Network: A to Z of the digital world
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.S is for social engineering. While many people think that hackers' social skills begin and end at a keyboard, those who have been at it longest know that what they do in front of a screen is only a small part of their expertise. As one wise old hacker described it at a recent conference, "If engineering is about using spanners to loosen nuts, social engineering is using social skills to do the same to people."
The technique was then demonstrated to a breathless audience of hundreds, as a hacker on the stage rang up the Directory Enquiries department of the local telephone company (Nynex, as the conference was in New York) and proceeded to persuade the female operator that he was working in another part of the company but the computers had gone down, and could she look up the Reverse Number and Address (RNA) list to find out what address a particular number came from?
All phone companies have RNA databases, but they are carefully protected, and access to them is carefully monitored. But it took no more than three minutes for the hacker to charm the operator - commiserating at having to work on a Sunday, at the hassles with the computers going down - into looking up a number on the RNA system and reading out the address. (If you're not impressed, try it with BT.)
Social engineering often means discovering important peoples' personal details - such as names and birthdates of spouses or children (in order to guess passwords). Or it might entail finding out what version and make of operating system a particular department uses (in order to exploit any faults in it, or even to send a fake "improvement" which lets the hacker in). All are among the techniques hackers have used.
The key point about social engineering is that it is applied to the people in an organisation who have maximum access to information but the least direct involvement in controlling that information - such as the hapless telephone operator targeted by the hacker. (Other favourite targets are secretaries, especially temps.) The moral? Attacks on computer systems do come over phone lines but often in voice, rather than data, form.
CHARLES ARTHUR
Correction: Last week's description of RISC omitted to mention Acorn's Archimedes, launched in 1987, which was the first personal computer to contain a RISC chip.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments