What is human hacking?
Human hacking, also known as social engineering, is an approach used by threat actors to obtain data and personal and valuable information through the utilization of psychological manipulation, as opposed to more conventional kinds of cyber-attacks, which explicitly breach a network or system utilizing technology to capture information.
Regardless of technical prowess, any organization or person can become a target. One of the important steps in a human hacker's approach prior to launching an attack is to gather information on an insider target within an organization.
What is an insider target?
An insider is an individual who has regular unescorted access to the facilities of a target or to their IT network. This individual could be an employee at any level, in addition to contract workers. While an employee themselves may be the threat actor, oftentimes, company staff can be coerced while being unaware of it.
How are insider targets identified?
After a human hacker has chosen a company to target and conducted an analysis on them, they proceed to identify an insider within that company that will help them achieve their larger goals.
Prior to the widespread use of the internet, human hackers would have to find an organizational chart, names, and positions to then speculate on the type of access company employees had. Today, an insider target can easily be selected by a simple Google search or by using a few tools on social media.
A popular social media platform used among human hackers for research is LinkedIn. A target organization can be found by doing a name search of the company name as well as a job title in that company, for example,
IT Administrator, HR Manager, Marketing Director, etc. By searching those terms, a social engineer could pull up dozens, if not hundreds of prospective candidates to potentially target.
Those parameters can even be increased to look for the specific geographic locations of an office that the specific company they want to attack might have, as well as individuals that have studied a particular career track or attended a certain university.
How to protect yourself and your employees from social engineering threats
Human hacking techniques will advance over time, becoming more complicated, focused, and unnoticed. Organizations must equip their staff with effective security awareness education so that they can evaluate the information they publish on the internet about themselves and their employer in order to prevent sensitive information from being accessed by potential attackers.
About the Counterintelligence Institute
Founded by former CIA senior intelligence officer Peter Warmka, the Counterintelligence Institute’s mission is to assist your corporations, government offices, academic institutions and non-profit organizations in protecting your sensitive information and personal data records against security breach attempts. Our online and onsite training services focus on transforming the human factor from being the weakest link in security to becoming the most effective defensive tool against security threats against your company and personal life.