^
Русский  Українська

Mihnevich Pavel
Faculty of Computer Science and Technology
Department of Artificial Intelligence and Systems Analysis
Speciality Intelligent Systems Software Technologies
Theme of final work Web service development for phonetic processing of textual information
Scientific advisor: Assoc. Prof. Kravets Tatyana


Mihnevich Pavel

DonNTU  Masters' portal

The relevance of social engineering in the modern world

What is social engineering?

According to Wikipedia: social engineering is a set of techniques, methods and technologies for creating such a space, conditions and circumstances that most effectively lead to a specific desired result, using sociology and psychology.

Social engineering is a method of managing human actions using the weakness of the human factor.

In a broad sense, this is a provocation of an individual to violate any corporate or personal security measures.

The most famous technique related to social engineering, even in its most primitive manifestations, is phishing. In his process, the attacker impersonates another, trusted target of the attack, a person or a company, and under this pretext asks to disclose any confidential information. Most often, such attacks are massive, using a mailing list by e-mail or social networks, and therefore belong to the impersonal type.

A funny example of an impersonal type of attack, albeit from a slightly different area, is the case when ordinary pickpockets themselves threw out warnings in the metro, like: A large number of thefts occur at this station. Watch your valuable things carefully!. At the sight of these warnings, passengers automatically checked the safety of their valuables, for which the thieves themselves observed from the side, looking for the passengers who kept their wallets in vulnerable parts of their wardrobe.

As another remote method of attack is the delivery of infected media to the attacked corporate network or personal computer. There are many variations, but they all lead to the same scenario - the victim performs everything herself. For example, returning from lunch, an employee of the firm N picked up a usb-drive, with an intriguing inscription on the case, and decided to look at its contents right at the workplace. What can happen next, I think, is understandable. The method is also quite common and received the nickname travel apple.

More contact technique will pretext. Roughly speaking, this is an improved contact phishing. Having any confidential information about the target, it is easier to call her confidence only because she possesses this information. You may receive a call to the phone, where the interlocutor will surely give your full name, passport number, and present himself, for example, as a tax official. Since he has the same information that the employees of the National Assembly could potentially have, and at the same time, supposedly, are closed to outsiders, his legend seems to be quite plausible. Then everything depends on the trustfulness of the goal and the requirements of the attacker. But most likely, it will be any very little, at first glance, information that the goal will tell without much doubt.

Why is it important?

Digital security is developing extremely fast. What, of course, contributes to the joint activities of large corporations, researchers and just individual enthusiasts. The growth rate is truly colossal, and every day, an ordinary user, is becoming more and more protected from attempts to break into his device.

But the methods of hacking people, i.e. social attacks are now working as effectively as many years ago. Updating anti-virus databases, you do not protect yourself from any method of managing your trust.

Perhaps the only major event in recent years, in the field of protecting human naivety, was to popularize additional authentication methods in which a person, possibly an attacker, should not only know certain information, but also confirm the fact of possessing a unique physical object.

Of the upcoming breakthroughs in this area may be biometrics, if it acquires sufficient mass character.

Of course, the popularized methods of attack are too simplified, but somewhere embellished for greater clarity. Social engineering specialists use a combination of several attack methods at the same time, reinforcing psychological methods with technical knowledge. Interspersing all the methods available in their arsenal, the real attack often does not arouse even the slightest suspicion on the victim.


Among the masters of DonNTU, Burlakov Vladimir Igorevich also touched on the topic of security in the network.

The site was developed as an independent work on the discipline internet technologies,
in the 2018–2019 academic year, in accordance with the requirements and limitations presented in the task.
All information and its appearance are relevant at the end of 2018.