Social engineering

HomePage | Recent changes | View source | Discuss this page | Page history | Log in |

Printable version | Disclaimers | Privacy policy

In its most usual sense, social engineering is a mainly pejorative term used to describe the intended effects of authoritarian systems of government. The implication is that some governments are intending to change or "engineer" their citizens, for example, by the use of propaganda.

Social engineering has been used by programmers to mean the art of conning a naive person into revealing sensitive data on a computer system, often the Internet. Contrary to popular belief, most computer break-ins do not come about because the so-called cracker has special software, computer equipment, or special knowledge. They happen because the cracker was able to obtain sensitive information from some weak point in the chain of information, usually from unaware people.

A common approach is dumpster-diving for a piece of paper with a username and password on it. Another ploy is to obtain a username through a similar method and call a secretary or low-level bureaucrat on the telephone, posing to be that person (or systems administrator) and requesting a password change or feigning a forgotten password.

The most common has become tricking the user into thinking you are an administrator and requesting the password for debugging purposes. Users of internet systems frequently receive messages that request password or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation. Users of these systems must be warned early and frequently to not to divulge sensitive information, passwords or otherwise, to people claiming to be administrators. In reality, administrators of computer systems rarely, if ever, need to know the user's password to perform administrative tasks.