A Review of: Hacking the Human: Countering the Socially Engineered Attack, by A Cullen and I Mann, JIW, Volume 7, Number 2, Published 2008
A Review of: Hacking the Human: Countering the Socially Engineered Attack, by A Cullen and I Mann, JIW, Volume 7, Number 2, Published 2008
This research stands the test of time as a classic study of social engineering attack strategies and what can be done to defend against them. While technology has obviously changed, these authors were advancing concepts and strategies to protect against these threats that we see in use today. Especially of interest are their suggestions of two-factor authentication using transient codes on cell phones. While the current technology is not what they envisioned…it is much better; they did understand how the use of multiple factors could thwart cyberattacks.
They also advocated for more aggressive training as well as pre-emptive exercises and scenarios to be developed to better inform staff on what to look for. In that case, this has actually happened to a large extent over the last two decades where most organizations mandate cyber awareness training for all employees that includes real world testing and mechanisms. This is a huge sea change where the employees are recognizing cyber scams on their own and reporting it up the chain of command. It is not realistic that a company or organization is relying on a single Chief Information Officer (CIO) to protect all of the staff, and the best scenario is when all staff or team members are aware, engaged, and proactively protecting their networks.
What was also prescient was their suggestions on the aggressive techniques that hackers would use to gather data over the phone while acting as a bank or reputable authority. These academics understood that the longer that they talked to someone, the greater the hackers’ chance to gain access to their trust…and bank accounts. The tried-and-true scams or fraud schemes that they lay out in this paper are still as viable and ongoing now as they were when this research was initially conducted. That being said, obviously many of the current attack vectors or techniques could not have been envisioned by the authors due to the rapid changes in technology.
What the authors hinted at and probably conceived in the future was a true multi-factor authentication security regime, but the JIW staff do not believe anyone could have realistically forecasted the rapid adoption of biometrics. As most know, the three factors are:
- Something that you know—an account log-in
- Something that you have—a code or password
- Something you are—biometrics
The rapid development of biometrics technology on smart phones has revolutionized the trust in many industries that allow anyone to have trust both ways for transactions around the world. While this does not stop all socially engineered attacks, it has sped up the trust factor a lot for many e-commerce, medical, banking, and other institutions that handle critical data. Taken together, these two academics deserve kudos for their foresight in their original research.
AUTHORS
Peregrine Technical Solutions, LLC Yorktown, VA
Dr. Leigh Armistead is the President of Peregrine Technical Solutions, a certified 8(a) small business that specializes in cyber security, and the Chief Editor of the Journal of Information Warfare. He graduated from the U.S. Naval Academy (1984), earned a master’s degree in Military History from Old Dominion University (1993), and a doctorate in Computer and Information Science from Edith Cowan University (2009). His major field of study is cyber power. He has published three books—all of which focus on the full spectrum of information warfare. He founded the International Conference on Cyber Warfare and Security, and the Vice-Chair Working Group 9.10–ICT Uses in Peace and War. He is a retired Naval officer.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
