Digital attack vectors are often the focus in the constant game of cat and mouse played by the information security industry.
Nearly all of the noise in the media is about bug patches, updates, higher standards and new digital security measures.
However, social engineering continues to play a significant, and at times, center stage role in targeted attacks.
With layers over layers being essential to the structure of the dark web, it can become a challenge to identify social engineering as something which requires attention.
The entire dark web infrastructure is essentially built to facilitate anonymity and prevent social integration.
However, social engineering isn’t only about manipulating an old lady into offering up her social security number or tailing a bunch of suits into an office.
It extends into the digital world like an iceberg below the waterline.
Social Engineering and the Dark Web
The reality is that we’re all somewhat in the higher portion of computer users: we all know a little bit more than the average internet user when it comes to networking, infrastructure and security.
Just the very act of installing the Tor Browser puts users in an area beyond the walled garden of Facebook and Google. It inherently raises risks, too. It makes a user a more interesting data point.
It’s people’s actions or omissions both online and away from the keyboard which land people in hot water. We can be manipulated online by another person much more effectively than we can be tricked into clicking links or running an executable file.
Social engineering occurs every time confidence, influence, or human contact is used for a form of fraud in an attack. It’s a shortcut in obtaining information, bypassing a person’s technical operational security measures such as password barriers.
Given the nature of the dark web, there is a core mantra that must be drilled into our brains: we need to keep our mouths shut.
It should be present in everyone’s mind all the time: you must keep your mouth shut.
In a world so intent on posting everything that we think may make us unique, or elevate our social standing by parading some form of knowledge over another person, it’s incredibly easy to brag. Bragging will weaken your operational security immediately and it paints a target on your back.
Bragging about whatever it is you do on the dark web to anyone will not only spread like wildfire, it strips away the allure and generally weakens your sense of self. In a world without secrets, we all need to remember that it is acceptable to keep some things to yourself despite constant inane chatter of the contrary from every corner of every medium on Earth.
Social engineering works consistently works because people as a species cannot wait to hold a fistful of knowledge over someone else. A hacker pseudonym will be quickly connected to an identity when bragging across the forums is a person’s modus operandi.
Anonymity and Privacy
Anonymity is different from privacy. Anonymity allows us to have a voice in any capacity we choose. It allows us to express ourselves.
It allows us to speak our mind. And therein lies the core distinguishing factor: it allows us to speak.
Privacy is almost the exact opposite. It shuts the world off from our voice. It closes the blinds. One may not exist without the other, though.
A person would be hard-pressed to build an anonymous profile without using an existing foundation of privacy, but you do not need to be anonymous to invoke privacy.
Social engineering weakens both by coaxing a person into laying their cards on the table.
It’s a conscious effort to extract valuable information. Each system is different, just as every person is different.
Some open networks at coffee shops are secured by home routers, begging to be compromised, and some networks are closed and use military-enterprise grade level credentialing.
Likewise, some people will tell you anything you want to know after they perceive a common interest and are entertained by some inane chatter, whereas some will ask the private number caller for a reference number to call the company back directly before performing a standard ID check.
Our ability to go about our lives without the need for external validation – such simple-sounding social change – will permeate through and greatly increase our security on the dark web.
Social engineering is not a misunderstood field. There is a plethora of research indicating its effectiveness, yet misjudge it time and time again. It’s the bread crumbs of information left in a trail that leads back to users that constantly trip people up.
Intimate human interaction is something not generally common on the dark web. The entire infrastructure is set up to avoid it, in fact.
However every person to person interaction, virtual or not, is still social at its core. With this, understanding social engineering, at least at its general level, will undoubtedly increase our operational security and allow us to keep moving.