 | This article needs additional citations for verification .(July 2019) |
Psychological subversion (PsychSub) is the name given by Susan Headley to a method of verbally manipulating people for information. It is similar in practice to so-called social engineering and pretexting, but has a more military focus to it. It was developed by Headley as an extension of knowledge she gained during hacking sessions with notorious early computer network hackers like Kevin Mitnick and Lewis de Payne.
Headley often gave the following example [1] of the use of psychological subversion: Suppose the hacker needed access to a certain classified military computer called, say, IBAS. He would obtain the name of the base commander or other high-ranking official, gain access to the DNS network, (which is the separate military telephone network) and dial up the computer center he needed to reach, which was often in a secured facility. The person who answered the phone would usually be a low-ranking enlisted person, and the hacker would say something like, "This is Lieutenant Johanson, and General Robertson cannot access his IBAS account, and he'd like to know WHY?" This is all said in a very threatening tone of voice, clearly implying that if the general can't get into his account right away, there will be severe negative repercussions, most likely targeting the hapless person who answered the phone.
The hacker has the subject off guard and very defensive, wanting nothing more than to appease the irritated general as quickly as possible. The hacker then goes silent, giving the victim ample time to stammer into the phone and build up his fear level, while listening for clues from the victim as to how best to proceed. Eventually, the hacker suggests that the tech create a temporary account for the general, or change the general's password to that of the hacker's choice.
The hacker would then have gained access to a classified military computer. It is important to note that this technique would not work any more, in no small part thanks to Headley's teaching of the military agencies about such methods during the 1980s.[ citation needed ]
While pretexting methods and so-called social engineering are based on on-the-fly adaptations during a phone call made to the victim with very little pre-planning or forethought, the practice of PsychSub is based on the principles of NLP and practical psychology. The goal of the hacker or attacker who is using PsychSub is generally more complex and involves preparation, analysis of the situation, and careful thought about what exact words to use and the tone of voice in which to use them.
Headley's thesis entitled "The Psychological Subversion of Trusted Systems" was classified by the DOD in 1984 and so far has not seen the light of day. As a result, further information about PsychSub is generally unavailable outside of Headley's own seminars on the subject during the 1980s at CIA technology and spycraft-type seminars such as Surveillance Expo.
Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.
Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been statutorily defined throughout both the U.K. and the United States as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's disadvantages or loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.
Wardialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers—malicious hackers who specialize in breaching computer security—for guessing user accounts, or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network.
Cybercrime is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may harm someone's security and financial health.
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBNL).
In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the "computer underground".
Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that the victim would typically not give outside the context of the pretext. In its history, pretexting has been described as the first stage of social engineering, and has been used by the FBI to aid in investigations. A specific example of pretexting is reverse social engineering, in which the attacker tricks the victim into contacting the attacker first.
Susan Headley was a hacker during the late 1970s and early 1980s. A member of the so-called Cyberpunks, Headley specialized in social engineering, a type of hacking which uses pretexting and misrepresentation of oneself in contact with targeted organizations in order to elicit information vital to hacking those organizations.
Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.
Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence. MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password.
The United States has often accused the government of the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Espionage cases include Larry Wu-Tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee.
Social hacking describes the act of attempting to manipulate outcomes of social behaviour through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission. Most often, social hacking attacks are achieved by impersonating an individual or group who is directly or indirectly known to the victims or by representing an individual or group in a position of authority. This is done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information. Social hacking is most commonly associated as a component of “social engineering”.
The following outline is provided as an overview of and topical guide to computer security:
A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.