GROUP PROJECT
- INFORMATION SECURITY -
“SOCIAL ENGINEERING”
Professor: Sabina Barakovic
Group members: Edo Mijac
Sumeja Bukvic
Armin Sarajcic
Senad Cavkusic
1. INTRODUCTION
Social engineering attacks are apace increasing in today’s networks and are weakening
the cybersecurity chain. Humans are additional possible to trust alternative humans
compared to computers or technologies.Therefore, they are the weakest link in the
security chain. Due to these human interactions, social engineering attacks are the
foremost powerful attacks as a result of they threaten all systems and networks. They
cannot be prevented using software or hardware solutions as long as people are not
trained to prevent these attacks.The best place to begin is with the fundamentals, by
responsive one elementary question:
What is social engineering?
Usual answers on this question are:
• social engineering is lying to individuals to urge data
• social engineering is being a decent actor
• social engineering is knowing the way to get stuff without charge.
Wikipedia defines it as the act of manipulating people into playing actions or divulging
confidential directions. If you look at the Webster’s dictionary, you will find that it
defines social as “ of or pertaining to the life, welfare, and relations of human beings in a
cummunity.” It also defines engineering as “ the art of science of making practical
application of the knowledge of pure sciences, as physics of chemistry, as in the
construction of engines, bridges, buildings, mines, ships, chemical plants or skillful or
artful contrivance, maneuvering.” Combining those two definitions you can easily see
that social engineering is the art of better yet, science, of skilfully maneuvering groups of
people to require action in some side of their lives.
1
people and pick out little cues that make a person a good mark. They are skillful at
making things that shows as unbeatable opportunities to a mark.
7)
Governments
– rarely checked out as social engineers, governments utilize social
engineering to regulate the messages they release like the individuals they govern. Many
governments utilize social proof, authority, and scarceness to be positive that their
subjects are under control. This type of social engineering is not always negative, because
some of the messages governments relay are for the good of the people and using certain
elements of social engineering can make the message more appealing and more widely
accepted.
PICTURE 1
3
2. INFORMATION GATHERING
With that knowledge in mind, here are questions that come up with regard to information
gathering:
1) What sources exist for social engineers to collect information?
2) What can you glean from this information to profile your targets?
3) How are you able to find, store, and catalog all this data for the simplest level of use?
These are only a couple of the inquiries that you should discover answers for so as to
achieve appropriate and compelling data gathering. As you assemble data you might be
overpowered with how to sort out and afterward utilize this information, so beginning a
document or a data gathering administration to accumulate this. For that purpose you can
use different kind of tools. Some of them are BasKet or Dradis. For information
gathering you can use many different sources, like:
2.1. WEBSITES
Corporate or personal websites will give a bounty of knowledge. The first issue a decent
social engineer can typically do is gather the maximum amount knowledge as he will
from the company’s or person’s web site.
Spending some quality time with the location will result in clearly understanding:
1) Job openings
2) Contact numbers
3) Biographies on the executives or board of directors
4) Support forum
5) Email naming conventions
6) Special words or phrases which will facilitate in countersign identification
4
2.4. PUBLIC SERVERS
A company’s publicly reachable servers are also great sources for what its websites don’t
say. Fingerprinting a server for its OS, put in applications, and information processing
data will say a good deal about a few company’s infrastructures. IP addresses may tell
you whether the servers are hosted locally or with a provider. With DNS records you'll be
able to verify server names and functions, furthermore as IPs. Maltego is one of the best
tools, with you are able to uncover a publicly facing server that housed literally hundreds
of documents with key pieces of information about projects, clients, and the creators of
documents. That information can be devastating for the company.
2.5 SOCIAL MEDIA
Sites like Twitter, Blippy, PleaseRobMe, IcanStalkU, Facebook, etc., you can use to find
information about people’s lives and whereabouts in the wide open.
2.6. GOING THROUGH THE GARBAGE
Yes, it’s hard to imagine, but jumping through the trash, it can yield one of the most
lucrative payoffs for information gathering.
2.7. PROFILING SOFTWARE
Password profilers such as Common User Profiler and Who’s Your Daddy can help
social engineer profile the potential passwords a company or person may use. A tool like
WYD will scrape a person or company’s website and create a password list from the
words mentioned on that site. It is not uncommon for people to use words, names, or
dates as passwords. After you gather all the information you need, as a social engineer,
6
