • I don't like it :/ seriously 
      March 25, 2017 6:34 PM MDT
    1

  • Yah, I know.   I was kinda cringing while typing it.   The creep factor of reading in the venue is not lost on me.

    The world sucks.
      March 25, 2017 6:37 PM MDT
    1

  • 318
    Strange, I had never equated "Social Engineering" to scam artists.  To me it was more of a political or big business thing.  I would have thought the use of credit cards was a result of social engineering.  Getting the people to accept that it was ok to go into debt.
    Or political, getting people to support the government spending huge amounts of money during the cold war, by giving them a threat (the communists... you know, they could be anywhere, be sure to report them)
    At any rate, social engineering has been around since the development of the printing press.
      March 25, 2017 2:37 PM MDT
    2

  • Completely agree, Maurice. I think that's where it's happening. 
      March 25, 2017 2:58 PM MDT
    2

  • Interesting you should mention the debt acceptance, Maurice...I was reading that as of 2014, the national debt was 106% of US GDP, heading up to 140% by 2025, I think it was.
    And yes, the voters would have to somehow be made to acquiesce in that.
      March 25, 2017 5:33 PM MDT
    0

  • 7280
    For those interested---

    1.
    the use of centralized planning in an attempt to manage social change and regulate the future development and behavior of a society.
    "the country's unique blend of open economics, authoritarian politics, and social engineering"---
    2.
    (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
    "people with an online account should watch for phishing attacks and other forms of social engineering"
      March 25, 2017 2:46 PM MDT
    3

  • TJ...then in the sense of #1, US gov support for the Civil Rights movement could be a form of social engineering? SCOTUS finding for Brown in Brown v. Board of Education, and the ensuing bussing programs?
      March 25, 2017 5:30 PM MDT
    0

  • 7280
    Sure.---

    But I consider "social engineering" to be a description of a process, not a "thing" exactly.---

    "Manipulation" is in a similar situation, but unfortunately it has a negative connotation.---

    Way back in theology, we studied manipulation---it is frequently a positive thing.


      March 26, 2017 2:15 PM MDT
    1

  • Yes, the idea of manipulation as a positive thing...in the Civil Rights era, I would often think of the positive role of federal 'interference,' intercepting local government gone amok.
    Thank you, TJ.
      March 26, 2017 2:55 PM MDT
    0

  • During the cold war I once worked with the Czech chargé d'affaires who had come to our communications centre to send material he didn't want to pass through his embassy's comms room. While we worked, one of our loud-mouths walked up and said to him, "What kind of lies do you tell your people about us?" And without a moment's hesitation he said, "The same kind of lies that your government tells you about us." 

    To my mind, that's social engineering in a nutshell: governments, and their opposition parties, manipulating the trust of the people who put them into office.

    It can happen on a commercial level as well. Mining companies assure us that when they excavate the landscape they do it in an "environmentally friendly" manner. The tobacco industry pays doctors to assure us that there is no proven connection between smoking and lung cancer. And, of course,gun owners claim that it's nothing but the truth when the NRA tells us that guns don't kill people; people kill people.

    Yeah, right!

      March 25, 2017 2:52 PM MDT
    2

  • Read or see, "The Isle of Doctor Moreau".
      March 25, 2017 3:49 PM MDT
    3

  • Thank you Whistle6, I have hard of that LONG time but never partaking, at least as of yet, it now goes onto my list!
      March 25, 2017 5:58 PM MDT
    1

  • Be sure to watch the original cheesy B version, not the remake.
      March 25, 2017 6:08 PM MDT
    1

  • ty for heads up, I will DEFINITELY go for the original Cheesy B!
      March 25, 2017 6:32 PM MDT
    0

  • It was a pretty good yarn, Virginia, but it must be nearly 50 years since I read it. Don't recall the details very clearly.
      March 27, 2017 3:57 PM MDT
    1