252 Chapter 10 ■ Social Engineering
One of the tools on this list, Intellius, is a great example of how accessible personal
information may be. For less than $30 per month, you can subscribe to this service and
look up as many individuals as you desire. In some cases, your search may yield multiple
results (for example, if a person’s last name is Smith or Jackson), but this can easily be
addressed by using information from the other sources on this list to narrow the search
results. Using Intellius, I was able to use information from the Facebook and LinkedIn
profiles of friends and family to fine-tune the results.Summary
Millions of people are engaging online via Facebook, Twitter, Foursquare, and other social-
networking sites. Social networking is both fun and dangerous at the same time, as well as
extremely addictive—some users update every time they eat a meal or go to the restroom.
Although the technology allows for greater connectivity and convenience in communicating
by allowing people to stay in touch online, share fun moments, talk to their beloved, and
exchange personal content online, there are dangers that could lead to disaster.
Social-networking sites are a huge target for cyber-criminals who are looking for
information to steal and identities to pilfer. They abuse the open nature of these sites and
gather personal information about users—information that isn’t hidden, but is provided
readily by those users. Using this information, an attacker can coerce or trick you into
revealing information that you would not otherwise reveal. This is yet another example
of social engineering. For example, you may open up when someone you don’t know talks
to you with familiarity, because they stole information from your profile that helps them
convince you that you know them.
Even worse, these sites are very popular with young people and adults alike. For young
people in particular, social-networking sites can combine many of the risks associated with
being online: online bullying, disclosure of private information, cyber-stalking, access to
age-inappropriate content, and, at the most extreme, child abuse.
Companies have come to realize that they need to train their rank and file about what
they can and cannot share as well as block social-networking sites altogether. Some
companies have even gone a step further, telling employees that they cannot talk about the
company at all online.Exam Essentials
Remember that human beings represent the weak spot in many organizations. Human
beings, if not properly trained and educated, can easily lessen security.Understand human nature. It’s important to know how attackers mold and shape human
nature as well as how to spot aspects of human nature that can work against security.