How to think like a con artist (part 1)

In this two part feature, we explore the dos and don'ts to succeed as a fraudster and make a living from security testing.

Share

Fraud, lying, social engineering, the art and science of manipulating human beings for nefarious ends, goes back as far as the origin of the species. The techniques have been practised and perfected by a rogue's gallery of flimflam artists, from legendary carnival operator P. T. Barnum to infamous FBI mole Robert Hanssen.

But in our modern, security-centric world, this ancient craft poses an ever-present danger. Despite technological advances that present an illusion of security, we are as vulnerable as ever to the con.

IT security professionals frequently employ social engineering when analysing a company's overall security strategy. After all, even a completely locked-down computer network will not protect your company's secrets if someone can "tailgate" a group of employees through the front door, plug a remote-access device into an open network port, and walk out again. The sad fact is, even a social engineering amateur can be successful. People are gullible, and without a real-world test, you will never know how vulnerable your company really is.

With that in mind, we spoke to security experts in the field who perform these kinds of physical penetration tests on a regular basis to learn the tricks they use to bypass security. Armed with this knowledge, you stand a better chance at preventing a real attacker from stealing the recipe to your company's secret sauce.

Do: Research your target before you make contact

If you are going to do a realistic test, you need to do your homework. Selecting a target, whether a person or a company, is a fundamental first step to any test. Why go to the trouble to sneak into a building if, once inside, you find that the info you are looking for resides elsewhere?

"What you've got to do is learn about the target itself, and what information is valuable to the target," says Ira Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day and Zen and the Art of Information Security, Winkler is among the foremost experts in the art and science of social engineering.

Find your next job with computerworld UK jobs