Social Engineering: A Psychological Hacking to Temper Medical Security - Proceedings of All India Seminar on Biomedical Engineering 2012 (AISOBE-2012)

Biomedical Engineering Reference

In-Depth Information

may have Trojans, viruses, and worms and other uninvited programs find their way

into systems and networks. User is motivated to open the message because it

appears to offer useful information, such as security notices or verification of a

purchase, promises an entertainment, such as jokes, scandal, cartoons or photo-

graphs, give away something for nothing, such as music, videos, or software

downloads. The outcome can range in severity from nuisance to system slowdown,

destruction of entire communication system or corruption of records.

Overt Social Engineering

The fast growing internet based communication attracted hackers to use social

engineering tactics to exploit users. It may be initiated as a believable story to gain

users trust, but will often include a factor of fear to persuade user to act quickly.

The story itself will appeal to one of the basic human instincts. It will offer you

money for nothing (greed); it will ask for gentle aid either for a friend in trouble or

a suffering population (sympathy); or it will be threatening to persuade you to pay

up or face the consequences (fear). This may include

Advance Fee Fraud—user pays a little now to get a lot more lately, which never

materializes.

Auction Fraud—You bid for a bargain, pay the money, but never get the goods.

Disaster appeals—Fake requests that follow all natural disasters etc.

These allurements are made in such a way that user may be convinced with the

requests and itself indulge in jeopardy.

Covert Social Engineering

In the same fashion as in overt social engineering, covert social engineering also

begins from an emotional story. In covert social engineering, attackers do not

openly ask for money; their purpose is to unknowingly steal your financial details.

Attacks on Medical Security

Attacks on Medical security are best characterized by viewing the function of the

computer system as a provision of information. In general, normal communication

is represented as a flow of information from source to destination.

There are four categories of attacks:

Interruption: An attack on availability. Information is destroyed or becomes

unavailable or unusable.

Search WWH ::

Custom Search

Home