Social engineers are nothing new to society. In some sense they’ve always existed but they’ve just been going by different names. Conman, grifter, flimflammer, trickster. I think you get the point. A social engineer is a person who uses his social skills to manipulate people or organizations (or in some cases entire societies) into giving him what he wants.
Micro scale social engineering however is very different from macro scale social engineering. An example of micro scale social engineering would be when a conman tricks someone into lending him money and not giving it back (an inelegant con, but a con none the less). An example of macro scale social engineering would be wartime propaganda used to convince a society to support the war effort.
So where does this become relevant to me as a hacker? If you’re hacking a target you may find that public exploits are not available because the target is kept up to date and security is seemingly airtight. But often times the weakest link in an organization is the human behind the desk. With social engineering you won’t even have to crack open your terminal to gain sensitive data and potentially access to a target. I’ll cover more in depth about methods employed by social engineers in future articles, but a great book to learn more about social engineering from a hackers perspective would be Social Engineering: The art of Human Hacking. Go check it out or google around and do some research of your own.
What is a hacker? According to google it is “a person who uses computers to gain unauthorized access to data.” But what are the different motives of hackers and how do we define the difference? Hackers are typically divided up into three subcategories. You’ve got White Hats, Black Hats and Grey hats.
White Hat: a hacker who hacks legally/ethically for profit or non-profit. Penetration testers, security consultants, computer forensics and incident response teams are just a few examples of the roles that white hats will often play within the public and private sectors. You can usually find them at big tech conventions like Black Hat or DefCon as well as various freelancing websites.
Black Hat: a criminal hacker who hacks illegally for fun, profit, revenge or a whole array of nefarious reasons. These hackers are usually found frequenting various underground forums and IRC channels.
Grey Hat: These hackers are typically harder to pin down. They may or may not be bound by an ethical or legal code but you won’t find them committing malicious crimes. Most hackers fall within black or white hat but there is definitely a spectrum as not all white hats are ethical and not all black hats are criminals.
With that being said guys, there are a whole lot of reasons why hackers start hacking and I couldn’t even hope to list all of them but understand that there is definitely a moral line and a legal line that you have to identify before you do anything you’ll regret.