|
List Info
Thread: RE: Reverse Social Engineering
|
|
| RE: Reverse Social Engineering |
|
2007-05-18 05:29:15 |
Folks
Do we really have to modify an already lousy description?
"Social Engineering" is yet another example of the
IT community bastardising
established terms used perfectly well for decades in other
disciplines (eg
pyschology,sociology and political science), and in doing so
confusing the
meaning. Authoritarian states conduct Social Engineering in
order to coerce
the masses into thinking or behaving differently.
Hackers, crooks and spies con their way in to organisations
in order to do
naughty stuff, or to get information. They do not use social
engineering. As
for "reverse social engineering", can't somebody
just think up a completely
new word? Suggestions please!!
Regards
Tony Troy
__________________________________________
-----Original Message-----
From: listbounce securityfocus.com [mailto:listbouncesecurityfocus.com] On
Behalf Of Christopher Meyer
Sent: 03 May 2007 17:02
To: realcasessecurityfocus.com
Subject: Re: Reverse Social Engineering
On 3/9/07, Snoopy Brown <freefalledgmail.com> wrote:
> I might be very wrong, but wasn't hp's recent fiasco
prime for your
paper?
>
> As I understand it, they did all sorts of illegal
stuff.
> Amongst them (useful to you), they portrayed themselves
(the
> "investigators") as other people to get
information from the company
> employees/executives.
>
That's normal social engineering, not reverse. Reverse is
pretending
to be the authority and getting someone to contact you for
help. For
example, you trick people into calling your number for Help
Desk
password resets instead of calling the actual number.
To answer the original poster... I don't know if this one
technically
fits the definition but maybe if you stretch it a bit- Kevin
Poulsen's
redirecting old or shut down escort service phone numbers
(google it
if you aren't familiar). I'm not sure if that is more of a
hack than
reverse social engineering, it has elements of both. It
does have
sabotage, advertising, and assisting - all considered
elements of
reverse social engineering.
I think you could also include some phishing scams in
reverse social
engineering.
I'm trying to rack my brain for better examples, because I
could swear
I've heard of some, but none are popping to mind at the
moment.
Christopher Meyer - CISSP, GCIH
Capgemini is a trading name used by the Capgemini Group of
companies which includes Capgemini UK plc, a company
registered in England and Wales (number 943935) whose
registered office is at No. 1 Forge End, Woking, Surrey,
GU21 6DB.
This message contains information that may be privileged or
confidential and is the property of the Capgemini Group. It
is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or
use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and
delete all copies of this message.
|
|
| Reverse Social Engineering |
|
2007-03-07 08:31:01 |
Does anyone know of any real life cases involving reverse
social
engineering that have been made public?
I'm working on a paper, and would like to include one, but I
can't
find anything credible I can use as a reference.
Thanks,
Mike
|
|
| Re: Reverse Social Engineering |
|
2007-03-08 18:01:05 |
Hello,
Sound like you are looking for counter-intelligence.
Regards,
--
Jason Muskat | GCFA, GCUX - de VE3TSJ
____________________________
TechDude
e. JasonTechDude.Ca
m. 416 .414 .9934
http://TechDude.Ca/
On 7-Mar-07, at 9:31 AM, Mike Durgin wrote:
> Does anyone know of any real life cases involving
reverse social
> engineering that have been made public?
>
> I'm working on a paper, and would like to include one,
but I can't
> find anything credible I can use as a reference.
>
> Thanks,
> Mike
|
|
| Re: Reverse Social Engineering |
|
2007-03-09 07:53:41 |
I might be very wrong, but wasn't hp's recent fiasco prime
for your paper?
As I understand it, they did all sorts of illegal stuff.
Amongst them (useful to you), they portrayed themselves
(the
"investigators") as other people to get
information from the company
employees/executives.
Please make sure to check my statements above, as this is
just from
memory, and I wasn't *that* into the case.
But yeah, I think that might help you out. 
Cheers!,
-AJ
On 3/8/07, Jason Muskat, GCFA, GCUX, de VE3TSJ <Jasontechdude.ca> wrote:
> Hello,
>
> Sound like you are looking for counter-intelligence.
>
>
> Regards,
>
> --
> Jason Muskat | GCFA, GCUX - de VE3TSJ
> ____________________________
> TechDude
> e. JasonTechDude.Ca
> m. 416 .414 .9934
>
> http://TechDude.Ca/
>
>
> On 7-Mar-07, at 9:31 AM, Mike Durgin wrote:
>
> > Does anyone know of any real life cases involving
reverse social
> > engineering that have been made public?
> >
> > I'm working on a paper, and would like to include
one, but I can't
> > find anything credible I can use as a reference.
> >
> > Thanks,
> > Mike
>
>
|
|
| Re: Reverse Social Engineering |
|
2007-05-03 11:01:57 |
On 3/9/07, Snoopy Brown <freefalledgmail.com> wrote:
> I might be very wrong, but wasn't hp's recent fiasco
prime for your paper?
>
> As I understand it, they did all sorts of illegal
stuff.
> Amongst them (useful to you), they portrayed themselves
(the
> "investigators") as other people to get
information from the company
> employees/executives.
>
That's normal social engineering, not reverse. Reverse is
pretending
to be the authority and getting someone to contact you for
help. For
example, you trick people into calling your number for Help
Desk
password resets instead of calling the actual number.
To answer the original poster... I don't know if this one
technically
fits the definition but maybe if you stretch it a bit- Kevin
Poulsen's
redirecting old or shut down escort service phone numbers
(google it
if you aren't familiar). I'm not sure if that is more of a
hack than
reverse social engineering, it has elements of both. It
does have
sabotage, advertising, and assisting - all considered
elements of
reverse social engineering.
I think you could also include some phishing scams in
reverse social
engineering.
I'm trying to rack my brain for better examples, because I
could swear
I've heard of some, but none are popping to mind at the
moment.
Christopher Meyer - CISSP, GCIH
|
|
| RE: Reverse Social Engineering |
|
2007-05-22 02:34:18 |
> Do we really have to modify an already lousy
description?
I'm afraid we've already lost that battle. :(
--
David Harley CISSP, Small Blue-Green World
Security Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguid
e.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliog
raphy.html
|
|
[1-6]
|
|