Monday, July 6, 19:18 p.m.
Home inet Social Engineering Hacking Man

Social Engineering Hacking Man

Jayson E. Street is a guy with glasses and a warm smile. Of course, it does not look like the hacker's stereotype often shown in films (that is somewhat pale and antisocial). But Jayson is a hacker and even a hacker of people ...

social hack

Street the master of cheating: She is a social engineer, and specializes in security awareness and violations that require physical presence. He is honest, friendly, always smiling, and besides working in this field, he is also InfoSec Ranger at Pwnie Express, he is known for his books and lectures all over the world.

Information security professionals generally agree that people are the weakest link in security. Workers must have access to do their job, and so attackers are increasingly targeting them instead of the network to penetrate the system.

A successful social engineer must have a broad set of skills. The most important thing seems to be to be able to understand the depth of human emotion. Reading people's faces, interpreting gestures, especially in a foreign country with an appreciably different culture, is a very difficult task that requires unlimited practice and skills.

In fact, an experienced social engineer is the closest we have to the expression "mind reader." From the expression of a person and the situation he faces can create a scenario that gives him the advantage.

As Ernest Hemingway once said: "When people talk, listen completely. Most people never hear. "Well, so do the social engineers.

Information is the most valuable asset in the world today, and Jayson knows how to get it. During an interview with HNS, he reported that he had broken networks in the US, Malaysia, Jordan, Germany, Jamaica, France and Lebanon.Jayson Street hack

His tools?

"I broke up a bank in Beirut of Lebanon, wearing a DEF CON leather jacket. I do not speak Arabic or French, and honestly, I do not hang up well in this city, "Jayson recalls.

As you can imagine, this did not stop him. He ended up in an employee's office chair that allowed him to connect his Hak5 Rubber Ducky USB to his computer. At the end of the "visit" to the bank, he had the user bank account manager ID, their password and a smart card.

"Armed with this information I can find my way into their internal LAN."

Naturally, the bank's managers were shocked by the loose security. They knew that if someone else had this type of access, the funds could be emptied.

"I'm not the best coder or developer exploit. I am not and will never be such a guy. But it does not have to be if I have a screwdriver and I can get the hard drive from your server. I do not have to bypass the firewall if I can bypass the receptionist, "he says.jaysonstreet spotthegeek hack

Jayson continues:

"Last year I managed to bypass the entire infrastructure of a high class hotel on the French Riviera, wearing Ninja Turtles pajamas and walking without shoes."

Confidence is the key. During this walk he fell on an unprotected entry to the workers area, and within 30 minutes he was at the corporate office.

In these facilities after office hours the security was non-existent: offices, unlocked computers, drawers open ...

"I never had a problem anywhere, even in government or financial institutions. In fact, a guardsman once helped pull the server out of the computer room and put it in my car, "he remembers cheerfully.

Instead - social engineering

"I'm not trying to destroy companies. I make commitments to social awareness - my job is to educate people so they can understand, "he says.

Jayson does seem to really try to get caught. In his last "assault" he made suspicious moves to appear. In vain…

"I recently broke a very safe building in New York across from Ground Zero, wearing a t-shirt that reads 'Your company's computer guy.'

After the violation he went back to the building and explained to the people involved what had happened and why. It is the point of his work aimed at raising awareness of security issues.

"Despite the outcome of my attacks, I have never met an idiot user," he notes. "I see however uneducated users who do not have the proper education," he says, and explains that safety education should be an essential part of employee training.

His advice?

1. If you feel like something is wrong, listen to the voice that tells you to react.

2. Organizations should have some people who can call them in case of doubt, or an e-mail address through which they can get help. Every employee should know that if he sees a suspect person spin around, or when he receives a suspicious e-mail, he can alert someone who will investigate what is going on. "Do not approach the person, do not open the attachment, update security," he advises.

This advice may sound simple, but Jayson's adventures around the world prove that even the largest organizations in the world still have not implemented basic security measures and do not have trained employees.

Hacking; People remain the weakest link of security.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

00:02:04

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...

Microsoft Store Codecs updates confuse users

Microsoft released security updates through the Microsoft Store last week and has confused many users who want to secure ...