Hacking The Human Mind There is a scene in the movie Matchstick Men where the main character, played by Nicolas Cage, has this exchange with the a woman played by the actress Alison Lohman:
Lohman: You don’t seem like a bad guy.
Cage: That’s what makes me good at it.
The conversation captures a fundamental truth of all con games, whether they are played in the digital world or the physical one – getting someone to lower their guard with a clever ruse makes the life of a thief that much easier. In the vernacular of hackers, this is called social engineering.
Social engineering is about hacking the human mind, something that in many ways is significantly easier than finding a new software vulnerability and using it as a gateway into your enterprise. These vulnerabilities, called zero-days, can cost tens of thousands of dollars in the hacker underground – money that can be saved if someone can be conned into installing a computer virus on their own machine. After all, there is no need to go through the effort of picking a lock when you can talk someone into letting you into their home.
But just what makes for a good social engineering attack? The key is the lure, which can vary from an attention-grabbing post on Facebook about a celebrity to e-mails with subject lines about your company’s business. One of the most publicized attacks of the past year was the attack on RSA, which started with an employee opening up an email entitled: ‘2011 Recruitment Plan.’ When the employee opened the accompanying attachment, the person set off a series of events that led to data being compromised. While hacking a system requires knowledge of programming vulnerabilities, hacking the human mind requires a different kind of knowledge – specifically, what types of e-mails or links is the victim most likely to click on.
One way to get a hold of that information is to target people according to their jobs and interests – and there is perhaps no greater source of data on those subjects than social networks. A cruise through a LinkedIn profile can reveal a person’s work history and position; a gander at Facebook accounts can uncover their friends and hobbies. While social networks have done a lot in the past few years to bolster their privacy controls, many users may not use them or may inadvertently render them ineffective by ‘friending’ someone they do not really know. Research has shown the average fake profile on Facebook has an average of 726 ‘friends’ – more than five times as many as a typical user of the site.
Hacking the human mind also takes other forms as well. For example, search engine optimization is a favorite technique of hackers. The idea behind SEO is to increase the ranking of your website on search engines such as Google. In the right hands, this is perfectly legitimate; in the wrong ones, it increases the likelihood people will land on a malicious site. There are also techniques that are far less technical, such as an old-fashioned telephone conversation that gets someone to let their guard down.
Just recently, Check Point sponsored a study by Dimensional Research that revealed that 43 percent of the 853 IT professionals around the globe surveyed said they had been targeted by social engineering schemes. The survey also found that new employees are the most susceptible to attacks, with 60 percent citing recent hires as being at “high risk” for social engineering. Unfortunately, training does not seem to be keeping up with the threats, as just 26 percent of respondents do ongoing training and 34 percent said they make no attempts to educate employees at all. The good news is the tides are changing and more businesses are raising awareness about security threats – and what social engineering techniques employees may be susceptible to.
Education is a key element of defending against attacks, but the process begins with having sound policies for protecting data. This includes controlling who has access to what information, and setting policies that are enforceable and conducive to business operations. From there, employees should be educated on what the policies are and then tested on them. Key to this is sharing information about attacks that are detected so employees can better understand how they are being targeted. Ofte a good dose of caution can go a long way – if an unexpected e-mail arrives asking for private information, follow up with the purported sender to make sure it is legitimate.
Buttressing all this should be networks and endpoints protected by best practices and the latest security fixes, but at its heart, fighting hacks against the human mind requires attitudinal changes more than technological weapons. If there is antivirus for the human mind, it has to be updated with knowledge of corporate policies and an understanding of how attackers are targeting their victims. Incorporating that information into a training program can be the difference between a data breach and a quiet night at the office.
Social engineering in the computer security sense of the term collectively refers to any of the methods used to gain desired information such as passwords or credit card numbers (or in my case, files on a network) via the exploitation of certain attributes of human decision-making known as cognitive biases, often referred to as “bugs in the human hardware”. “Social engineering is the application of the scientific method for social concern.” (Wikipedia) In layman’s terms, psychologically manipulating people to get what you want.
There are 4 main types of Social Engineering.
Pretexting is by far the most common method of social engineering. it involves inventing an elaborate story, often concealing ones identity in order to gain information from a target who otherwise would not release it. Law Enforcement agencies often use this method. In May of 1956, under the direction of John Edgar Hoover The Federal Bureau of Investigation produced a classified document intended to teach successful methods of social engineering to FBI Special Agents. In 2008 the document was released under the Freedom of Information act, though large sections have been whited out. the original document is now available to the public at Governmentattic.org
Diversion theft - The process of persuading the person responsible for the delivery of desired goods that the delivery was requested elsewhere. The attackers then intercept the package.
Reverse Social Engineering - An attacker hacks a network leaving malware, while subtly leaving messages convincing the target that he is the one to contact for help. When the target calls, he fixes the problem, while in the process, gaining the desired information (passwords, log in info).
Phishing - Similar to pretexting, only it is done over the phone or via internet, and targets large groups of people. An attacker may send emails to a group of targets claiming to be their ISP/bank/doctor requesting sensitive information.
Though the term is most commonly used in computer security, social engineering goes way beyond hackers and computers. In fact, social engineering predates computers entirely. The term “sociale ingenieurs” was first used in an 1894 in an essay by J.C. Van Marken, a Dutch industrialist. His idea of social engineering was basically that employers needed a psychologist on site to keep the human side of things running smoothly just as a typical engineer would prevent problems in machinery and oversee other aspects of production.
Social Engineers these days use their persuasive skills to gain anything from free pizza, to scoring with the opposite sex.
They Really Do Want To Implant Microchips Into Your BrainMichael Snyder
Aug 2, 2012
Are you ready to have a microchip implanted into your brain? That might not sound very appealing to you at this point, but this is exactly what the big pharmaceutical companies and the big technology companies have planned for our future. They are pumping millions of dollars into researching “cutting edge” technologies that will enable implantable microchips to greatly “enhance” our health and our lives. Of course nobody is going to force you to have a microchip implanted into your brain when they are first introduced. Initially, brain implants will be marketed as “revolutionary breakthroughs” that can cure chronic diseases and that can enable the disabled to live normal lives. When the “benefits” of such technology are demonstrated to the general public, soon most people will want to become “super-abled”. Just imagine the hype that will surround these implants when people discover that you can get rid of your extra weight in a matter of days or that you can download an entire college course into your memory in just a matter of hours. The possibilities for this kind of technology are endless, and it is just a matter of time before having microchips implanted into your brain is considered to be quite common. What was once science fiction is rapidly becoming reality, and it is going to change the world forever.
But aren’t there some very serious potential downsides to having microchips implanted into our brains?
Of course there are.
Unfortunately, this technology is not as far off as you might think, and most people are not even talking about what the negative consequences might be.
According to a recent article in the Financial Times, the pharmaceutical company of the future will include a “bioelectronics” business that “treats disease through electrical signalling in the brain and elsewhere.”
Diseases such as diabetes and epilepsy and conditions such as obesity and depression will be will be treated “through electronic implants into the brain rather than pills or injections.”
These implants will send electrical signals to cells and organs that are “malfunctioning”. People will be totally “cured” without ever having to pop a pill or go under the knife.
It sounds too good to be true, right?
Well, the Financial Times says that British pharmaceutical giant GlaxoSmithKline is working very hard to develop these kinds of technologies. Moncef Slaoui, the head of research and development at GlaxoSmithKline, says that the “challenge is to integrate the work – in brain-computer interfaces, materials science, nanotechnology, micro-power generation – to provide therapeutic benefit.”
If a brain implant could cure a disease that you have been suffering from your whole life would you take it?
A lot of people are going to be faced with that kind of a decision in future years.
And this kind of technology is advancing very rapidly. In fact, some researchers have already had success treating certain diseases by implanting microchips into the brains of rats. The following is from a recent Mashable article….
Stroke and Parkinson’s Disease patients may benefit from a controversial experiment that implanted microchips into lab rats. Scientists say the tests produced effective results in brain damage research.
Rats showed motor function in formerly damaged gray matter after a neural microchip was implanted under the rat’s skull and electrodes were transferred to the rat’s brain. Without the microchip, rats with damaged brain tissue did not have motor function. Both strokes and Parkinson’s can cause permanent neurological damage to brain tissue, so this scientific research brings hope.
In addition, the U.S. government has been working on implantable microchips that would monitor the health of our soldiers and enhance their abilities in the field.
So this technology is definitely coming.
But it must be very complicated to get a microchip implanted into your brain, right?
Actually it is fairly simple.
According to an article in the Wall Street Journal, the typical procedure is very quick and it often only requires just an overnight stay in the hospital….
Neural implants, also called brain implants, are medical devices designed to be placed under the skull, on the surface of the brain. Often as small as an aspirin, implants use thin metal electrodes to “listen” to brain activity and in some cases to stimulate activity in the brain. Attuned to the activity between neurons, a neural implant can essentially “listen” to your brain activity and then “talk” directly to your brain.
If that prospect makes you queasy, you may be surprised to learn that the installation of a neural implant is relatively simple and fast. Under anesthesia, an incision is made in the scalp, a hole is drilled in the skull, and the device is placed on the surface of the brain. Diagnostic communication with the device can take place wirelessly. When it is not an outpatient procedure, patients typically require only an overnight stay at the hospital.
But is it really safe to have a device implanted into your head that can “talk” directly to your brain?
Many large corporations are banking on the fact that in a world that is always hungry for new technology that most people will not be bothered by such things.
For example, Intel is working on sensors that will be implanted in the brain that will be able to directly control computers and cell phones. The following is an excerpt from a Computer World UK article….
By the year 2020, you won’t need a keyboard and mouse to control your computer, say Intel researchers. Instead, users will open documents and surf the web using nothing more than their brain waves.
Scientists at Intel’s research lab in Pittsburgh are working to find ways to read and harness human brain waves so they can be used to operate computers, television sets and cell phones. The brain waves would be harnessed with Intel-developed sensors implanted in people’s brains.
The scientists say the plan is not a scene from a sci-fi movie, Big Brother won’t be planting chips in your brain against your will. Researchers expect that consumers will want the freedom they will gain by using the implant.
Once again, this is not something that will be forced on you against your will.
These big corporations are banking on the fact that a lot of people will want to get these brain implants.
Even now, some video game makers are developing headsets that allow users to play games using their brain waves rather than a joystick or a control pad.
Other companies want to make it possible to directly connect your brain to the Internet.
As I have written about previously, IBM is aggressively working to develop this kind of technology. The following is from arecent IBM press release….
IBM scientists are among those researching how to link your brain to your devices, such as a computer or a smartphone. If you just need to think about calling someone, it happens. Or you can control the cursor on a computer screen just by thinking about where you want to move it.
Scientists in the field of bioinformatics have designed headsets with advanced sensors to read electrical brain activity that can recognize facial expressions, excitement and concentration levels, and thoughts of a person without them physically taking any actions.
The potential “benefits” of such technology are almost beyond imagination. An article on the website of the Science Channel put it this way….
If you could pump data directly into your gray matter at, say, 50 mbps — the top speed offered by one major U.S. internet service provider — you’d be able to read a 500-page book in just under two-tenths of a second.
How would the world change if you could download a lifetime of learning directly into your brain in a matter of weeks?
But so is the potential for abuse.
Implantable microchips that can “talk” directly to the brain would give a tyrannical government the ultimate form of control.
If you could download thoughts and feelings directly into the brains of your citizens, you could achieve total control and never have to worry that they would turn on you.
In fact, you could potentially program these chips to make your citizens feel good all the time. You could have these chips produce a “natural high” that never ends. That would make your citizens incredibly dependent on the chips and they would never want to give them up.
This kind of technology has the potential to be one of the greatest threats to liberty and freedom in the history of mankind.
At first these implantable microchips will be sold to us as one of the greatest “breakthroughs” ever, but in the end they could end up totally enslaving us.
So I will never be taking any kind of a brain implant, and I hope that you will not either.
Discover Financial Services Inc. employees will be able to pay by finger at their Riverwoods headquarters’ cafeteria and convenience stores as they become the first to test a new payment system. Discover, which is working with French biometrics firm Natural Security on the project and which plans to get the pilot underway in the next three months, has previously used hundreds of its employees to test new technologies including various “contactless” payments, in which credit cards are simply tap.
It plans to test the fingerprint payment system with 300 to 350 employees. Discover employees who want to participate will register at an on-site kiosk, which will read an index fingerprint and assign a number to it. Each employee will also receive a key fob with a chip that includes information about their individual credit-card account as well as their fingerprint.
To complete a purchase, the user will place his or her finger on a fingerprint reader near checkout, with the key fob kept nearby, such as in a pocket or purse, for the transaction to go through. One security benefit to the process is that it guarantees that the fob or credit card and its owner are at the same place at the same time. It could also be faster and more convenient as people won't have to fumble around with their credit cards.
The credit-card company's test comes a few years after U.S. grocer Jewel abandoned its program with Pay by Touch, which got about $300 million in debt and equity financing from investors.
In 2006, Pay by Touch said about 10,000 Chicagoans had signed up for its fingerprint-payment program. A year later, some creditors tried forcing the owner of Pay by Touch into involuntary bankruptcy as its finances went into disarray. By 2008, the Pay by Touch machines were removed from Jewel stores.
Troy Bernard, Discover's global head of emerging payments, said his company is working on several payment technologies that could come to fruition both in the short- and long-term.
"Biometrics falls into long-term solutions," Bernard said, acknowledging potential concerns about both biometrics as well as the barrier to entry of making someone register for something.