I’m glad I saw Leo’s interview of Mitnick

Answering the question, “What is a friend?”

Steven Li–Homework 2

Class S–September 24, 2004

Reverse Engineering-It’s Not Limited to Computer Programs

A hacker is commonly imagined as a computer programmer who uses his or her skills to break into a computer system through the Internet. However, one does not need a computer to be a hacker, as the first hackers actually predated the Internet. Instead of exploiting security holes in programs, they exploited security holes in people. Common sense tells us to be wary around strangers, but conversely so, we let our guard down around people we know. The first hackers, called social engineers, used this common behavior to swindle thousands, sometimes even millions, of dollars from corporations as well as gain access to confidential information. All of these thefts were made possible because though friendship is a symbol of civilized culture, it is rarely kept in check and has become our greatest weakness.

Many of us don’t realize that friendship is a weakness at all. Friendship is associated with warm fuzzy feelings and memories of a group of co-workers or classmates enjoying each others’ company after a long day; what do not come to mind are the memories of cheating and backstabbing. Oftentimes, this is only because lucrative opportunities do not frequently appear. A broken alliance in a board game, perhaps a dollar for a drink that was lent but never returned—these are things that we’ve all encountered, but never paid much attention to because they were on a small scale. This does not mean, however, that people would not seize an opportunity given the chance. We act for our own benefit, and if the benefits of breaking the friendship outweigh the benefits of keeping it, we would logically choose to break it.

It’s hard to imagine what goal could justify cutting ties with your best friend, but that person being your best friend does not imply the inverse; you may not be his or her best friend. Social engineers are efficient because while their target will think of the social engineer in good standing, the social engineer may care little about the target. Keeping professional is something that anyone can do, but not everyone can notice. By building up friendships, the social engineer increases the potential reward for abusing the relationship, while the absence of feelings for the target keeps the backlash upon cashing in the reward at a minimum. The social engineer only needs to routinely socialize with the target in a polite and amiable nature, removing a need for a deep connection to be formed in order for the target to think of the hacker highly. Many of us already: spark small talk with a fellow commuter, making a social call, or stopping by a coworker’s desk for a minute. When repeated, the two people stand out more vividly in each others’ minds, even if they have no relationship outside of those talks.

We’re certainly not all social engineers, but we all have acquaintances that meet this description. If they asked you for a small favor, you would comply in the interest of keeping the relationship alive. If you declined, they would see you in a negative light, and we instinctively avoid ruining things we cherish, in this case the friendship with the other person. As the friendship gets stronger, the favors can get larger. Social engineers use the favors to get targets to break protocol and inadvertently give them access to what they want, but ordinary people can use the same favors to solicit what they want as well. If those people subtly show that they have nothing to offer you, they can garner favors without having to sacrifice anything of their own, other than socialization time. This is seen as early as the first time students get homework, as someone will eventually plead a friend to let them copy the homework. This comes at no apparent cost to the one with the homework, yet helps out the other person immensely. However, should the teacher catch them in the act, they will get in trouble, and the guilt of the one with the homework would outweigh future socialization with the homework copier. The lesson is not always learned, as the homework copier is sure to make assurances that they won’t get caught next time, and if the target is stubborn, the copier has a class full of other potential homeworks to prey upon.

Obtaining homework is miniscule in comparison to obtaining the equivalent of a senior executive’s yearly salary in one shot, but the possibility for either to happen is equal. The only requirements are effort and congeniality, things that cost nothing and are available to everyone. The fact that everyone may be a potential conman should not make one misanthropic, but rather people should simply be aware of the dangers present in the world. Being tricked by a friend is not something that only happens on television, but a definite possibility to anyone who remains ignorant. If more people were enlightened, the number of social engineers would decline, and we could all enjoy our friendships safely, as it was meant to be.

1 comment on I’m glad I saw Leo’s interview of Mitnick

  1. w00t Mitnick!

    I know a few Social Engineer people. Well, maybe not quite as such, but my family can get manipulative to a point of immunity. Which may or may not have had any perversly bad effects on my conscience.

Leave a Reply

Your email address will not be published. Required fields are marked *