Social Engineering 2.0 & social hacking through Internet - All you need to know
Ankit Agarwal, Founder, Do Your Thng (DYT), writes about Social Engineering 2.0, which explains in detail as to how social hacking is done through Internet.
Books are the source of all knowledge. Read, read and then read some more. That’s what most of us were told. (Well, those of us who have crossed a ‘certain’ ripe old age.)
To all those parents, mentors and random strangers out there who said the words, ad nauseam; we beg to differ.
The other day when another person heard yet another new thing on yet another series – it gave us a pause. Why, you ask again? Because this time the words sounded familiar - Social Engineering.
What Is Social Engineering?
Google will tell you that social engineering is the art of manipulating people to do what you want. The person who does it tricks others into divulging any and all information. Originally, it started face-to-face and then morphed to phone calls and emails. You know those stories about ‘a bank guy calling and asking to reconfirm some account details?’ Those are typical samples of social engineering.
The best (worst?) part of human hacking is that the victim doesn’t even realise they are giving away private information. You get played and recognize it only after the fact.
A Real-Life Example Of Social Hacking
In 2016 someone, thanks to social engineering, hacked into the U.S. Department of Justice and revealed the contact details of thousands of FBI and Homeland Security officers. The case was a minor one. (You’ll understand why as you read on.)
Getting To Human Hacking Version 2.0
This type of duping, using a fake email or phone calls to get data, was then. Now, social hacking is done through the internet (read: social media). We call it Social Engineering 2.0. With internet platforms in play, the manipulation occurs at individual and societal scale. [We’d like to mention here that makers of these networks might not have intended for the sites to be used this way, but it is occurring.]
So, how does SE 2.0 work?
For that, you need to know about the principles of influence. There are six principles of persuasion, but social hacking 2.0 profoundly depend on three relevant ones:
Consensus – People love to do things that they see others doing. In other words, social proof gets people going.
Authority – People will do a thing if an authority figure says so, even if the act is slightly objectionable. E.g., top instagram influencers enticing their followers to buy fur clothes.
Liking – People get persuaded by individuals whom they adore, effortlessly. E.g., If Michelle Obama says “Gurl, you need more salads.” We’ll do it! (Even though, we love us some French fries.)
The role social media plays…
When you combine the 3 principles with the acres of data on the Internet, it is laughably simple to manipulate just about anyone. Let’s paint the picture more vividly:
Say you come across an Instagram profile. One glance shows you they love books. A few clicks and you skip over to their Facebook profile which tells you where the person lives, their hometown, their school, and hell even who their third cousin twice removed is. Now if you were a human hacker, all you need to do is appeal to the love of books and the user is hooked.
The point is throughout social media people leave bread crumbs. Anyone can pick up these titbits of personal information and form a complete web ready to be manipulated.
It sounds straightforward, but the beauty of it is in the emotional and psychological aspects attached. Human hacking is sneaky, scheming and wily, not just plain technicality. And even the technical side is not safe. In the first half of 2018, almost 2.5 billion records were compromised on social media alone.
Another Real Life Example
That was a hypothetical case. What Cambridge Analytica did with data from Facebook is a real example of social engineering. Experts have explained how human hacking was used as part of influence campaigns to alter the US presidential elections in 2016. The instance literally embodies how social media can amplify social engineering. So much so, that it can become a threat to not just one community but globally.
Now, you get why we said that the DoJ hacking was a minor example? Compared to the ‘yuuuge’ results of the election, a few contact details are insignificant.
FYI, we selected Cambridge Analytica as an example even though it happened three years back because it is very germane to the political scenario in India. Didn’t we tell you about the social elections?
We Need More Conversations About It
In layman lingo, social engineering 2.0 is a long con played virtually. Anyone with access to the internet can persue through millions of profiles at leisure and practice the same old tricks of appealing to vanity, greed or authority to get a specific outcome. Brands do it to advertise products; others can do it for more nefarious reasons.
The key to fighting SE is awareness, and it is why we need to talk about it. By addressing the pitfalls of social media, we hope users become aware, if not mindful of the vulnerabilities. We endeavour to make social media a haven, a place that is better than before. And making Generation Z, for whom privacy is almost non-existent, conscious of how their turf is being exploited, is a step closer to that objective.
We’d like to make one distinction clear as a crystal here. By no means are networking sites the source of human hacking. They are helpless tools leveraged by people to reach wrong ends and dialogues can bring to light the ways these same platforms can be employed to counteract social engineering.
So, let’s have a chat about it!