• Choose a category
• All
• Classic-Fiction

ABUSE OF TRUST

In most cases, successful social engineers have strong people skills. They’re charming, polite, and easy to like—social traits needed for establishing rapid rapport and trust. An experienced social engineer is able to gain access to virtually any targeted information by using the strategies and tactics of his craft.

Savvy technologists have painstakingly developed information-security solutions to minimize the risks connected with the use of computers, yet left unaddressed the most significant vulnerability, the human factor. Despite our intellect, we humans—you, me, and everyone else—remain the most severe threat to each other’s security.

Our National Character

We’re not mindful of the threat, especially in the Western world. In the United States most of all, we’re not trained to be suspicious of each other. We are taught to “love thy neighbor” and have trust and faith in each other. Consider how difficult it is for neighborhood watch organizations to get people to lock their homes and cars. This sort of vulnerability is obvious, and yet it seems to be ignored by many who prefer to live in a dream world—until they get burned.

We know that all people are not kind and honest, but too often we live as if they were. This lovely innocence has been the fabric of the lives of Americans and it’s painful to give it up. As a nation we have built into our concept of freedom that the best places to live are those where locks and keys are the least necessary.

Most people go on the assumption that they will not be deceived by others, based upon a belief that the probability of being deceived is very low; the attacker, understanding this common belief, makes his request sound so reasonable that it raises no suspicion, all the while exploiting the victim’s trust.

Organizational Innocence

That innocence that is part of our national character was evident back when computers were first being connected remotely. Recall that the ARPANet (the Defense Department’s Advanced Research Projects Agency Network), the predecessor of the Internet, was designed as a way of sharing research information between government, research, and educational institutions. The goal was information freedom, as well as technological advancement. Many educational institutions therefore set up early computer systems with little or no security. One noted software libertarian, Richard Stallman, even refused to protect his account with a password.

But with the Internet being used for electronic commerce, the dangers of weak security in our wired world have changed dramatically. Deploying more technology is not going to solve the human security problem.

Just look at our airports today. Security has become paramount, yet we’re alarmed by media reports of travelers who have been able to circumvent security and carry potential weapons past checkpoints. How is this possible during a time when our airports are on such a state of alert? Are the metal detectors failing? No. The problem isn’t the machines. The problem is the human factor: The people manning the machines. Airport officials can marshal the National Guard and install metal detectors and facial recognition systems, but educating the frontline security staff on how to properly screen passengers is much more likely to help.

The same problem exists within government, business, and educational institutions throughout the world. Despite the efforts of security professionals, information everywhere remains vulnerable and will continue to be seen as a ripe target by attackers with social engineering skills, until the weakest link in the security chain, the human link, has been strengthened.

Now more than ever we must learn to stop wishful thinking and become more aware of the techniques that are being used by those who attempt to attack the confidentiality, integrity, and availability of the information on our computer systems and networks. We’ve come to accept the need for defensive driving; it’s time to accept and learn the practice of defensive computing.

The threat