Social Engineering: It’s Much Harder For Criminals

By Daniel Miessler on August 15th, 2006: Tagged as Information Security | Penetration Testing | Psychology | Security

The other day I was in the middle of doing something very invasive at an organization during a penetration test and I was struck with a thought: “Why is this so easy?” The answer was immediately obvious:

It was easy because I knew I could go to the CSO if I got caught.
Were I to be there illegally, i.e. without permission from top management, I probably would have had a much harder time pulling off the acting. I think pentesters should keep this in mind when they get the urge to claim that social engineering is easy.

  • Digg
  • Reddit
  • StumbleUpon
  • description
  • Google
  • del.icio.us
  • TwitThis
  • Facebook
  • MySpace
  • E-mail this story to a friend!
  • Print this article!

Viewing 1 Comment

    • ^
    • v
    Well, if someone has spent time in jail/prison and doesn't mind it so much (perhaps considers the possibility a price that he is willing to pay), then this person would perhaps be able to pull it off as easily as you did. When I was in high school, I learned that I NEVER had to show a hall pass to the hall monitors. While SOME of them knew me and knew that I wasn't going to get into any trouble, many did NOT know me, but saw that I was walking with authority and intent ... looking straight ahead, nodding at them and saying hi as I passed, etc. I was NEVER asked to show a hall pass (though I always had one .. well except for a couple of tests I did just to see).
 

Trackbacks

(Trackback URL)

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus

My Twitter Microblog

    Discovered Content


    About dmiessler.com

    This site is an avatar for my own self-assigned life purpose--an attempt to model the world in the most accurate way possible, and to do so without bias or fear of unpleasant truth. I desire to develop, articulate, and perpetually improve models of how things work, and then to use that understanding to increase happiness and reduce suffering. I seek those on similar paths and thrive on sharing an appreciation of the interesting and beautiful with others.



    Blog
    Study
    Writing
    Infosec
    Technology
    Politics

            

    Top Original Content


    Security & Technology

    Philosophy & Science

    Culture & Society

    Blog Archives