Mitnick In The News
Study: Nearly half of users reveals for chocolate his password
Jun 28, 2016 - heise online, by Sascha Mattke
With social engineering also technically secure systems can crack. This has long been known, but users still show that they are very susceptible.
In practice, as in experiments, it shows again that the so-called social engineering is very effective. Attackers try to take over technical deficiencies by exploiting human weaknesses to gain access. The famous hacker Kevin Mitnick worked in the 1980s almost exclusively with such tricks. And as a new study shows, you do not even to proceed particularly refined, Technology Review Online reported in " password to chocolate ".
In their study, Christian Happ of the International School of Management in Stuttgart and André Melzer and Georges Steffgen of the University of Luxembourg investigated especially the human tendency to give tit for tat, so the principle of reciprocity. They sent people to the streets to interview random passersby about Computer Security, and then ask for their own passwords. One third of respondents got this at the beginning of the contact, directly in front of the question for the password, and only after questioning a bar of chocolate.
Overall it gave 30 percent of respondents said their password; in the group of those who then said they had replied truthfully, it was even 38.6 percent. Apparently they already handed the scientific context and the appearance of the interviewer with many to make them careless: Of the respondents, the only ones who received their gift at the end, betrayed 29.8 percent their password. With the utilization of the principle of reciprocity, the rate was still significantly higher: Of the subjects who received immediately before requesting the password chocolate, it posted at 47.9 percent when there was the gift at the beginning of the survey, was the value 39.9 percent.