ebook img

Social Engineering: Hacking Systems, Nations, And Societies PDF

257 Pages·2020·2.534 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Social Engineering: Hacking Systems, Nations, And Societies

Social Engineering Hacking Systems, Nations, and Societies Social Engineering Hacking Systems, Nations, and Societies Michael Erbschloe CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2020 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an informa business No claim to original U.S. Government works Printed on acid-free paper International Standard Book Number-13: 978-0-367-31337-1 (paperback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information stor- age or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www. copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis website at http://www.taylorandfrancis.com and the CRC Press website at http://www.crcpress.com Contents Author ix ChApter 1 IntroduCtIon to SoCIAl engIneerIng uSe by bAd guyS 1 1.1 Understanding the Breadth of Social Engineering as a Weapon 2 1.2 Social Engineering Fraud Schemes 5 1.3 The Cyber Underground 8 1.4 FBI and Strategic Partnerships 9 1.5 The Basic Steps to Countering Phishing Attacks 11 1.6 A New Level of Social Engineering for the 21st Century 14 1.7 The Organization of this Book 18 1.8 Conclusion 20 1.9 Key Points 21 1.10 Seminar Discussion Topics 22 1.11 Seminar Group Project 23 Key Terms 23 References 24 ChApter 2 the ContInuum of SoCIAl engIneerIng ApproACheS 27 2.1 What Social Engineering Attackers Want 27 2.2 Common Types of Fraud 31 2.3 Socially Engineered Larger-Scale Investment Scams 39 2.4 Ways Social Engineering Attackers Work 48 2.5 Conclusion 50 2.6 Key Points 50 v vi Contents 2.7 Seminar Discussion Topics 52 2.8 Seminar Group Project 52 Key Terms 52 References 53 ChApter 3 CrImInAl SoCIAl engIneerIng ACtIvItIeS 57 3.1 The Tech Support Scam 58 3.2 Business Email Compromise 61 3.3 Social Engineering of Education Scams 63 3.4 The Avalanche Takedown 64 3.5 Takedown of the Gameover Zeus and Cryptolocker Operations 66 3.6 Social Engineers are Striking on Numerous Fronts 68 3.7 The North Korean Connection 71 3.8 Conclusion 74 3.9 Key Points 74 3.10 Seminar Discussion Topics 76 3.11 Seminar Group Project 76 Key Terms 76 References 77 ChApter 4 SeCurIng orgAnIzAtIonS AgAInSt SoCIAl engIneerIng AttACkS 81 4.1 The Basics of Security for Social Engineering Attacks 81 4.2 Applying the Cybersecurity Framework is an Ongoing Process 83 4.3 The Framework Components 85 4.4 Developing Security Policies 88 4.5 Protecting Small Businesses from Social Engineering Attacks 91 4.6 Establishing a Culture of Security 95 4.7 Conclusion 99 4.8 Key Points 100 4.9 Seminar Discussion Topics 101 4.10 Seminar Group Project 101 Key Terms 101 References 102 ChApter 5 SoCIAl engIneerIng AttACkS leverAgIng pII 105 5.1 Defining Personally Identifiable Information (PII) 105 5.2 Why PII is a Problem 107 5.3 Identity Theft is Made Easy with PII 110 5.4 Self Disclosure of PII is also a Problem 113 5.5 The Harassment of Doxxing 114 5.6 Pending Congressional Legislation Addressing Doxxing 118 5.7 Real Examples of Doxxing and Cyberbullying 120 5.8 Conclusion 123 5.9 Key Points 123 Contents vii 5.10 Seminar Discussion Topics 124 5.11 Seminar Group Project 124 Key Terms 124 References 125 ChApter 6 hACkIng the demoCrAtIC eleCtorAl proCeSS 127 6.1 How Active Measures Have Progressed Over Time 127 6.2 Social Engineering Patterns in Politics 132 6.3 Social Engineering Political Messages 133 6.4 Social Engineering People 139 6.5 Department of Justice Actions Against Social Engineers 141 6.6 Conclusion 147 6.7 Key Points 147 6.8 Seminar Discussion Topics 148 6.9 Seminar Group Issue 148 Key Terms 148 References 150 ChApter 7 SoCIAlly engIneered AttACkS by InSIderS 153 7.1 The Nature of the Insider Threat 153 7.2 National Security and Social Engineering Threats 156 7.3 The National Insider Threat Task Force 159 7.4 Social Engineering Attacks on Businesses 165 7.5 Basic Steps to Protect Against Insider Threats 171 7.6 Conclusion 173 7.7 Key Points 173 7.8 Seminar Discussion Topics 174 7.9 Seminar Group Project 174 Key Terms 175 References 176 ChApter 8 eduCAtIng people to prevent SoCIAl engIneerIng AttACkS 179 8.1 Social Engineering Attacks Come in Many Shapes and Sizes 179 8.2 The Diversity in Electoral Populations that Need Education 181 8.3 Neutralizing Click Bait by Educating Internet Users 189 8.4 Rethinking How to Package the Social Engineering Prevention Message 191 8.5 Preventing Radicalization of Individuals 194 8.6 FBI Kids 200 8.7 Conclusion 205 8.8 Key Points 205 8.9 Seminar Discussion Topics 206 8.10 Seminar Group Project 207 Key Terms 207 References 209 viii Contents ChApter 9 the ASCent of Cyber dArkneSS 211 9.1 The Evolution of Cyber Threats and Vulnerabilities 211 9.2 Nationwide Cybercrime Sweeps are Impressive but not Enough 216 9.3 The Man Who Knew About Social Engineering and Fraud 218 9.4 Law Enforcement Training on Cybercrimes 220 9.5 Conclusions 222 9.6 Key Points 222 9.7 Seminar Discussion Topics 222 9.8 Seminar Group Project 223 Key Terms 223 References 223 gloSSAry 225 Index 235 Author Michael Erbschloe has worked for over 30 years performing analysis of the economics of information technology, public policy relating to technology, and utilizing technology in reengineering organization processes. He has authored several books on social and management issues of information technology, most of which cover some aspects of information or corporate security. He has also taught at several universities and developed technology-related curricula. His career has focused on several interrelated areas: technology strategy, analysis, and forecasting; teaching and curriculum development; writing books and articles; speaking at conferences and industry events; publishing and editing; and public policy analysis and program evaluation. He has authored books and articles addressing the use of the Internet and social media in social engineering efforts. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.