0330 043 0032 enquiry@cyraatek.com Your ip is 54.196.13.210
Motivation Behind Social Engineering

Motivations behind an attack

The motives behind Social Engineer’s attacks vary massively. There are the odd good ones who have turned their lives around and now offer constructive services to companies, so their work force can build up an awareness and combat these attacks, i.e. Kevin Mitnick [1]. Then we have some who are the exact opposite, who are driven purely by sheer greed to leech every single hard earned penny out of their target, so they can live a lavish life style, while leaving their unfortunate victims to count up the losses.

Social Engineers can attack a target for number of reasons. Some of the potential motives can be observed below:

1- Financial

The focus of a Social Engineer in these types of attacks is to get hold of sensitive and valuable data, so that the victim can be blackmailed into handing over a ransom money. To minimise the inconvenience of dealing with the target, Social Engineers are also known to target victim’s financial accounts directly, so that they can take command and transfer the funds easily and with minimal detection.

These attacks are often well planned in advanced and every attempt is made to remove all traces of contact, to ensure that authorities fail in their attempts to track the individuals responsible. In most cases the intentions of the Social Engineers are malicious, when carrying out this type of attack, and their victims suffers in one way or another, the consequences of this unwanted intrusion.

2- Curiosity/Personal interest

In this type of attack, the attacker typically attempts to gain as much information about the company or the target as possible. The objective here is not to inflict damage, but to understand procedures, policies and what is the highest level of sensitive information Social Engineer can gain, without compromising their identity and objectives.

Normally, once the attacker reaches a desired level, they usually consider their objective complete and move on. This motivation for attack can also be described as ‘target practising’, where the Social Engineer probe smaller companies to build up experience and confidence, before taking on the bigger or final target.

3- To attain reputation/fame

There exists many Internet forums and mediums through which both experienced and new Social Engineers communicate and exchange advice and tips.

a

Figure 1 – Netflix accounts being offered for free on a Social Engineering forum [2].

With the aim to build up reputation and brag about their achievements, some Social Engineers target companies and then release the acquired data on these forums for others to use, often for free, in the hope of getting ‘likes’ and ‘vouches’ from other users (example – Figure 1). Upon achieving the desired reputation, they gain the account privilege to offer and sell their services to other members for a fee.

4- Revenge attack

Grievance against employers are common. However, it becomes a costly affair for both parties when one of them takes the law in their hands and maliciously attempts to damage the other party by sabotaging or releasing illegally acquired sensitive data online.

As an ex-employee, attackers are usually well versed with procedures and policies of the company, which makes the task of stealing or hacking even easier. They know the chain of command and with the right contact and insider knowledge, can cause severe damage to their employers, should they choose to take this path.

Social Engineering and hacking attacks are becoming so common against ex-employers that America’s Federal Bureau of Investigation issued a press release in 2014  [3], warning the employers to be wary of this threat and also issued a long list of recommendation for them to follow, once an employee is relieved of their duties.

5- Political

Politics may also encourage an attacker to take matters in their own hands, to either bring reputational damage to an entity, or by taking action which favours the political cause preferred by the attacker.

Reporting on the case of an Algerian hacker, Aljazeera released a report in 2015 [4] with the caption ‘Is the Algerian Hacker a hero?’.

The hacker in question was the co-author of a Trojan horse virus, which was introduced to around  200 different banks, through various Social Engineering methods. Once the virus seized control of the system, the Algerian hacker called ‘Hamza Bendelladj’ was able to withdraw money from compromised banks and institutions.

From the money, Hamza amassed through his hacking skills, he donated a reported $280,000,000 to Palestine, a territory illegally occupied by Israel since 1967 [5]. Hence, the reason many of his fans calling him a hero and ran campaigns for his release. BBC reported in April 2016 [6] that the Algerian Hacker has been jailed in US for a total of 15 years in prison, for committing cyber crimes.

6- State sponsored attacks

The idea behind these types of attacks is to either cause maximum devastation to the target or to discreetly steal high value confidential data. As these attacks are paid for by Governments and powerful establishments, attackers usually have access to infinite resources and funds.

As opposed to criminals who usually work alone, state sponsored Social Engineers are well organised and work in groups. And because they often have immunity from prosecutions, they tend to take bigger risks and have the capability to launch sophisticated attacks, to achieve their goals.

Because of this coordination, dedication and a large amount of resources, state sponsored attackers are usually the ones who discover zero day exploits and come up with unique manipulation methods, which are then employed to sabotage the targets, extract secret data or simply used to steal trade secrets of another nation.

It was widely reported in the media in 2011 that US and Israel facilitated the assassination of an Iranian scientist [7] as well as the development of ‘Stuxnet’ virus [8], which was later introduced to power plants in Iran through ‘baiting’. Their objective was to delay Iran from acquiring technology necessary for the construction of a nuclear weapon.

Consequently, the virus caused the desired impairment to the power plants and Iran went back on to the table of negotiations with the US and eventually agreed to halt its Uranium enrichment program [9]. Reuters also released an exclusive report in 2015 [10] citing evidence that a variant of Stuxnet virus was also used by the US to attack North Korea, but the attempts of sabotage ultimately failed.

Information about function and operational methods of some of the viruses created by state sponsored attackers are now in public domain i.e. Duqu, Flame & Gauss [11]. It is safe to assume that there are many other undiscovered variants of smart malwares, secretly transmitting sensitive and valuable data to the high profile sponsors of these types attacks.

 

 

References

 [1] Kevin Mitnick (2016) MitnickSecurity, Available at: https://www.mitnicksecurity.com/(Accessed: 15 July 2016).

[2] Confidential (2016) Fresh Netflix Account x15, Available at:https://socialengineered.net/thread-82040.html?highlight=netflix (Accessed: 15 July 2016).

 [3] FBI (2016) Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information, Available at:https://www.ic3.gov/media/2014/140923.aspx (Accessed: 15 July 2016).

 [4] Dalia Hatuqa (2015) Hamza Bendelladj: Is the Algerian hacker a hero?, Available at:http://www.aljazeera.com/news/2015/09/algerian-hacker-hero-hoodlum-150921083914167.html (Accessed: 15 July 2016).

 [5] Amnesty International (2016) ISRAEL AND OCCUPIED PALESTINIAN TERRITORIES 2015/2016, Available at: https://www.amnesty.org/en/countries/middle-east-and-north-africa/israel-and-occupied-palestinian-territories/report-israel-and-occupied-palestinian-territories/ (Accessed: 6th Aug 2016).

 [6] BBC (2015) US bank hackers get long jail term, Available at:http://www.bbc.co.uk/news/technology-36101078 (Accessed: 15 July 2016).

 [7] Financial Times (2011) The sabotaging of Iran, Available at:http://www.ft.com/cms/s/2/7d8ce4c2-34b5-11e0-9ebc-00144feabdc0.html (Accessed: 16 July 2016).

 [8] Ellen Nakashima and Joby Warrick (2012) Stuxnet was work of U.S. and Israeli experts, officials say, Available at: https://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html (Accessed: 16 July 2016).

 [9] Neta Alexander (2016) Did the Israeli-American Stuxnet virus launch a cyber world war?, Available at: http://www.haaretz.com/israel-news/.premium-1.730842 (Accessed: 16 July 2016).

 [10] JOSEPH MENN (2015) Exclusive: U.S. tried Stuxnet-style campaign against North Korea but failed – sources, Available at: http://www.reuters.com/article/us-usa-northkorea-stuxnet-idUSKBN0OE2DM20150529 (Accessed: 16 July 2016).

 [11] DAVEY WINDER (2015) State-sponsored cyber spies target business secrets, Available at: http://raconteur.net/business/state-sponsored-cyber-spies-target-business-secrets(Accessed: 16 July 2016).