Real Cases
RE: Reverse Social Engineering May 18 2007 10:29AM
Troy, Tony (tony troy capgemini com) (2 replies)
RE: Reverse Social Engineering May 22 2007 03:32PM
David Gillett (gillettdavid fhda edu)
How about "Sting operation".

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Troy, Tony
> Sent: Friday, May 18, 2007 3:29 AM
> To: Christopher Meyer; realcases (at) securityfocus (dot) com [email concealed]
> Subject: RE: Reverse Social Engineering
> Folks
> Do we really have to modify an already lousy description?
> "Social Engineering" is yet another example of the IT
> community bastardising established terms used perfectly well
> for decades in other disciplines (eg pyschology,sociology and
> political science), and in doing so confusing the meaning.
> Authoritarian states conduct Social Engineering in order to
> coerce the masses into thinking or behaving differently.
> Hackers, crooks and spies con their way in to organisations
> in order to do naughty stuff, or to get information. They do
> not use social engineering. As for "reverse social
> engineering", can't somebody just think up a completely new
> word? Suggestions please!!
> Regards
> Tony Troy
> __________________________________________
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Christopher Meyer
> Sent: 03 May 2007 17:02
> To: realcases (at) securityfocus (dot) com [email concealed]
> Subject: Re: Reverse Social Engineering
> On 3/9/07, Snoopy Brown <freefalled (at) gmail (dot) com [email concealed]> wrote:
> > I might be very wrong, but wasn't hp's recent fiasco prime for your
> paper?
> >
> > As I understand it, they did all sorts of illegal stuff.
> > Amongst them (useful to you), they portrayed themselves (the
> > "investigators") as other people to get information from
> the company
> > employees/executives.
> >
> That's normal social engineering, not reverse. Reverse is
> pretending to be the authority and getting someone to contact
> you for help. For example, you trick people into calling
> your number for Help Desk password resets instead of calling
> the actual number.
> To answer the original poster... I don't know if this one
> technically fits the definition but maybe if you stretch it a
> bit- Kevin Poulsen's redirecting old or shut down escort
> service phone numbers (google it if you aren't familiar).
> I'm not sure if that is more of a hack than reverse social
> engineering, it has elements of both. It does have sabotage,
> advertising, and assisting - all considered elements of
> reverse social engineering.
> I think you could also include some phishing scams in reverse
> social engineering.
> I'm trying to rack my brain for better examples, because I
> could swear I've heard of some, but none are popping to mind
> at the moment.
> Christopher Meyer - CISSP, GCIH
> Capgemini is a trading name used by the Capgemini Group of
> companies which includes Capgemini UK plc, a company
> registered in England and Wales (number 943935) whose
> registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
> This message contains information that may be privileged or
> confidential and is the property of the Capgemini Group. It
> is intended only for the person to whom it is addressed. If
> you are not the intended recipient, you are not authorized
> to read, print, retain, copy, disseminate, distribute, or
> use this message or any part thereof. If you receive this
> message in error, please notify the sender immediately and
> delete all copies of this message.

[ reply ]
RE: Reverse Social Engineering May 22 2007 07:34AM
David Harley (david a harley gmail com)


Privacy Statement
Copyright 2010, SecurityFocus