Social Engineering
Social engineering is an art form that has been perfected throughout history. It has recently been attached to information technology as a way to describe a form of hacking. In reality it expands far beyond technology. The dictionary defines social engineering as the manipulation of the social position and function of individuals in order to manage change in a society (“Social Engineering”, Collins English Dictionary). A more specific definition as it applies to information technology would be: The act of manipulating a person to accomplish goals that may or may not be in the “targets” best interest. This may include obtaining information, gaining access, or getting the target to take certain action (Social Engineering – , n.d.).
Social engineering has been around since the dawn of civilization. Since man and woman have had the ability to communicate they have used it to manipulate the other for their own gain. Sun Tzu wrote about social engineering in the late sixth century in The Art of War. In this renowned text Sun Tzu describes the art of spying and social engineering and its importance in military strategy (Bomberg, 2008) . At the time it wasnt known as social engineering, but some of the philosophies that he wrote about closely coincide to what we know of today as social engineering.
The social engineering we know of today has its roots in the cold war, in which all the great super powers were trying to gain the upper hand through subversion and espionage. An integral part of espionage is the art of manipulating a weak link into giving out critical intelligence without their knowledge (Bomberg, 2008). In more recent years it has been in the limelight do to malicious hackers attempting to beat cyber security all around world. With the dawn of the internet and the information age we have seen social engineering flourish. Almost all hacks that we know of today have some aspect of social engineering.
One of the most prolific social engineers of my generation is Kevin Mitnick. Kevin was convicted of various computer- and communications-related crimes. At the time of his arrest in the late 1990s, he was the most-wanted computer criminal in the United States (United States Attorneys Office, 1999).
At age 12, Mitnick used social engineering to bypass the punch card system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information, including user names, passwords and modem phone numbers (Greene, 2003).
Though Mitnick was convicted of copying software unlawfully and possession of several forged identification documents, his supporters argue that his punishment was excessive. In his 2002 book, The Art of Deception, Mitnick states that he compromised