Originally posted on SercureWorldExpo by Bruce Sussman
Famed hacker Kevin Mitnick learned early on to use emotion to manipulate and socially engineer his targets.
At the time, his targets were typically sysadmins, and the social engineering started with a phone call.
Mitnick says his favorite emotional tool was fear.
He writes about this in his book, “Ghost in the Wires”:
“I would call the company I’d targeted, ask for their computer room, make sure I was talking to a system administrator, and tell him, ‘This is [whatever fictitious name popped into my head at that moment], from DEC support. We’ve discovered a catastrophic bug in your version of RSTS/E. You could lose your data.’
This is a very powerful social-engineering technique, because the fear of losing data is so great that most people won’t hesitate to cooperate.
With the person sufficiently scared, I’d say, ‘We can patch your system without interfering with your operations.’ By that point the guy (or sometimes, lady) could hardly wait to give me the dial-up phone number and access to the system-manager account.”
Read at SecureWorldExpo
Download PDF here