Hello random Internet visitor. My name is Sebastian, and this spot on the web is dedicated to a practice called social engineering. What does that mean? Well, if hacking is to computers and computer systems, and phreaking is to phones and phone systems, then social engineering is to humans and human systems. Yes, social engineering is literally Hacking the Human. Welcome to my blog:
So what can I do here?
Good question. Basically, Hacking the Human is a work-in-progress that will hopefully continue to grow and evolve into a large collection of social engineering articles, podcasts, videos, and other material. In time, we hope to accumulate an active community that will help with these projects—which will not only insure some interesting activity, but will also save me from having to do all the work myself.
But those are all long-term goals. At this moment, you can pretty much just explore the site and see what we’re up to. You should be able to find a few biographies of some of my friends and heros that you can read, and I’m working on a few text-based games that will require social engineering. Also, a prank call archive is being built, so you should check that out while you’re here. Just look around and you’ll certainly find something you like, or you can email us suggestions and we’ll probably add something you like. Enjoy.
Can you explain social engineering a bit more?
Wikipedia defines social engineering as the art of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access. Furthermore, only in rare cases does an “engineer” ever comes face-to-face with the victim; most use telephone or computers to carry out their actions.
All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called “bugs in the human hardware,” are exploited in various combinations to create attack techniques like phishing and pretexting.
Is social engineering illegal?
Totally. I mean, why wouldn’t it be? While I generally only social engineer people to hear their reactions (i.e. for pranking purposes), there are others out there—even some companies—that do it to actually steal and use private information like credit card and social security numbers. In fact, social engineers have been being busted for decades now, some of the most notorious examples being Kevin Mitnick, Frank Abagnale, and Dave Buchwald. And to make matters worse, in December 2006, the United States Congress approved a Senate-sponsored bill making the pretexting of telephone records a Federal Felony with fines of up to $250,000 and 10 years in prison for individuals. It was signed by president George W. Bush on January 12, 2007. So in short: Yes, it is illegal.