Human Factors
Thu, Feb 15
For today's lecture we go low-tech to the extreme, eschewing technological hacks to go after human targets through the art of persuasion. "Social Engineering", or the manipulation of people to get them to do what you want, has been around forever. In the early 20th century, the media theorist Edward Bernays popularized the idea of using advertising as a form of behavioral control. Carefully crafted messages could convince people to do things, even if they weren't true. Phone phreaks picked up on this idea in order to fool employees of the Bell System into giving them unauthorized information and access. Naturally, social engineering evolved as hackers realized they could use the same techniques to fool ordinary users and even system administrators to break into computers. We have three learning goals for today. By the end of our lecture class, you will:
- Learn about the historical development of social engineering in the 20th century, from advertising to propaganda, on onward to the penetration of information networks.
- Recognize the basic strategies for conducting social engineering attacks.
- Understand that social engineering attacks remain highly effective and are the most difficult type of attack to defend against.
The digital artifact for today is The Art of Deception.
The slides for today's lecture are available here.
Read This:
The readings for today cover mass communications history and the practice of social engineering by underground phreaks and hackers.
Mass communications scholars Robert Gehl and Sean Lawson on the control of people from the 1920s through the mid-1970s.
Malefactor [OC] on Social Engineering A Way of Life, a practical guide for hackers and phreaks.
Optional Reading: Chapter One of Ed Piskor's comic Wizzywig, which is based on the lives of Kevin Mitnick, Kevin Poulsen, Steve Jobs, Steve Wozniak, Bill Gates, and many other hackers.
Do This:
Writing Reflection 02
See the instructions posted on the assignment's page.
This writing reflection is due on 2/20 at 5pm.