Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Social Engineering: The dangers of positive thinking

Steve Ragan | Jan. 6, 2015
The assumption that everything's okay is a risky one.

"Ninety-nine-point-nine percent is looking like you know what you're doing. We think that there's all these techniques that social engineers are using, [but] it's not that the social engineers have all these wonderful mind powers or Jedi mind tricks," Street explained in an interview with CSO Online.

What about location? In a matter of moments, he was able to access the entire bank. In the video, the employees stand there and watch as he installs software and collects user IDs, passwords, and a smartcard (used for the teller's computer). Was his task made easier because he was a foreigner, and the staff were uncomfortable with the thought of being impolite?

"It's not a culture thing. It's not a country thing," Street said, pointing out that the human reactions are uniform for the most part no matter where he is in the world.

Positive thinking can be a problem:
He calls the process basic adorable destruction (BAD), because nothing he does during his jobs requires a high degree of technical sophistication. At most he will spend a few moments on Google before entering a job site, and that's all he requires.

In fact, the bank in the video wasn't the only one on this project. Street performed the same essential tasks at several banks, installing software and accessing restricted areas freely. In one case he even walked out with a working computer.

"Humans do not want to think about negative things happening to them," he said, as it goes against human nature to do so.

No one goes to work expecting something bad to happen, such as a random hacker coming in off the streets and violating the company's security. Likewise, humans don't expect -- nor do they want to think about -- something bad to happen to them personally. When such a situation arises, diffusion isn't as hard as one would think.

"If I can give them a reasonable explanation, besides the negative thing that sounds bad, they will believe the positive. They will go out of their way to believe the positive aspect, because otherwise they would have to think something bad was happening to them, and that's not something that humans like to acknowledge."

Describing a job in New York City, near Ground Zero, Street offered another example of where reasonable explanations allowed him to complete his tasks.

Painting a mental image of the area, Street starts his story by talking about the buildings and physical security blocks that were already in place when he arrived. There were SWAT teams and K-9 units working the concourse, in addition to eight security guards and other protective measures. His target was on the upper floors, but first Street needed to clear the lobby, where security had established a checkpoint similar to those used by the TSA.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.