1
00:00:00,280 --> 00:00:01,880
<v ->In this lesson, we're going to cover</v>

2
00:00:01,880 --> 00:00:04,080
all of the other social engineering things

3
00:00:04,080 --> 00:00:05,870
that we haven't talked about so far.

4
00:00:05,870 --> 00:00:07,070
So the first one of these is

5
00:00:07,070 --> 00:00:08,790
what's known as diversion theft.

6
00:00:08,790 --> 00:00:10,980
Diversion theft occurs when a thief tries to

7
00:00:10,980 --> 00:00:13,730
divert a shipment and take responsibility for it,

8
00:00:13,730 --> 00:00:15,620
and send it to a different location.

9
00:00:15,620 --> 00:00:17,480
So for example, maybe I call up FedEx

10
00:00:17,480 --> 00:00:18,990
because I know you have a new laptop

11
00:00:18,990 --> 00:00:20,430
being shipped to your office today,

12
00:00:20,430 --> 00:00:21,587
and I pretend that I'm you and say,

13
00:00:21,587 --> 00:00:24,110
"Oh, I'm not at my office, I'm actually at my house.

14
00:00:24,110 --> 00:00:25,800
It's at 123 Main Street."

15
00:00:25,800 --> 00:00:27,630
And now FedEx brings that over to me,

16
00:00:27,630 --> 00:00:28,950
that was a diversion theft.

17
00:00:28,950 --> 00:00:32,010
I mean, will they get it diverted to my location.

18
00:00:32,010 --> 00:00:34,350
The next thing we're going to talk about here is a hoax.

19
00:00:34,350 --> 00:00:36,600
Now, a hoax is an attempt at deceiving people into

20
00:00:36,600 --> 00:00:39,710
believing something is false even if it's true,

21
00:00:39,710 --> 00:00:42,080
or making them believe something is true,

22
00:00:42,080 --> 00:00:43,530
even if it's false.

23
00:00:43,530 --> 00:00:45,910
Basically, there's an idea of like a virus hoax.

24
00:00:45,910 --> 00:00:47,897
I might send an email out to all of my friends and say,

25
00:00:47,897 --> 00:00:50,120
"Hey everybody, there's a virus going around.

26
00:00:50,120 --> 00:00:51,650
To protect yourself from it,

27
00:00:51,650 --> 00:00:55,120
go to your C drive and delete your boot.ini file."

28
00:00:55,120 --> 00:00:56,850
Now, there really was no virus,

29
00:00:56,850 --> 00:00:58,790
but if they delete that boot.ini file,

30
00:00:58,790 --> 00:01:00,893
they can mess up their systems and prevent it from booting,

31
00:01:00,893 --> 00:01:02,800
causing them a problem, right?

32
00:01:02,800 --> 00:01:05,380
The hoax was I made them believe there was something there

33
00:01:05,380 --> 00:01:06,910
and made them take action into it.

34
00:01:06,910 --> 00:01:09,920
And again, that makes it part of social engineering.

35
00:01:09,920 --> 00:01:11,240
Now, the next one we have is

36
00:01:11,240 --> 00:01:12,500
what's known as shoulder surfing,

37
00:01:12,500 --> 00:01:14,530
and I think we've mentioned this before in the course.

38
00:01:14,530 --> 00:01:16,260
That's when you're sitting at the office working,

39
00:01:16,260 --> 00:01:18,986
and somebody comes up behind you and uses direct observation

40
00:01:18,986 --> 00:01:21,630
to obtain authentication information.

41
00:01:21,630 --> 00:01:23,490
So for example, as you're sitting there

42
00:01:23,490 --> 00:01:24,470
logging into your computer,

43
00:01:24,470 --> 00:01:26,880
if I look over your shoulder and watch your fingers,

44
00:01:26,880 --> 00:01:31,210
and see you type in "P-A-S-S-W-O-R-D," "password,"

45
00:01:31,210 --> 00:01:33,080
I now know your password, right?

46
00:01:33,080 --> 00:01:35,000
That's the idea here with shoulder surfing.

47
00:01:35,000 --> 00:01:36,480
It can be looking at your hands,

48
00:01:36,480 --> 00:01:38,090
or it can be looking at your screen

49
00:01:38,090 --> 00:01:39,550
and seeing the information on it

50
00:01:39,550 --> 00:01:41,270
that you're not authorized to get.

51
00:01:41,270 --> 00:01:43,160
The next one we have is eavesdropping.

52
00:01:43,160 --> 00:01:44,400
Maybe I'm going to stand around

53
00:01:44,400 --> 00:01:45,850
while you're talking with your boss,

54
00:01:45,850 --> 00:01:48,320
and overhear you telling him some information

55
00:01:48,320 --> 00:01:49,550
that I want to get.

56
00:01:49,550 --> 00:01:51,920
By listening in and doing that direct observation

57
00:01:51,920 --> 00:01:54,850
through my ears, I'm able to listen in to that conversation

58
00:01:54,850 --> 00:01:56,840
and get the information I want.

59
00:01:56,840 --> 00:01:58,680
The next one we have is dumpster diving.

60
00:01:58,680 --> 00:02:00,410
This is when a person actually scavenges

61
00:02:00,410 --> 00:02:02,223
for personal or confidential information

62
00:02:02,223 --> 00:02:04,810
in garbage or recycling containers.

63
00:02:04,810 --> 00:02:07,220
Yes, I know it sounds dirty, but guess what?

64
00:02:07,220 --> 00:02:08,530
Hackers are willing to do it.

65
00:02:08,530 --> 00:02:10,120
If they want to break into an organization,

66
00:02:10,120 --> 00:02:11,480
they're going to look through your trash.

67
00:02:11,480 --> 00:02:13,230
And one of the reasons is because there's good stuff

68
00:02:13,230 --> 00:02:14,800
in the trash that they can find.

69
00:02:14,800 --> 00:02:17,300
For example, maybe I go and I do a dumpster dive

70
00:02:17,300 --> 00:02:19,620
of your organization before I do a pen test,

71
00:02:19,620 --> 00:02:21,560
and from there I find a phone list,

72
00:02:21,560 --> 00:02:23,620
and I find people's names and their position

73
00:02:23,620 --> 00:02:24,800
and their phone numbers.

74
00:02:24,800 --> 00:02:27,810
Now I can use that as part of my social engineering campaign

75
00:02:27,810 --> 00:02:29,920
to get them to do what I need.

76
00:02:29,920 --> 00:02:31,620
The next one we have is baiting.

77
00:02:31,620 --> 00:02:34,270
Baiting is when a malicious individual leaves behind

78
00:02:34,270 --> 00:02:38,080
a malware-infected thumb drive or USB drive or a CD

79
00:02:38,080 --> 00:02:40,970
someplace around that somebody might have curiosity

80
00:02:40,970 --> 00:02:43,530
to pick up and insert into their computer.

81
00:02:43,530 --> 00:02:44,640
One of the ways that you do baiting

82
00:02:44,640 --> 00:02:46,490
if you're not inside the organization,

83
00:02:46,490 --> 00:02:48,000
is you can walk through their parking lot

84
00:02:48,000 --> 00:02:50,860
and drop a nice 64-gigabyte thumb drive in there.

85
00:02:50,860 --> 00:02:52,170
And if you drop it near somebody's car,

86
00:02:52,170 --> 00:02:54,750
they might see it and pick it up, bring it into work,

87
00:02:54,750 --> 00:02:56,880
plug it into the computer to see if it's empty,

88
00:02:56,880 --> 00:02:59,480
and then malware can be installed.

89
00:02:59,480 --> 00:03:01,200
The next one we have is piggybacking,

90
00:03:01,200 --> 00:03:03,670
and we talked about this back in physical security.

91
00:03:03,670 --> 00:03:06,730
This is going to occur when an unauthorized person tags along

92
00:03:06,730 --> 00:03:08,780
with an authorized person to gain access

93
00:03:08,780 --> 00:03:10,270
into a restricted area.

94
00:03:10,270 --> 00:03:12,240
For example, let's say I have a server room door

95
00:03:12,240 --> 00:03:15,790
that's protected by a combination lock or a cipher lock.

96
00:03:15,790 --> 00:03:17,920
I'm authorized because I'm assistant administrator.

97
00:03:17,920 --> 00:03:20,720
If I go in there and I PIN in and open the door,

98
00:03:20,720 --> 00:03:24,170
and somebody walks in behind me, that's called piggybacking.

99
00:03:24,170 --> 00:03:27,130
Now, it can even happen by me letting them in, right?

100
00:03:27,130 --> 00:03:29,170
Because again, social engineers can trick us

101
00:03:29,170 --> 00:03:31,600
into giving them access to things they don't need.

102
00:03:31,600 --> 00:03:33,720
But if they're coming in on my swipe of my badge

103
00:03:33,720 --> 00:03:36,990
or my PIN number, that means that's piggybacking.

104
00:03:36,990 --> 00:03:39,180
Finally, we have a watering hole attack.

105
00:03:39,180 --> 00:03:41,720
Now, watering hole attack we've mentioned before as well.

106
00:03:41,720 --> 00:03:43,240
This is when an attacker figures out

107
00:03:43,240 --> 00:03:45,840
where your users like to go, like a common website,

108
00:03:45,840 --> 00:03:49,020
they attack that website, embed their own malware,

109
00:03:49,020 --> 00:03:50,778
so next time when you go to that website,

110
00:03:50,778 --> 00:03:54,030
you download the malware and again, get access.

111
00:03:54,030 --> 00:03:55,610
Because you're trying to trick a user here

112
00:03:55,610 --> 00:03:56,980
into doing something you want,

113
00:03:56,980 --> 00:04:00,233
it also falls into this larger area of social engineering.

114
00:04:01,150 --> 00:04:03,418
(electronic music)