Masters of Deception
A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
LISA '98 Proceedings of the 12th USENIX conference on System administration
Theoretical System Administration
LISA '00 Proceedings of the 14th USENIX conference on System administration
Social engineering in information assurance curricula
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Journal of Computing Sciences in Colleges
Whispers in the hyper-space: high-speed covert channel attacks in the cloud
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Hi-index | 0.00 |
Many companies spend hundreds of thousands of dollars to ensure corporate computer security. The security protects company secrets, assists in compliance with federal laws, and enforces privacy of company clients. Unfortunately, even the best security mechanisms can be bypassed through Social Engineering. Social Engineering uses very low cost and low technology means to overcome impediments posed by information security measures. This paper details a Social Engineering attack performed against a company with their permission. The attack yielded sensitive company information and numerous user passwords, from many areas within the company, giving the attackers the ability to cripple the company despite extremely good technical information security measures. The results would have been similar with almost any other company. The paper concludes with recommendations for minimizing the Social Engineering threat.