Network: A to Z of the digital world

Stay ahead of the curve with our weekly guide to the latest trends, fashion, relationships and more

Stay ahead of the curve with our weekly guide to the latest trends, fashion, relationships and more

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

S is for social engineering. While many people think that hackers' social skills begin and end at a keyboard, those who have been at it longest know that what they do in front of a screen is only a small part of their expertise. As one wise old hacker described it at a recent conference, "If engineering is about using spanners to loosen nuts, social engineering is using social skills to do the same to people."

The technique was then demonstrated to a breathless audience of hundreds, as a hacker on the stage rang up the Directory Enquiries department of the local telephone company (Nynex, as the conference was in New York) and proceeded to persuade the female operator that he was working in another part of the company but the computers had gone down, and could she look up the Reverse Number and Address (RNA) list to find out what address a particular number came from?

All phone companies have RNA databases, but they are carefully protected, and access to them is carefully monitored. But it took no more than three minutes for the hacker to charm the operator - commiserating at having to work on a Sunday, at the hassles with the computers going down - into looking up a number on the RNA system and reading out the address. (If you're not impressed, try it with BT.)

Social engineering often means discovering important peoples' personal details - such as names and birthdates of spouses or children (in order to guess passwords). Or it might entail finding out what version and make of operating system a particular department uses (in order to exploit any faults in it, or even to send a fake "improvement" which lets the hacker in). All are among the techniques hackers have used.

The key point about social engineering is that it is applied to the people in an organisation who have maximum access to information but the least direct involvement in controlling that information - such as the hapless telephone operator targeted by the hacker. (Other favourite targets are secretaries, especially temps.) The moral? Attacks on computer systems do come over phone lines but often in voice, rather than data, form.

CHARLES ARTHUR

Correction: Last week's description of RISC omitted to mention Acorn's Archimedes, launched in 1987, which was the first personal computer to contain a RISC chip.