Social Engineering in Psychology through the lens of a Software Guy

Social Engineering



WHAT

This is a very interesting topic covered in this week's seminar and pertains to the social aspect of hacking i.e - hacking humans. From an Information Security standpoint, social engineering is a danger to privacy since it involves psychologically manipulating individuals into completing actions or disclosing personal information. Social engineering is a con used to obtain information.

Social engineers are essentially con men that use some of these techniques to con people [1]- 
  • Authority - People are exploited for their respect or fear of authority
  • Reward - People are misled to divulge sensitive information as a means to get some reward like prize money etc.
  • Moral Compass - People are led to act out of a sense of moral duty.
  • Guilt - People are imbued with a false sense of empathy and manipulated to give away information.
  • Desire to Please - People naturally want to help others and a social engineer can leverage this.
 Coming into this seminar, I knew some of the social engineering attacks -
  • Phishing
  • Trojans
But seeing things from the human side of things has been refreshing. Originally my knowledge of Social Engineering was limited to just attacks against persons to elicit sensitive personal information. But now I am able to see that Social Engineering is a broader umbrella that goes beyond attacks.
I was able to relate Online Marketing and Influencing as another Social Engineering tactic.

WHY

Being a hardcore computer/software engineer for many years, I have been exposed to the good and the bad side of computing. The bad being - Black/Grey Hat Hacking. I believe that hacking a computer requires a deep understanding of the following - 
  • Computer Organization - Structure and behavior of a computer and its associations with other computers on a network.
  • Computer Architecture - Set of rules and methods that describe the functionality, organization, and implementation of computer systems.
  • Computer vulnerabilities - Flaw or weakness in a system or network that could be exploited to cause damage.
The reason why I chose to write about this is that social engineering is pretty much the 3 points above but just replacing Computers with humans.

Hacking the human mind or social engineering requires a deep understanding of the following
  • Human Organization - Behavior of humans and their interactions with others.
  • Human Mind Architecture - Human tendencies, desires, fears, influences, and how they function and respond to different situations
  • Human Vulnerabilities - The points mentioned in [1] like Reward, Morality, Guilt, etc form the foundation of human vulnerabilities.
Since much of what we do today is on the internet, securing our data and learning about potential threats is important. In today's day and age, it is much harder for a hacker to hack your password than it is to manipulate and trick you into revealing your password.
Social media has changed the way individuals generate and receive information. Unlike traditional media broadcasts, which are passively absorbed, social media relies on individuals to intentionally spread the content they receive to their social relationships. And they do spread this and this spreads like a pathogen. These 2 sides of Social Engineering were riveting.

HOW

Firstly, everything seen on the internet should be taken with pinch of salt. Things seen on Social media shouldn't be taken at face value and always should be researched by the self. An analytical mind is beneficial when trudging through social media and the internet.
The same mindset is necessary when dealing with social engineering elements like phishing scams.
On one hand, this topic chalks out all the facets of Social Engineering and the steps we can take to protect ourselves. 
But as a Software Engineer, some of these facets will be very useful when building applications, and I plan to leverage these concepts to build better/useful habit-forming products and applications - 
  • Contagion Effect - Spreading positive energy/emotion and helping users mimic this behavior
  • Cognitive Dissonance - Help remove fatigue by providing the right/true information and being transparent
  • Online Disinhibition Effect - Provide a safe space to talk and converse and ensure the threads are moderated to inhibit negativity.

Comments

Post a Comment

Popular posts from this blog

Internet Addiction and Ethics from the lens of a Software Engineer

Image
What Neither the WHO nor the APA has officially classified the use of the internet and services on the internet as an addiction. But, excessive use of the internet can now be accepted as an addiction for several reasons Excessive internet usage follows the patterns of other behavioral addictions like cigarettes and gambling. Neuroimaging studies have shown that users with internet addiction have the same areas in their brains active as those with recognized behavioral and substance addictions ( link ) Another issue with the word internet addiction is that, despite our use of it to refer to a single type of addiction, it appears to contain numerous distinct addictions. The internet is merely a platform for other activities and services. It's important to keep in mind the different services that can cause an addiction Games Social Media Gambling Shopping Pornography I will mostly try to highlight the addictions related to Social Media, Shopping in this blog and maybe even touch base ...
Read more

Correlation of Psychology with Software Engineering (UI/UX)— Personas

Image
  As Software Engineers, we often build digital solutions for our end-users. In the last 5 years, I have created 3 production-level web applications. NimbleBuy : A portal for users to buy groceries. Diaspora : A portal for immigrants to get acclimated to a new place they move to. ( mobile app ) Banter : A portal for students to connect, converse, exchange ideas, trade books, and other items. It can easily be inferred that the target users for each of those 3 applications are entirely different. Our job isn’t just to churn out code for the bottom line. In my opinion, building digital solutions go beyond the realm of computer science and into the realm of psychology. When I work on any project that involves some type of UI that a user sees, I spend a big chunk of time doing the following - Picking a color palette (Good Color Theory) Picking a UI design pattern/philosophy (To Minimize Cognitive Load) Prototyping the user interface (Visual Harmony) Getting feedback (To increase empathy...
Read more

Aggression and operant conditioning in Video Games from the lens of a Gamer

Image
WHAT To give a little background, I have been playing video games for about 25 years since one had to type in P-R-I-N-C-E in the command line to start up the original Prince of Persia. Since then, video games have fascinated me and I have spent countless hours playing all types of video games. I have owned almost all the generations of the Sony Playstation and played almost all the first-party titles. I would categorize myself as an Achiever and Explorer gamer type as I try to milk every part of the game for what it's worth and try to get all trophies and achievements. I rarely if not ever play video games online except for an occasional Call of Duty Warzone or Pubg game. With that aside, I have noticed several patterns of aggression/frustration within myself that I will highlight here. But before that, we will see a paradigm shift in how online games are played now and how operant conditioning (OC) has changed in video games. OC was something new that picked up and researched and ...
Read more