February 24, 2009

Social Engineering: Anatomy of a Hack

As the founder of Lares, a Colorado-based security consultancy, social-engineering expert Chris Nickerson is often asked by clients to conduct penetration testing of their on-sight security. Nickerson leads a team which conducts security risk assessments in a method he refers to as Red Team Testing. Watch Nickerson and his team pull off a diamond heist in this video.

Nickerson and crew recently took on such an exercise for a client he describes as "a retail company with a large call center." With some prep work, Nickerson says the team was able gain access to the company's network and database quite easily. Read on to find out how they did it, and what lessons you can take away for shoring up your organization's defenses. (To learn more about social engineering techniques, also see Social Engineering: Eight Common Tactics.)


More from Joan Goodchild

2 comments:

  1. Good article. Kevin Mitnick, an infamous hacker, wrote two excellent books about security breaches. One about social hacking called "The Art of Deception", and one on computer hacking called "The Art of Intrusion". You realize that nothing is completely safe. it's pretty much there for the taking if you know how to do it. "O, brave new world that has such people in it."

    ReplyDelete
  2. I found this fascinating, as well as alarming. Cyber security is no substitute for a good old fashion guard dog.

    ReplyDelete