Social hacking
Social hacking describes the act of attempting to
Although the practice involves exercising control over human behaviour rather than computers, the term "social hacking" is also used in reference to online behaviour and increasingly,
Social Hacking Techniques
Carrying out a social hacking attack involves looking for weaknesses in user behaviour that can be exploited through seemingly legitimate means.[3] Three popular methods of attack include dumpster diving, role playing, and spear-phishing.
Dumpster Diving
Sifting through
Roleplaying
Establishing trust by fooling people into believing in the legitimacy of a false character is one of the main tenets of social hacking. Adopting a false personality or impersonating a known figure to trick victims into sharing personal details can be done in person or via phone conversation.
In person
By posing as third party maintenance workers in an office building, medical practitioners in a hospital, or one of many other forms, social hackers can get past security personnel and other employees undetected. In both examples, uniform apparel is associated with specific job functions, giving people reason to trust impersonators. A more complicated manoeuver would involve a longer planning cycle, such as taking up employment inside an organization that is being targeted for an attack.
In the movie Ocean's Eleven, a sophisticated crew of con artists plot an elaborate heist to rob three popular Las Vegas casinos by assimilating themselves in the everyday activities of the casinos' operations. Although the heist is executed in less than a day, the planning cycle is long and notably fastidious. An imperative function of the attack is to present credibility in the roles being impersonated, to which attention to detail is inevitably required.
Tailgating
Tailgating is the act of following someone into a restricted space, such as an office building or an academic institution. Third party maintenance workers, or medical personnel, as mentioned above, often have limited cause to justify their credibility because of their appearances. Similar to role playing, tailgating functions around the assumption of familiarity and trust.[4] People are less likely to react suspiciously to anyone who appears to fit into the surrounding environment, and will be even less liable to question individuals who don't call attention to themselves. Following behind someone in an unassuming fashion may even eliminate the need to establish a rapport with authorized personnel.
Spear Phishing
Online social hacks include “
A successful example of spear phishing was highly publicized in the news media in January 2014, when
Another example of Spear Phishing happened in June 2015 to Ubiquiti Networks Inc, a network technology company based in the United States. During this act of Spear Phishing Ubiquiti Networks reportedly lost over 46.7 million dollars. The hacking group sent Spear Phishing emails to employees in the finance department. These hackers sent spear phishing emails directly to the finance department's employees posing as company executives. The hackers managed to trick the employees into transferring funds to third party groups overseas.[9] Fortunately for Ubiquiti Networks, 8.1 million dollars were recovered from the hackers.[10]
Security
Although Target may not have been slacking in its security, the hackers were able to infiltrate Target's network indirectly, by identifying a third-party company with by access to Target's credentials. The social hack was in defrauding employees of the third party to divulge
In a similar incident,
In a study by Orgill et al., an observation is made that “it is important that each person responsible for computer security ask if their system is vulnerable to attacks by social engineers, and if so, how can the effect of a social engineering attack be mitigated.” [15] Using strong passwords[16] is one simple and easy method that assists in such mitigation, as is using reliable and effective anti-virus software. Other preventative measures include using different logins for services used, frequently monitoring accounts and personal data, as well as being alert to the difference between a request for help and a phishing attempt from strangers.[17]
Ethical Hacking
To counter security breaches at the hands of social hackers as well as technical hackers, companies employ security professionals, known as ethical hackers, or more popularly,
Impacting Social Media
The internet affords social hackers the ability to populate content spaces without detection of suspicious behaviour. Social hacking can also occur in environments where user-generated content is prevalent. This includes the opportunity to influence opinion polls and even to skew data beyond a point of validity. Social hacking can also be used to provide favourable reviews e.g. on product websites. It can also be used to counter negative feedback with an influx of positive responses ("like button") e.g. on blog or news article comment sections. Social hacking can cause damage to the online profile of a person or a brand by the simple act of accessing information that is openly available through social media channels.[19]
Technology Appropriation
Technology appropriation can be perceived as a type of social hacking in that it involves social manipulation of a technology. It describes the effort of users to make sense of a technology within their own contexts beyond adopting its intended use. When this happens, the use of the technology can change. Adaptation of a technology can incorporate reinterpretation of its function and meaning, to the effect that the technology itself can take on a new role. Appropriation accentuates that the user adjusts the technology for his own best practice, while adaptation advises that the use sometimes changes in general. For example, advances in today's technology make it easier than ever to portray another person. This method is known as creating a "deepfake". A deep fake is where someone can recreate somebody else's face and voice with a computer program. It is used to fake people saying and doing things they have never done or said before.[20] "Public figures may be more “fakeable” through this method than private ones. Visually routine situations, like a press conference, are more likely to be faked than entirely novel ones."[21] Deepfakes can be very dangerous in the sense that they can be used to fake what people with high authority have said such as, the president and politicians. There have been many articles and discussions over the new discovery of deepfakes such as Youtuber Shane Dawson's video, "Conspiracy Theories with Shane Dawson" where he talks about the conspiracy of deepfakes and what they could mean for the world today.[22]
Social hacking is also affiliated with
See also
- Certified Social Engineering Prevention Specialist(CSEPS)
- Cyberheist
- Deepfake
- Doomscrolling
- Doxing
- Internet Security Awareness Training
- Internet troll
- IT risk
- Penetration test
- Perception management
- Phishing
- Piggybacking (security)
- Review bomb
- Search engine manipulation effect
- SMiShing
- Social bot
- Sockpuppet (Internet)
- Vishing
References
- ^ a b "Archived copy" (PDF). Archived from the original (PDF) on April 14, 2014. Retrieved April 3, 2014.
{{cite web}}
: CS1 maint: archived copy as title (link) - ^ Hodson, Steve (August 15, 2022). "Never Mind Social Media, How About Social Hacking?". Mashable.
- ^ Peter Wood. "Social hacking: The easy way to breach network security". Computerweekly.com. Retrieved 2016-07-05.
- ^ Heary, Jamey. "Top 5 Social Engineering Exploit Techniques". PCWorld. Retrieved 2016-07-05.
- ^ Kalwa, Jason (18 February 2014). "Phishing just got personal – avoiding the social media trap". TechRadar. Retrieved 2016-07-05.
- ^ Rouse, Margaret. "What is spear phishing? - Definition from WhatIs.com". Searchsecurity.techtarget.com. Retrieved 2016-07-05.
- ^ Mathews, Lee. "Phishing Scams Cost American Businesses Half A Billion Dollars A Year". Forbes. Retrieved 2019-03-25.
- ^ "Massive Target Hack Traced Back To Phishing Email". Huffingtonpost.com. 2014-02-12. Retrieved 2016-07-05.
- ^ Honan, Brian (2015-08-06). "Ubiquiti Networks victim of $39 million social engineering attack". CSO Online. Retrieved 2019-03-25.
- ^ White, Mr (16 August 2015). "Tech Firm Ubiquiti Suffers $46M Cyberheist — Krebs on Security". Retrieved 2019-03-25.
- ^ a b "Email Attack on Vendor Set Up Breach at Target — Krebs on Security". Krebsonsecurity.com. 2014-02-12. Retrieved 2016-07-05.
- ^ Mackensie Graham (2014-04-02). "How to Stop Social Hackers Before they Attack". Thenextweb.com. Retrieved 2016-07-05.
- ^ "Yahoo Hacked And How To Protect Your Passwords". Forbes.com. Retrieved 2016-07-05.
- ^ Ribeiro, Ricky (2014-01-07). "Snapchat's Data Breach Should Be a Wake-Up Call for Startups — BizTech". Biztechmagazine.com. Retrieved 2016-07-05.
- )
- ^ "Analysis of a social site hack: Do feds need a 'higher standard' for social networking?". GCN. 2012-05-23. Retrieved 2016-07-05.
- ^ Melanie Pinola (9 August 2012). "How Can I Protect Against Social Engineering Hacks?". Lifehacker.com. Retrieved 2016-07-05.
- doi:10.5120/229-380.
- ^ John Shinal, Special for USA TODAY (2014-01-03). "Snapchat hack should be wake-up call". Usatoday.com. Retrieved 2016-07-05.
- ^ "The future of the deepfake — and what it means for fact-checkers". Poynter. 2018-12-17. Retrieved 2019-03-25.
- ^ "The future of the deepfake — and what it means for fact-checkers". 17 December 2018.
- ^ shane (2019-01-30), Conspiracy Theories with Shane Dawson, retrieved 2019-03-25
- ^ Claudia Cahalane (21 February 2014). "Simple ideas, big impact – in pictures | Social Enterprise Network". The Guardian. Retrieved 2016-07-05.
- Morrison, Dan (15 January 2014). "The System is Failing, Hack the System". TheGuardian.com. Retrieved January 15, 2014.
- "Types of Social Engineering". National Plant Diagnostic Network.
- Beck, Rochelle. "Hack Capitalism". Forbes.