17 Nov Frontline engineering
Diving into a lesson in social engineering gave me some understanding of the way we use language to hide what’s really happening. It seems the most basic definition of social engineering is the manipulation by a hacker of a business insider to reveal data that would otherwise be safe, secure and private to that business.
Also currently wading deep in a ‘yellow car’ moment, actually called the Baader–Meinhof phenomenon. I started to research social engineering and now it is EVERYWHERE! The latest Robinhood hack that has been explained in a company statement, has been blamed on classic social engineering, often the entry point for hackers. The stolen information is private data that can be used fraudulently.
Robinhood is an American financial services company and recently suffered a data breach, not the first breach. They had about 2000 accounts hit in 2020, which now seems like practice and, according to the Australian Fin Review (AFR) they have been compromised to a much greater extent this time, in the order of “seven million users”.
The company’s statement is brief and lacking in real accountability, they call it a “data security incident”. They do detail the extent of the breach in terms of how many users are affected and what details have been exposed, mostly email addresses and names but for a few hundred users the theft of personal information was greater.
Mat Honan wrote an exposé in 2012 detailing how social engineering and the flaws in security at massive tech companies ruined his digital life, he also took responsibility for not being IT astute and backing up everything and employing 2 step authentication processes for Gmail. Once he was exposed in one realm, hackers used social engineering to garner information to get to the next digital universe and before he knew it, all his financials, social media accounts and personal digital photos, were no longer his. He was not a sole victim.
Tim Culpan’s opinion piece in the AFR is an interesting breakdown of how these security systems are flawed because they are so easily exploited, human barriers are after all, human. Tim’s understanding is that using the social engineering excuse is a trap that fails to recognise that we have available technology that will prove where there are flaws in the system, including the coding and development and poorly executed algorithms.
We rarely explore the vulnerabilities of human interaction, especially when it is the front line for protection of user information for large companies. Exploring the psychology of human manipulation and using that research to train frontline staff to be more attuned to exploitation could really help reduce ‘social engineering’ hacks.
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.