TJ Maxx and Target shoppers, don’t feel so bad: even the Pentagon gets hacked these days. This weekend the defense department came clean about an attack on its email servers, which, as fate would have it, coincided with a global conference of hackers in Vegas.
There was no actual connection between the hacking conference and what happened at the Pentagon, that’s pretty certain. indeed hacking conferences are far more about the intellectual challenges and subculture of pushing technology to unintended limits. But that gets at a larger issue about the mythology of criminal hacking, which conjures images of young people sitting at dark terminals sucking on red bulls and pounding out code. We speak with Sara Peters, senior editor at Dark Reading, about how much of modern hacking might better be described as old school social engineering.
“Social engineering is just tricking some innocent person into doing sometjing they shouldn’t to help the attacker commit some kind of a crime,” Peters explains. The modus operandi is more like that of a con-artist, using interpersonal trickery and deceit to gain entry or information. It’s a process that isn’t necessarily new either.“It’s probably been a part of it since the beginning,” Peters says.
But with more users online now than ever, it’s become an increasingly popular method to circumnavigate digital security systems and head for the most vulnerable target – the user.
“There is one thing called a watering hole attack and it doesn’t require passwords at all,” Peters says. The premise revolves around hackers placing ads specifically targeted to certain users, hidden inside of them are malicious programs. “They put something they think you will like in a place they think you will find it.” Then there are the 419 ploys, better known as the Nigerian price scam, which for over a decade have plundered victims of millions of dollars.
But for all of the warnings about not giving out passwords or baiting into deals that are just too good to be true people still have a tendency to play with fire. “Unfortunately a lot of organizations do not educate their users nearly enough….if at all,” Peters says. So next time you receive that email saying you’ve won an international lottery – you’ll probably be better off hitting the delete button.