16-09-2016, 09:17 AM
Social Engineering technique to gather Critical Information of Social Networking Websites
[attachment=71049]
Abstract
Social engineering is a technique implied by penetration testers to find the loop holes in the security of web applications and organizations. The organizations often suffer harm from the unintended behavior of their employees that expose the organizations to security risk due to the unintentional insider threat. In this paper we describe the techniques that often used in social engineering to analyze unexpected insider threats extract from social engineering exploits and also the preventive measures against it. The social networking sites are the wide area of research due to the increase in growth of technology and human resources that leads to a crucial point of concern to be aware of the security aspects of social networking websites. We implied the social engineering technique to gain critical information about the target/ individual and to hack their social accounts.
INTRODUCTION
The penetration testers are hired by the companies to discover if the employees are not disclosing the sensitive information of the company. The penetration tester finds these loop holes with the social engineering. Social engineering starts with gathering background information on targets [1]. This information is generally gathered via dumpster diving and phone calls, and the usage of social networking sites that leads to a growing number of available social engineering tools and techniques. Now a day’s attackers can use social networking websites (SNSs) such as facebook to gather background information about the target.
SNS`s serve as communication platform by offering services such as private messaging and chats which can be used by the penetration tester while social engineering [2].
The entire Online Social Networking websites bring the friends and their family members together to share their critical information but still it lacks in the security of social websites. The shared information is freely opened accessible to all the users of social networking websites. When the photos are freely available, the unauthorized users can easily access the photos of others individuals and download it. The hacked image can be misused, such as creation of fake profile and the photo can be sold to other nuisance websites. This kind of data hacking activities in online social networks even leads the life to death [14].
Social networking websites are wide area of research for the researcher`s. The increasing growth in Technology and Human Resources provides the new platform to form social networks that is the crucialpoint of concern to be aware of social networking websites and built networks.
II. PENETRATION TESTING
Penetration testing is widely used to help the security of web applications and organizations also. The penetration testers discover vulnerabilities by simulating attacks on a target system. Testers use the techniques that gather input information about the target system and analyze the application’s responses to verify whether an attack was successfully done. Sometimes, in this technique the steps can’t be completed, which can leave part of some web application untested and vulnerabilities undiscovered. The work of penetration tester is to find these loops holes from the system and make the systems and organization more secure
III. SOCIAL ENGINEERING
Social engineering, in information security, is the art of influencing the people to give up their sensitive information. It is a type of confidence technique for the purpose of information gathering. Social engineering is a term describes a non-technical attack that relies on human interaction and tricking people to break normal security procedure. Criminals use social engineering technique because it is comparatively easier than other attacks. It is one of the most useful attacks, because its victims naturally want to trust other people and are of course helpful. The victims of social engineering are tricked into releasing information that they do not realize, will used to attack a particular network. Social engineers know the fact that people are not conscious of the value of the information they possess and are careless about protecting it [3, 7].
A. Types of social engineering
There are the two types of the social engineering that exists. The following are the names of the type of social engineering:
1. Human Based Social Engineering
2. Computer Based Social Engineering
[attachment=71049]
Abstract
Social engineering is a technique implied by penetration testers to find the loop holes in the security of web applications and organizations. The organizations often suffer harm from the unintended behavior of their employees that expose the organizations to security risk due to the unintentional insider threat. In this paper we describe the techniques that often used in social engineering to analyze unexpected insider threats extract from social engineering exploits and also the preventive measures against it. The social networking sites are the wide area of research due to the increase in growth of technology and human resources that leads to a crucial point of concern to be aware of the security aspects of social networking websites. We implied the social engineering technique to gain critical information about the target/ individual and to hack their social accounts.
INTRODUCTION
The penetration testers are hired by the companies to discover if the employees are not disclosing the sensitive information of the company. The penetration tester finds these loop holes with the social engineering. Social engineering starts with gathering background information on targets [1]. This information is generally gathered via dumpster diving and phone calls, and the usage of social networking sites that leads to a growing number of available social engineering tools and techniques. Now a day’s attackers can use social networking websites (SNSs) such as facebook to gather background information about the target.
SNS`s serve as communication platform by offering services such as private messaging and chats which can be used by the penetration tester while social engineering [2].
The entire Online Social Networking websites bring the friends and their family members together to share their critical information but still it lacks in the security of social websites. The shared information is freely opened accessible to all the users of social networking websites. When the photos are freely available, the unauthorized users can easily access the photos of others individuals and download it. The hacked image can be misused, such as creation of fake profile and the photo can be sold to other nuisance websites. This kind of data hacking activities in online social networks even leads the life to death [14].
Social networking websites are wide area of research for the researcher`s. The increasing growth in Technology and Human Resources provides the new platform to form social networks that is the crucialpoint of concern to be aware of social networking websites and built networks.
II. PENETRATION TESTING
Penetration testing is widely used to help the security of web applications and organizations also. The penetration testers discover vulnerabilities by simulating attacks on a target system. Testers use the techniques that gather input information about the target system and analyze the application’s responses to verify whether an attack was successfully done. Sometimes, in this technique the steps can’t be completed, which can leave part of some web application untested and vulnerabilities undiscovered. The work of penetration tester is to find these loops holes from the system and make the systems and organization more secure
III. SOCIAL ENGINEERING
Social engineering, in information security, is the art of influencing the people to give up their sensitive information. It is a type of confidence technique for the purpose of information gathering. Social engineering is a term describes a non-technical attack that relies on human interaction and tricking people to break normal security procedure. Criminals use social engineering technique because it is comparatively easier than other attacks. It is one of the most useful attacks, because its victims naturally want to trust other people and are of course helpful. The victims of social engineering are tricked into releasing information that they do not realize, will used to attack a particular network. Social engineers know the fact that people are not conscious of the value of the information they possess and are careless about protecting it [3, 7].
A. Types of social engineering
There are the two types of the social engineering that exists. The following are the names of the type of social engineering:
1. Human Based Social Engineering
2. Computer Based Social Engineering