Social engineering

Social engineering refers to the exploitation of our assumptions, beliefs and paradigms. Most ID theft involves exploiting our assumptions in order to steal private information.

With so much of our private information online, identity protection measures are more important than ever. The best defense against social engineering is awareness of the assumptions exploited.

We’ll call it internet stranger danger.

Many of our everyday decisions and choices are made or influenced by unconscious factors. Our autopilot. Pushing on a door assuming it will oblige, only the sign said “Pull” as you slammed smack into your unquestioned belief about the door.

Hackers exploit our unquestioned assumptions about everything they can bring into our awareness. Spam, popups, updates and even the use of that complex machine – the computer.

Computer security and identify theft protection begin with awareness of this simple, yet effective, exploit.

Phishing is one of the most common examples of social engineering. By posing as your bank, credit card company, delivery service or some other credible entity, your trust is exploited and you will follow the instructions in the email or website.

Vendors of antivirus software and internet security suites readily admit that their products cannot protect the computer from the user’s actions. So hackers exploit that weakness through social engineering.

These are some of the most common human vulnerabilities being exploited today.

Remember, hackers need your assistance to infect your computer – a click of your mouse, either to open a link to a website or execute a file. So they use a creative palette of ruses to get you to click on something, each designed to exploit your assumption about something. These are some of the more common exploits:


“Friends/family wouldn’t send me a virus”

Email, both spam and ‘legitimate’, is a major vector used to infect computers. Infected computers are used as email machines sending emails out under the direction of the hacker (bot master). Online accounts are used as well.

One of the prizes contained in your computer are your cached (remembered or saved) logins and passwords to your email provider (Yahoo, MSN, Hotmail, etc). These are easily harvested by the hackers and used to login to your account and send infectious emails to everyone in your contact list.

Each email recipient will know the sender (you), or you’ll receive a message from friend/family, and gladly open the message (no problem so far). Then click on or open whatever is contained in the message trusting the sender.

If it’s an attachment, your anti virus protection will have a look at it and if it has a signature for the virus, will stop it. But wait, you just got this file in an email. If it was just created and mass mailed, what are the chances the virus protection software will know about it? Slim to none. You’re now infected.

Protection:

Tell all your friends/family to stop forwarding messages they receive. It they want you to see what they received (from who knows where), copy/paste it to a new email to you.

Look for identifiable message text, something that you know the sender would know about, a reference to something – “enjoyed dinner last night”, “see you tommorrow”, etc. Avoid simple, generic statements or instructions like “you’ll like this”, “check this out”, “can you believe this” or other inane phrases.


“My antivirus program says everything is OK”

You’ve been schooled to believe that spyware and virus protection programs can protect you from all the bad stuff. After all, that’s their business. But if they worked as advertised, I wouldn’t have a job and you wouldn’t be reading this.

First, anti virus protection programs are only as smart as they’ve been told with the virus definition updates. Every protection software company wants to be as close to zero-day protection as possible. They want your AV program to know about every virus as soon as it is discovered. Can’t be done.

Exploitation of this flaw is easy. Just make more viruses than the computer protection software can catch. (In 2009, 55,000 new viruses per day were detected.)

Rootkits can disable the anti virus programs ability to detect malware. The anti virus program will update it’s definitions, scan the computer, report some cookies were found and that all is in good shape.

You’re left feeling protected but your computer still bogs down or crashes.

Protection:

Verify the virus protection program has done it’s job. Check the logs and quarantine folders. If it hasn’t found anything significant in a while, this may warrant further examination.

Check the Windows Event Viewer for logs of the AV program repeatedly starting and stopping.

If you suspect the anti virus protection is not working, uninstall it and get another. If the anti virus software was disabled by infecting the program itself, replacing it may produce better results. However, if the anti virus program was disabled by a modification to the OS by a rootkit, then any virus protection program will fail to find anything.

The {Virus Protection Software} page has more information about computer virus protection.


“Internet Explorer(IE) is safe to use”

Microsoft continues to work on Internet Explorer and they have made major improvements to the security. However…

IE contains two features, ActiveX and Brower Help Object (BHO), that were developed by Microsoft to enhance the web experience. Each of them has been used extensively by hackers to infect computers. Microsoft has patched IE to prevent the automatic execution of ActiveX from websites. But, due to the large installed base, IE is still a favorite of hackers.

All browsers execute javascript from websites. Javascript is one of the most powerful tools in the hackers toolbox. Mitigating it’s execution is very important (more on that later). IE can, to some extent, but requires many steps and is usually much too complicated for the average computer user.

IE is installed in EVERY computer running Microsoft Windows operating system. The target of choice is obvious.

Protection:

Don’t use it if you don’t have to. If you have to, use it only for those sites requiring it. Don’t surf around or check email/Facebook with it. Close it when not needed.

The {Internet Browser} page has more information about browser security.


“If a site says I need something, it’s safe”

Upon visiting a website (usually with IE) or trying to play a song or movie, the website tells you that you need their player/codec/addon/whatever to play their material. It offers a button that you can just click on to get.

Well, if they say so, I must need it. Downloaded and executed, you’re now infected. (And where was that anti virus program?)

Protection:

Try to find out what exactly you need (usually Adobe’s Flash Player) and go to the source to get it. Don’t trust the link or message – it can say one thing and do another. Remember that any display badge or icon that asserts some level of protection is just an image that can be pulled from any website (just as I did for these images).

Keep your flash player up to date. Adobe Flash is the primary player used to play videos on the internet. Get it directly from Adobe. (Better solution, uninstall Flash and use Google Chrome – Flash is built-in)

A codec is a piece of software that translates the binary version of a movie into video and/or audio.

Windows comes with all the codecs you need to play internet media. Any website that requires you to use their codec is probably trying to infect your computer.


“An anti virus program protects me”

As long as you believe that any software can protect you from hackers, you will be hacked. There are tool kits available that are designed to find and exploit vulnerabilities in software. There are researchers developing new exploits and selling them to hackers.

To those that enjoy the challenge of compromising a system in some way, an anti virus program is just another hurdle to overcome.

Security programs of any kind, are good at detecting what the know about or are designed to look for ONCE THE MACHINE IS EXPOSED TO THE MALICIOUS CODE.

Use your anti virus software for repairs at the first sign of problems. Don’t rely on it to stop everything.

Protection:

In addition to whatever security programs you choose to use, practice preventative protection. Block javascript in your browser, use third-party PDF readers, sanitize your computer of the internet residue.

More information on the {Internet Security} page.


“A firewall enhances my security”

Yes, it does. If you know how to use it.

A firewall is a device (software or hardware) that looks at all of the packets of information coming into and out of your computer – traffic to/from the internet and other computers in your network.

Firewalls look at each packet and make determinations about the packet based on the information in the packet (address, port, etc.) and the ruleset the firewall applies to each packet. Should the packet pass or be dropped? Hackers trying to use non-standard ports (that are closed by the firewall) will be thwarted in their attempts. Firewall works.

World Wide Web traffic is delivered via port 80. If a firewall blocked port 80, you’d have no internet. So hackers have learned to use port 80. Firewall fail.

Consumer firewalls have tried to make firewalls easy to use. Most will allow common traffic through common ports and still block non-standard ports.

If hackers are using the common ports then a firewall that can examine each packet and execute rules based on the packet contents would be needed. Expensive and used in large organizations.