Social Engineering: It’s Much Harder For Criminals

By Daniel Miessler on August 15th, 2006: Tagged as Information Security | Penetration Testing | Psychology | Security

The other day I was in the middle of doing something very invasive at an organization during a penetration test and I was struck with a thought: “Why is this so easy?” The answer was immediately obvious:

It was easy because I knew I could go to the CSO if I got caught.

Were I to be there illegally, i.e. without permission from top management, I probably would have had a much harder time pulling off the acting. I think pentesters should keep this in mind when they get the urge to claim that social engineering is easy.

  • Digg
  • Reddit
  • HackerNews
  • StumbleUpon
  • DZone
  • Google Bookmarks
  • Twitter
  • Facebook
  • del.icio.us
  • FriendFeed
  • Posterous
  • RSS
  • email
  

Comments

  • Carl M
    Well, if someone has spent time in jail/prison and doesn't mind it so much (perhaps considers the possibility a price that he is willing to pay), then this person would perhaps be able to pull it off as easily as you did. When I was in high school, I learned that I NEVER had to show a hall pass to the hall monitors. While SOME of them knew me and knew that I wasn't going to get into any trouble, many did NOT know me, but saw that I was walking with authority and intent ... looking straight ahead, nodding at them and saying hi as I passed, etc. I was NEVER asked to show a hall pass (though I always had one .. well except for a couple of tests I did just to see).
blog comments powered by Disqus

Twitter Microblog

twitter_icon      facebook_icon

Sample Original Content


Information Security

Tutorials and Primers

Culture & Society

Technology & Science

Politics

Philosophy & Religion

Miscellaneous

Tools & Projects


Blog Archives