Social Engineering. The Past. The Present. The Future.
Guest: Jenny Radcliffe | The People Hacker
Host: Marco Ciappelli
Life was so much better before. As my grandfather used to say: “Back in my day, we used to walk up hills both ways and nobody was bitching."
We all have heard the stories about a simpler, safer life, better values and not so much bad news as we have nowadays — especially when we hear about all these pesky technologies that are sneaking into our life. Evil, I tell you, bad news and nonsense! Sure, we have always had brilliant inventors and technological improvements in our lifetime, but, listen to me son, even machinery and equipment was better before — as God wanted them to be: simple, excellent and practical. You could also fix that stuff with a bit of brain and some tools. None of these telephones with a TV screen on them or computers plugged into that World Wide Web that sucks the soul out of you. They look at you, they trick you and they steal your privacy. They even make you trust things that are not true. Can you believe it? You have to be on guard because there are spammers and tricksters nowadays, son. I tell you__ nowadays.
People are funny, aren't they? Weird things happen in our collective brains. Humans have the tendency to overuse their selective memory, forgetting the bad stuff and idealizing the good; we even create our own fake news in our brain without even realizing it. Humans! So smart, and yet so dumb. Humanity — our damnation and our salvation.
So, what is this podcast about? Ah, glad you asked.
This episode of The Cyber Society is made possible by the generosity of our sponsors
To learn more about YUBICO, visit their page on ITSPmagazine .
Before I proceed further into this presentation, let me take a moment to remind you that ITSPmagazine is, and will always be a free publication.
Our mission is to raise awareness for cybersecurity by making it understandable, accessible, and part of everyone’s everyday life. Because of this, we rely on business sponsors, small individual donations and our own time and money to make this happen, and let me tell you there is nothing I would rather do than keep educating people about cybersecurity, running this column and ITSPmagazine.
Your company name and what you do would be mentioned right here and in many other places on the website. I promise I will make it affordable and well worth it.
So, get in touch with me if your company would like to join me on my quest to raise awareness about what it means to live in a Cyber Society — because there is no better place than here, and no better time than now, to talk about the future of this digitally connected world.
Ladies and gentlemen, in this podcast I am having a fun — and, hopefully, educational — conversation with my favorite social engineer from Liverpool, Jenny Radcliffe — also know as The People Hacker. What? Yes, of course I know tons of her kind in that city! Anyway, back to Jenny__ not only she is excellent at what she does for a living — I think, as I haven't figured that out yet — but she is also a smart, entertaining, and lovely person to chat with. As a matter of fact, we are planning a few more conversations after this; so stay tuned, enjoy this one, and come back for more.
In this first conversation, we talk about her and about social engineering: the past, present and future of it. For starters, she defines herself as "a life long social engineer" and a "non-technical one," which means that she specializes in the psychology side of it and all that has to do with the so-called human factor — aka, the way the earthlings think, act and react.
As we know, statistically more than 70% of data breaches are caused or facilitated by the carbon-based factor, and this is because technology is still — and dare I say (or hope) it always will be — very much created and used by humans. So what we wanted to discuss in this podcast is the past, present and future of social engineering at a superficial — sorta, kinda — level, starting with a definition of what it is and why it is so intrinsically connected with the condition of being human.
In a very minimalistic way, social engineering can be defined as "the manipulation of people." It is the deliberate exploitation or weaponization of human vulnerabilities or, even more simply, tendencies to psychologically manipulate people and induce them into performing actions or divulging confidential information. Fun!
Many like to think that technology is what has enabled social engineering. The truth is that social engineering has always been around, while contemporary technology has allowed it to become more accurate and effective. When there is a human in the line of fire, the more information we can gather about the target, the more effective the scams can be.
Social media is the ideal platform that has allowed social engineers to become much more effective and accurate, allowing the collection of information that would have required a serious amount of time and investigative skills in a pre-social media era. Now it’s there, available to be the first step of an accurate spear phishing scam, that is so much more effective compared with an old-school technique such as regular phishing emails where the game played is the numbers game. Nevertheless, that is still surprisingly — sort of — effective, and it goes to show that there are still so many kind-hearted people who will help that poor soul of a Nigerian prince.
So what about that Nigerian prince scam? It plays on basic human emotions — greed and temptation — and as laughable as it may seem when looked at from a professional cybersecurity perspective, it is actually quite effective. We all say that there is no free lunch, and yet that typology of the scheme has been used for hundreds or thousands of years and it still works. FYI, it is called the "Advanced Fee Scheme."
Ever since one human being wanted something and did not want to work legitimately for it, or maybe was looking for a shortcut to it, is when social engineering came to be. It involves stealing, deceiving and, most certainly, lack of morality. In some ways, social engineering has never changed. It had different names and different tools, but the core of the business is just the same. For example, the so-called 419 scam has been used with fax and traditional mail, and is now prevalent in online communications, but it goes back to the 18th or 19th centuries a very similar letter, entitled "The Letter from Jerusalem" or the "Spanish Prisoner,” used to go around, delivered by donkeys, instead cables and waves.
Hope and confidence are the emotions that can see just about everything, including lottery tickets, love, cars, and lipstick — and fraud. That is what makes us human and makes life worth living, isn't it?
What is happening now, then? What does present-day social engineering looking like, and what is its future going to look like?
Technology has gotten stronger, faster and its application is becoming surprisingly creative and astonishingly scary. From spoofing voices to deep fake videos, the technology is becoming more invasive and convincing. Of course, the arms race between the good and the bad sides persist. Cybersecurity has gotten better, and so the bar is raised; the new challenges include biometrics hacking, zero knowledge vaults and more, but as long as the human factor is involved, a social engineer in one way or another will be able to get through. As a matter of fact, the more sophisticated the cybersecurity technology becomes, the more we need to worry about the human vector, as it is the easiest way and soon enough it could be the only way.
But let's remember that what might look like our damnation — being human — is also our salvation.
No need to say that Jenny and I had a good time having this conversation, as we talk about cybersecurity from a perspective that is more human, and because of it, maybe a bit less scary.
We end this podcast with some tips and advice on how to recognize some of the most important red flags that can alert you of a social engineering attempt. If you get emotional, if there is money involved, and if there is a time rush factor, you might want to pause, take a breath and detach yourself from the engagement and think it over. There is a good chance that someone is trying to pull a joke on you.
Enjoy this one, and stay tuned for more conversations with Jenny Radcliffe.