carlo
10-24-2005, 09:34 AM
In this world of fast paced capitalist pigs some people have alienated themselves from the society. These people now “own” you. How can that be? Ill tell you. There is this machine you trust all your information with in your house. You use it but you do not know what it can truly do. Your phone number, ****** card, your name, your address, your family, your identity. Its no longer yours. Welcome to the world of identity theft through the method of Internet social engineering. You are a number. Pull out your wallet, look at your social security number. Thats all you are to them. Nothing more.
Social engineering is when an outside attacker uses psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to his target. This could be anything imaginable.
I am going to teach you how they do this. How do you stop it, you must know how to do it. As a old saying I once heard “takes a thief to catch a thief.”
The main reason social engineering is so effective on the Internet is that majority of users on the 'net' use the same passwords for everything. They use the same password for there Internet, email, e-bay, E-shopping, instant messaging etc. Because of this once they get one they have access to all.
I am going to discuss some of the more common ways of social engineering through the Internet. Among these will be email, instant messaging, and websites.
Email is probably the most common way of social engineering. There are many strategies and I will talk about some of the more common. They range from a lie so bogus its amazing that anyone can possible fall for it, or as to so simple as not even having a message.
First up is something I call the three kings. This is because usualy there saying my father was a king, he died and had millions, I need your **** account to get it and I may reward you graciously.
The second type of social engineering threw email is merely to just get you to open the email. In this one you do not have to do anything but open a email. Sometimes they will send you a email with no message and just an exploit that takes advantage of your computer. This then gives them access to your computer in order to have complete control and receive all the information they need.
Another type of email fraud is by using file attachments. You know how when you send a program, picture, file, to your brother or something. Thats how they do it. They send you a email with a file attached. Then often they will have a messages like hey its your brother [insert name here], check out the pictures of the kids. Then once you download it, BAM! There in your system and have all your information.
Next on our list is instant messaging. This in my opinion is by far the easiest. First the attacker must find a target. They can do this threw member search, chat rooms and a few other ways. Essentially all you have to do is find someone who is online and stupid enough to believe you. This accounts for about ninety percent of the Internet users.
I will discuss threw how they do it in a 'IM' and a 'chat room.' However often they start in the chat room and lead to an 'IM.' The strategies in them is similar, however there is one major difference. In a 'IM' its just you and him, in the 'chat room' its many people and some one may notice what he is trying to do.
First off is 'IM,'this is a common abbreviation for instant message. These are conversations in text between you and the attacker. Nobody else is there to help you. You may think you just had a innocent conversation. All the information they need to get a foothold strong enough to open pandoras box upon your life is some small information. Your email address, this is usualy the same as your screen name. Secondly they will need your date of birth, they can use your age to find year and then just add your birth day. The next thing they will probably need is your zip code, all they need is your city and they can find this out. Then usualy for most accounts there will be an extra question, it will range from your pets name to mothers maiden name.
Below is an example.
ME@me.com: Hello
them@them.com: Hey
Me@me.com: Hows it going?
them@them.com: Alright, just kind of bored.
Me@me.com: Wana chat?
them@them.com: Sure, not like I got anything better to do.
Me@me.com: so what is your a/s/l
them@them.com: 2*/m/FL
them@them.com: you?
Me@me.com: im 2*/f/fl, where in florida are you?
them@them.com: Ever heard of bronson?
Me@me.com: Yes my brother lives near there.
them@them.com: thats cool. So where are you from in fl.
Me@me.com: Tampa area.
them@them.com: I dont like it there. To many people.
Me@me.com: I just got back from the vet. My dog was sick. Do you have any pets?
them@them.com: Yes I have a cat.
Me@me.com: What is the cats name?
them@them.com: Ms Dog
Me@me.com: ah thats cool.
Me@me.com: Yes, I am so stoked, my brithday is next monday. When is yours?
them@them.com: September **.
Me@me.com: Thats cool.
Me@me.com: Well I have to go, I will talk to you later.
them@them.com: Ok, bye.
Another tactic that works for both 'IM' and 'chat rooms' is getting you to download a program that gives them access to your machine and they can then manually look for the information. However they have to get you to download the software. Often they will call it a picture, or a cheat program for an online game, or very often something to do with porn (often called pr0n in the underground community).
Another way is in chat rooms. You usually have a better chance of not being social engineered in there. They will often either try to get you into a 'IM' conversation or they will use a bunch of friends in the chat room to help. However usually its a solo act. They will wait till they see someone who maybe needs some computer help or someone who is lonely and looking for someone to chat with. They will use the same tactics in the chat room as an 'IM' except one difference. They have to make much more small talk as to not raise anyones flags. In an 'IM' they can be more direct.
The final way of social engineering threw the Internet I will be speaking about is threw websites. They can very from anything as to be an online store, designed to look like a real existing site that your already a member of, porn, and often just uses an exploit. I will talk briefly of each of these.
False sites are probably the easiest. You stumble onto a website like www.ebay.com or your **** may ask you to resign in. You then do and your taken to the site. You notice nothing out of the ordinary. You have just been a victim. Often people will make a website that looks identicle to the original designed to get your information then after entering it you are taken to the real site as to not arouse any suspicion from the person. Now they have your login name and password.
Next is porn sites. Porn is probably the number one use for the Internet. Ok, you go there and theres thousands of pictures, movies, games, etc. all containing porn. What more could you ask for. Many of these places require you to sign up with a ****** card. If the web ****** is not trust worthy he may randomly pick a few people and make a few small charges. Or maybe he will make a movie that contains a 'back door' program.
The final thing I will be discussing is exploits threw web browsers. These can anything from just seeing what is in your clip***rd. That is when you press [ctrl] + [c] / [x]. Or to making you download something, or mayhaps redirecting you. These all use faults in your web browser in order to accomplish this. So why is this social engineering. They have to get you to somehow go to the site.
So my advice to you is to lock yourself in a closet, cut off your hands, cut out your throat and look at your patents honey moon pictures to go blind. I would like to see them social engineer you then. HEHE.
Social engineering is when an outside attacker uses psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to his target. This could be anything imaginable.
I am going to teach you how they do this. How do you stop it, you must know how to do it. As a old saying I once heard “takes a thief to catch a thief.”
The main reason social engineering is so effective on the Internet is that majority of users on the 'net' use the same passwords for everything. They use the same password for there Internet, email, e-bay, E-shopping, instant messaging etc. Because of this once they get one they have access to all.
I am going to discuss some of the more common ways of social engineering through the Internet. Among these will be email, instant messaging, and websites.
Email is probably the most common way of social engineering. There are many strategies and I will talk about some of the more common. They range from a lie so bogus its amazing that anyone can possible fall for it, or as to so simple as not even having a message.
First up is something I call the three kings. This is because usualy there saying my father was a king, he died and had millions, I need your **** account to get it and I may reward you graciously.
The second type of social engineering threw email is merely to just get you to open the email. In this one you do not have to do anything but open a email. Sometimes they will send you a email with no message and just an exploit that takes advantage of your computer. This then gives them access to your computer in order to have complete control and receive all the information they need.
Another type of email fraud is by using file attachments. You know how when you send a program, picture, file, to your brother or something. Thats how they do it. They send you a email with a file attached. Then often they will have a messages like hey its your brother [insert name here], check out the pictures of the kids. Then once you download it, BAM! There in your system and have all your information.
Next on our list is instant messaging. This in my opinion is by far the easiest. First the attacker must find a target. They can do this threw member search, chat rooms and a few other ways. Essentially all you have to do is find someone who is online and stupid enough to believe you. This accounts for about ninety percent of the Internet users.
I will discuss threw how they do it in a 'IM' and a 'chat room.' However often they start in the chat room and lead to an 'IM.' The strategies in them is similar, however there is one major difference. In a 'IM' its just you and him, in the 'chat room' its many people and some one may notice what he is trying to do.
First off is 'IM,'this is a common abbreviation for instant message. These are conversations in text between you and the attacker. Nobody else is there to help you. You may think you just had a innocent conversation. All the information they need to get a foothold strong enough to open pandoras box upon your life is some small information. Your email address, this is usualy the same as your screen name. Secondly they will need your date of birth, they can use your age to find year and then just add your birth day. The next thing they will probably need is your zip code, all they need is your city and they can find this out. Then usualy for most accounts there will be an extra question, it will range from your pets name to mothers maiden name.
Below is an example.
ME@me.com: Hello
them@them.com: Hey
Me@me.com: Hows it going?
them@them.com: Alright, just kind of bored.
Me@me.com: Wana chat?
them@them.com: Sure, not like I got anything better to do.
Me@me.com: so what is your a/s/l
them@them.com: 2*/m/FL
them@them.com: you?
Me@me.com: im 2*/f/fl, where in florida are you?
them@them.com: Ever heard of bronson?
Me@me.com: Yes my brother lives near there.
them@them.com: thats cool. So where are you from in fl.
Me@me.com: Tampa area.
them@them.com: I dont like it there. To many people.
Me@me.com: I just got back from the vet. My dog was sick. Do you have any pets?
them@them.com: Yes I have a cat.
Me@me.com: What is the cats name?
them@them.com: Ms Dog
Me@me.com: ah thats cool.
Me@me.com: Yes, I am so stoked, my brithday is next monday. When is yours?
them@them.com: September **.
Me@me.com: Thats cool.
Me@me.com: Well I have to go, I will talk to you later.
them@them.com: Ok, bye.
Another tactic that works for both 'IM' and 'chat rooms' is getting you to download a program that gives them access to your machine and they can then manually look for the information. However they have to get you to download the software. Often they will call it a picture, or a cheat program for an online game, or very often something to do with porn (often called pr0n in the underground community).
Another way is in chat rooms. You usually have a better chance of not being social engineered in there. They will often either try to get you into a 'IM' conversation or they will use a bunch of friends in the chat room to help. However usually its a solo act. They will wait till they see someone who maybe needs some computer help or someone who is lonely and looking for someone to chat with. They will use the same tactics in the chat room as an 'IM' except one difference. They have to make much more small talk as to not raise anyones flags. In an 'IM' they can be more direct.
The final way of social engineering threw the Internet I will be speaking about is threw websites. They can very from anything as to be an online store, designed to look like a real existing site that your already a member of, porn, and often just uses an exploit. I will talk briefly of each of these.
False sites are probably the easiest. You stumble onto a website like www.ebay.com or your **** may ask you to resign in. You then do and your taken to the site. You notice nothing out of the ordinary. You have just been a victim. Often people will make a website that looks identicle to the original designed to get your information then after entering it you are taken to the real site as to not arouse any suspicion from the person. Now they have your login name and password.
Next is porn sites. Porn is probably the number one use for the Internet. Ok, you go there and theres thousands of pictures, movies, games, etc. all containing porn. What more could you ask for. Many of these places require you to sign up with a ****** card. If the web ****** is not trust worthy he may randomly pick a few people and make a few small charges. Or maybe he will make a movie that contains a 'back door' program.
The final thing I will be discussing is exploits threw web browsers. These can anything from just seeing what is in your clip***rd. That is when you press [ctrl] + [c] / [x]. Or to making you download something, or mayhaps redirecting you. These all use faults in your web browser in order to accomplish this. So why is this social engineering. They have to get you to somehow go to the site.
So my advice to you is to lock yourself in a closet, cut off your hands, cut out your throat and look at your patents honey moon pictures to go blind. I would like to see them social engineer you then. HEHE.