Companies spend millions of dollars on firewalls and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems.
It’s true, I had hacked into a lot of companies, and took copies of the source code to analyze it for security bugs. If I could locate security bugs, I could become better at hacking into their systems. It was all towards becoming a better hacker.
I got so passionate about technology. Hacking to me was like a video game. It was about getting trophies. I just kept going on and on, despite all the trouble I was getting into, because I was hooked.
As a young boy, I was taught in high school that hacking was cool.
Social engineering bypasses all technologies, including firewalls.
There is no patch for stupidity.
Social engineers veil themselves in a cloak of believability.
Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.
The key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network.
You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
Social engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker.
Oracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It’s not even illegal, because trash isn’t covered by data secrecy laws.