Basics of social engineering

In this article we will discuss what social engineering is and why it is needed. Social engineering can certainly be called one of the directions in hacking, although this direction does not concern computer systems, but is based on pure psychology. Of course, you will think, why do I need this worthless thing, I'm a hacker, not a psychologist? In fact, somewhere 70% of hacker hacks and intrusions into computer systems are not possible without social engineering. Therefore, this direction is very important for you, and you should spend no less time on studying it than studying computer systems, if you want to become a megakulhaker, of course :-). And so I think with the introduction it's time to finish and it's time to start exploring such a beast as social engineering, let's go ...

Social engineering appeared in computer systems simultaneously with the emergence of hackers, and hackers appeared with the advent of computer systems, well, we will not get away from the topic. But the term itself and social engineering itself appeared much earlier than the first hackers. Social engineering appeared in the world with the first formed society, since the word sociality itself is the public, or citizenship, depending on which system we are considering. So, the essence of social engineering is to force a person to do some kind of action that is not beneficial to him and is necessary for the social engineer. An example from history: our great leader, Comrade Stalin, used social engineering when he forced people to volunteer to work on voluntary work days for free and with great enthusiasm. Working for free is unprofitable for people (right? Right!), And the government, that is, the social engineer, in our case, Stalin, is very profitable. This is what social engineering looks like, but not everything is as simple as it seems at first glance, like every science (and this can be called science), it has its own subtleties. And we have to study these subtleties with you.

Now we come back to hacking and we will consider social engineering in computer systems. In hacking, the term social engineering has the abbreviation SI, from now on I will use only this abbreviation, and you should get used to it. And so - further, SI works only with holes in the psychology of the brain, well, to be even more precise, holes are used, the social system in which a person lives. To make it clearer, I will try to give a suitable example. Imagine that we want to insert a virus into a person, but he has an antivirus that burns him, and you do not have to encrypt and spend time on encrypting a virus, you need to somehow turn it off and start your virus. Well, let's choose the system in which the person is located. Imagine that this is your girlfriend (although it’s not very easy), let it be your work colleague. You glue Troyan which, steals passwords with some interesting program. You offer a program to a friend, paint it as if you have such a program only and it is the coolest one. Then you ask, so casually, what is his antivirus, after its answer (no matter what it will call an antivirus) say: “Listen, and you know, this program conflicts when installing with“ this ”antivirus, turn it off and start the program” This combination works in almost 90%. And now consider, where is the hole in this system. And this system is based on the fact that colleagues at work usually help each other with any technical or other advice, and the person to whom he advises usually relies completely on the adviser, because automatically (already at a subconscious level) he understands that this person faced with this problem and therefore you should not reinvent the wheel, but you can simply obey the advice. And merzapakny people, oh sorry, Social engineers, just use this hole to their advantage - this is one of the holes of one of the systems.

Hackers have one rule (well, or maybe a saying) “Everything that a man created can be hacked”, and so, all social systems that are used in society were created by man, which means that there are holes in all these systems, because man throughout the history of mankind has not created an ideal system, and indeed nothing ideal, that would not give failures. And from this we can conclude that the SI is quite an established direction in hacking, and hacking can be done not only picking at the holes of computer systems, but also at the level of psychology.

SI is divided into two types, one of them is short-term, and the second is long-term. Let's look at what properties they have:

1. Short-term is produced in a short period of time. The example that was given above refers to the short-term one. Its plus is that it does not require unnecessary time resources, and the minus is that it cannot force any person to make any highly significant actions for a social engineer.
2. Long-term means that you need to spend a lot of time trying to subdue a person. The minus is clear to you, but the plus is relatively short-term in that you can force a person to perform more significant actions necessary for a social engineer.

Well, well, comrade, I think this information was enough for you to understand what SI is, where it is used and why it is so necessary for a true hacker.