Let's Learn Computer Security!

Social Engineering

Social engineering

　Social engineering is And social engineering to trick people to get more information, such as getting information or personal e-mail address and address, ID, password, and phone number of the person deceived partner e-mail or phone, or SNS, etc. without hacking it is to.

Actual modus operandi

　Or on a phone call and e-mail address I want you to tell me Upon prize, I will send the goods, we get someone's name and the address of the other party. Disguise and software to distribute fake security software, to clean the virus transmitted to the user of the software to check the results of the virus lies, you will need to install spyware and viruses. (Called trashing) to scavenge the trash, steal the information necessary to cracking from there. To analyze the preferences and interests of its people from such tweets in SNS, to guess the answer to your secret question and password from there. If you have any such thing.

* Will be available by entering the ID and password are various services on the internet ... to take over the account. I say that stealing ID and password So, if the original is not available to users of that changing.

Social engineering - past cases

iCloud hack case

　Writer (blog media. Dealing and related topics IT) Gizmodo is taking over the account such as Gmail, Amazon, Twitter, iCloud (cloud services Apple) by social engineering, real name, phone number, address and credit card number I've been known to hackers. This is mainly due to inefficiency of the Amazon and telephone support Apple. Apple and Amazon have made changes to the security subject to this incident.

http://maclalala2.wordpress.com/2012/08/06/icloud-%E3%82%A2%E3%82%AB%E3%82%A6%E3%83%B3%E3%83%88%E3%82%92%E3%83%8F%E3%83%83%E3%82%AD%E3%83%B3%E3%82%B0%E3%81%95%E3%82%8C%E3%81%9F-mat-honan/

iCloudハック事件の手口がガード不能すぎてヤバイ | fladdict
http://fladdict.net/blog/2012/08/icloud-hack.html

「iCloud」ハック事件を受け、アップルがパスワードのリセット処理を停止（Computerworld） - Yahoo!ニュース
http://headlines.yahoo.co.jp/hl?a=20120809-00000003-cwj-sci

小4が不正アクセスで補導

　アメーバピグで女児が「仮想通貨をあげるから、IDとパスワードを教えて」と言ってパスワードを聞き出し、福井市の中学生のアカウントを乗っ取った。

小４が不正アクセス容疑　福井県警が補導：日本経済新聞
http://www.nikkei.com/article/DGXNASDG2101U_R20C11A2CC0000/

不正アクセスで奈良の小 4 補導 | スラッシュドット・ジャパンセキュリティ
http://security.slashdot.jp/story/11/02/28/0036201/%E4%B8%8D%E6%AD%A3%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E3%81%A7%E5%A5%88%E8%89%AF%E3%81%AE%E5%B0%8F-4-%E8%A3%9C%E5%B0%8E

Bibliography

サイバーテロ漂流少女　2012年2月27日第1刷　一田和樹（著）　発行所：株式会社原書房

ソーシャルエンジニアリングの対策 : 総務省国民のための情報セキュリティサイト
http://www.soumu.go.jp/main_sosiki/joho_tsusin/security/business/admin05.htm

ソーシャル・エンジニアリング - Wikipedia
http://ja.wikipedia.org/wiki/%E3%82%BD%E3%83%BC%E3%82%B7%E3%83%A3%E3%83%AB%E3%83%BB%E3%82%A8%E3%83%B3%E3%82%B8%E3%83%8B%E3%82%A2%E3%83%AA%E3%83%B3%E3%82%B0

ソーシャルエンジニアリングとは - はてなキーワード
http://d.hatena.ne.jp/keyword/%A5%BD%A1%BC%A5%B7%A5%E3%A5%EB%A5%A8%A5%F3%A5%B8%A5%CB%A5%A2%A5%EA%A5%F3%A5%B0

セキュリティ用語事典[ソーシャルエンジニアリング]
http://www.atmarkit.co.jp/aig/02security/socialengineering.html

ケビン・ミトニック氏、ソーシャルエンジニアリング攻撃を易しく解説 : INTERNET Watch
http://internet.watch.impress.co.jp/cda/event/2008/05/20/19618.html