Thursday, January 21, 18:27
Home inet Social Engineering Hacking Man

Social Engineering Hacking Man

Jayson E. Street is a guy with glasses and a warm smile. Of course, it does not look at all like the hacker stereotype that often appears in movies (ie somewhat pale, and anti-social). But Jayson is a hacker and even a human hacker…

social hack

Street the master of cheating: She is a social engineer, and specializes in security awareness and violations that require physical presence. He is honest, friendly, always smiling, and besides working in this field, he is also InfoSec Ranger at Pwnie Express, he is known for his books and lectures all over the world.

Information security professionals generally agree that people are the weakest link in security. Workers must have access to do their job, and so attackers are increasingly targeting them instead of the network to penetrate the system.

A successful social engineer must have a broad set of skills. The most important thing seems to be to be able to understand the depth of human emotion. Reading people's faces, interpreting gestures, especially in a foreign country with an appreciably different culture, is a very difficult task that requires unlimited practice and skills.

Essentially, an experienced social engineer is the closest we have to the expression "mind reader." From the expression of a person and the situation he faces he can create a scenario that gives him the advantage.

As Ernest Hemingway once said: "When people talk, listen completely. Most people never listen. " Well, that's what social engineers do.

Information is the most valuable asset in the world today, and Jayson knows how to get it. During an interview with HNS, he reported that he had broken networks in the US, Malaysia, Jordan, Germany, Jamaica, France and Lebanon.Jayson Street hack

His tools?

"I broke a bank in Beirut, Lebanon, wearing a DEF CON leather jacket. "I do not speak Arabic or French, and honestly, I do not bond well in this city," Jayson recalls.

As you can imagine, this did not stop him. He ended up in an employee's office chair that allowed him to connect his Hak5 Rubber Ducky USB to his computer. At the end of the "visit" to the bank, he had the manager ID of the user bank employee, their password and a smart card.

"Armed with this information I can find my way to their internal LAN."

Naturally, the bank's managers were shocked by the loose security. They knew that if someone else had this type of access, the funds could be emptied.

"I'm not the best coder or exploit programmer. I am not and I will never be such a guy. But it does not have to be, if I have a screwdriver and I can get the hard drive from your server. I do not need to bypass the firewall if I can bypass the receptionist, ”he says.jaysonstreet spotthegeek hack

Jayson continues:

"Last year I managed to bypass the entire infrastructure of a high-class hotel on the French Riviera, wearing Ninja Turtles pajamas and walking barefoot."

Confidence is the key. During this walk he fell on an unprotected entry to the workers area, and within 30 minutes he was at the corporate office.

In these facilities after office hours the security was non-existent: desks, unlocked computers, drawers open…

"I have never had a problem anywhere, even in government or financial institutions. "In fact, a guard once helped me take the server out of the computer room and put it in my car," he recalls happily.

Anti - social engineering

"I do not try to destroy companies. "I make commitments for social awareness - my job is to educate people so they can understand."

Jayson even seems to be really trying to get caught. In his last "attack" he made suspicious intentional moves to manifest himself. In vain…

"I recently broke into a very safe building in New York across from Ground Zero, wearing a T-shirt that read 'Your company computer guy.'

After the violation he went back to the building and explained to the people involved what had happened and why. It is the point of his work aimed at raising awareness of security issues.

"Despite the outcome of my attacks, I have never met an idiot user," he notes. "But I see uneducated users who do not have the proper training," he says, explaining that safety training should be an essential part of employee training.

His advice?

1. If you feel like something is wrong, listen to the voice that tells you to react.

2. Organizations should have some people they can call in case of doubt, or an email address through which help can be reached. Every employee should know that if he or she sees a suspicious person wandering around, or when he or she receives a suspicious e-mail, he or she may notify someone who will investigate what is happening. "Do not approach the person, do not open the attachment, inform the security", he advises.

This advice may sound simple, but Jayson's adventures around the world prove that even the largest organizations in the world still have not implemented basic security measures and do not have trained employees.

Hacking; People remain the weakest link of security.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...