Social Engineering and Influence: A Study that Examines Kevin Mitnick’s Attacks through Robert Cialdini’s Influence Principles

Posted by Mitnick Security on Oct 3, 2016 5:00:00 PM

Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE credits
Student thesis
Abstract [en]

As technology matures, new threats rise and take the place of the “traditional” issues (insecure infrastructure, insecurely developed software, etc.), threats that revolve around exploiting human vulnerabilities instead of technical vulnerabilities. One of the most famous threats that have risen in the area of Information Security is Social Engineering.  The goal of this study is to take an interpretive approach on Social Engineering, by using Cialdini’s principles of influence.

In order to be able to interpret the attacks, the study examines documented attacks (by Kevin Mitnick), abstracts them, categorizes them into four main categories (Gain Physical Access, Install Malware, Information Extraction, Perform an Action), models them by graphically depicting the execution path of the attack and finally interprets how the victims were influenced (or manipulated) to assist the attacker(s).

This study is executed using the Literature Review methodology, following the eight steps proposed by Okoli. During the execution of the study the author examines the principles of Influence, Social Engineering models and additional psychological principles used in Social Engineering. The author, based on the findings in the literature, creates Social Engineering attack models and interprets the findings.  The importance of the study is that it explains how the well-known principles of Influence are used in Social Engineering attacks. The psychological findings and the models created lead the author to believe that there is a possibility for them to be used as a framework for solving Social Engineering attacks

Place, publisher, year, edition, pages
2013. , 159 p.
Keyword [en]
Social Behaviour Law, Social Engineering, Influence, Persuasion
Keyword [sv]
Samhälls-, beteendevetenskap, juridik
Identifiers
URN: urn:nbn:se:ltu:diva-42878
Local ID: 0d61b8aa-30ad-4cb0-9039-e04832f250a7
OAI: oai:DiVA.org:ltu-42878
DiVA: diva2:1016104
External cooperation
Subject / course
Student thesis, at least 30 credits
Educational program
Information Security, master's level
Supervisors
Karasti, Helena
Note
Validerat; 20130812 (global_studentproject_submitter)
Available from: 2016-10-04 Created: 2016-10-04
Bibliographically approved

Source: DiVA

Topics: Social Engineering, technology, execution path of attack, exploiting human vulnerabilities, Gain Physical Access, penetration testing, Perform an Action, victims influenced, World's Most Famous Hacker, Cialdini's principles of influence, insecure infrastructure, Install Malware, keynote speaker, Okoli, security awareness training, security consultant, Information Extraction, Literature Review methodology, malware, simulated phishing, Spam, cybercrime, cybersecurity vulnerabilities, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Redefining Your Enterprise’s Cyber Security Posture During Mergers & Acquisitions

With 3,205 data compromises occurring in 2023 alone, fortifying your enterprise’s cybersecurity posture is more important than ever.

Read more ›

Choosing a Penetration Testing Company for Mac-based Environments

Powering your business with Apple devices because of their reputable security and privacy features? You may be surprised to learn that while Apple dev..

Read more ›

AI in Cyber Security: Impacts, Benefits, and More To Be Aware Of

Artificial intelligence in cybersecurity has been a hot topic lately, especially with the rise of OpenAI’s ChatGPT. But does that mean it would make a..

Read more ›
tech-texture-bg

© Copyright 2004 - 2024 Mitnick Security Consulting LLC. All rights Reserved. | Privacy Policy