Professional Documents
Culture Documents
SOCIAL
A DOCE ARTE DE HACKEAR MENTES
Rafael Jaques
@rafajaques
#FISL13
28.07.2012
Ateno!
As informaes contidas nesta apresentao so apenas de carter
informativo. O conhecimento e as tcnicas abordadas no visam ensinar
como enganar as pessoas ou obter qualquer tipo de vantagem sobre
outrem.
O objetivo apenas demonstrar os pontos fracos que existem nas
corporaes e sistemas para que seja possvel sanar estas debilidades.
SIM!
SIM!
No a ideia...
60%
Admitem ter roubado
algum tipo de informao
ao sair do emprego.
Safados!
em cada
10
tm acesso s informaes
aps sair da empresa.
Hoje em dia os
ALVOS
so as
PESSOAS
e no mais sistemas.
A hbil manipulao da
tendncia humana
natural de confiar.
Mesclar as perguntas
PESSOAS!
Pessoas so complacentes
S no ano de 2009...
11 milhes
de pessoas foram vtimas
de roubo de identidade.
S no ano de 2009...
O total de fraudes
movimentou aproximadamente
US$ 54 bilhes
S no ano de 2009...
As vtimas gastaram em mdia
21
U$373
horas
e
resolvendo o crime!
13%
das fraudes de identidade
foram cometidas por algum
que a vtima conhecia.
Bem apresentvel
Bom observador
Aproveita-se da inocncia
Comunica-se bem
Kevin D. Mitnick
Hackers 2:
Operation Takedown
E-mails
Tem um Fusca
gelo na frente
da tua casa?
Telefone
Carta
Pessoalmente
Dumpster Diving
Shoulder Surfing
Impersonate
http://www.silicon.com/technology/hardware/2007/12/10/criminals-posing-as-police-burgleverizon-data-centre-39169416/
Rush/No Authentication
Phone Phising
Data Collection
Phishing/SCAM
74%
...dos SPAMs relatados em 2010
eram de produtos farmacuticos.
VIAGRA!
Como identificar?
http://fidelidade.promocaoscielo.com
http://info.abril.com.br/noticias/seguranca/brasilieiros-sao-os-que-mais-sofrem-phishing-19042011-30.shl
A tcnica do CD-R
Hackers 2:
Operation Takedown
Fugir de problemas
Espionagem industrial
Satisfao pessoal
Pura sacanagem
6. Fatores de Risco
Fatores de Risco
Minha senha
123!
Ameaas Internas
Como voc se
comporta nas redes
sociais?
E no mundo real?
Recheadas de dados
As informaes so pblicas
Autenticao falsa
Fcil influenciar
9. Aprenda a se Proteger!
Torne-se familiar
com as tcnicas!
Eduque quem
est ao seu redor.
Formalize os procedimentos
de acesso a dados.
AS
FRAQUEZAS
MORTAIS
by Cisco
1. Sex Appeal
2. Ganncia
3. Vaidade
4. Confiana
5. Preguia
6. Compaixo
7. Urgncia
Mas e agora...
Onde aprendo mais?
Livros
Sites
Social Engineering Framework (en_US)
http://www.social-engineer.org/framework/
Symantec Security Articles (en_US)
http://www.symantec.com/connect/security/articles
Social Engineering Toolkit (pt_PT)
http://ptcoresec.eu/SET.pdf
Dvidas?
Nem entendi
nada!
Obrigado!
Rafael Jaques
rafa@php.net
phpit.com.br
@rafajaques
slideshare.net/rafajaques
Referncias
+ Fontes consultadas
- Palestras
Entendendo a Engenharia Social : Daniel Marques : http://www.slideshare.net/danielcmarques/entendendo-a-engenharia-social
Engenharia Social : Marcelo Lau : http://www.slideshare.net/datasecurity1/engenharia-social
Social Engineering - Exploiting the Human Weakness : Wasim Halani : http://www.slideshare.net/washal/social-engineeringcasestudy
Social engineering & social networks : Sharon Conheady : http://www.slideshare.net/infosec10/social-engineering-socialnetworks-public-version
- Sites
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.cisco.com/web/about/security/intelligence/mysdn-social-engineering.html
http://www.social-engineer.org/framework/Social_Engineers:_Disgruntled_Employees#Statistics
http://www.fraudes.org/showpage1.asp?pg=7
http://www.symantec.com/business/threatreport/topic.jsp?id=highlights
http://www.massachusettsnoncompetelaw.com/
http://en.wikipedia.org/wiki/Social_engineering_(security)
http://www.spendonlife.com/blog/2010-identity-theft-statistics
http://mashable.com/2011/01/20/black-hat-hacking-stats/
http://www.consumerfraudreporting.org/internet_scam_statistics.htm
http://informatica.terra.com.br/virusecia/spam/interna/0,,OI126626-EI2403,00.html
http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf
http://monografias.brasilescola.com/computacao/seguranca-informacao-vs-engenharia-social-como-se-proteger.htm
http://www.iwar.org.uk/comsec/resources/sa-tools/Social-Engineering.pdf
http://www.esha.be/fileadmin/esha_files/documents/SHERPA/Report_on_mechanism_of_social_engineering.pdf
http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html
http://www.securingthehuman.org/blog/2011/01/22/social-engineering-deadly-weaknesses
http://info.abril.com.br/noticias/seguranca/brasilieiros-sao-os-que-mais-sofrem-phishing-19042011-30.shl
http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm
http://www.pcworld.com/article/182180/top_5_social_engineering_exploit_techniques.html
http://info.abril.com.br/noticias/seguranca/brasilieiros-sao-os-que-mais-sofrem-phishing-19042011-30.shl
http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
Mdias
Images:
Capa - Master of Puppets - http://www.flickr.com/photos/50417132@N00/2178362181
Person Icon http://edge-img.datpiff.com/ma336d2d/DeeZee_Too_Be_Continued_-back-large.jpg
Calling http://www.flickr.com/photos/37475356@N00/5740461432
Suit and Tie http://www.flickr.com/photos/55046645@N00/475680145
Pierce Brosnan http://osolimpianos.files.wordpress.com/2009/05/jamesbond.jpg
Computer Geek http://www.flickr.com/photos/18519023@N00/3498738259
Seller http://www.flickr.com/photos/larskflem/93753458/in/photostream/
Multiple Faces http://www.flickr.com/photos/56695083@N00/4470486685/
Drunk Guys http://www.flickr.com/photos/82605142@N00/86601569
Puss in Boots http://www.jpegwallpapers.com/images/wallpapers/Puss-In-Boots-Shrek-497126.jpeg
Mother http://www.flickr.com/photos/brandoncwarren/5088547448/in/photostream/
Dumpster Diving http://www.flickr.com/photos/75054419@N00/460133621
Distrustful http://www.flickr.com/photos/37354253@N00/388468654
Climb on giant tubes http://www.flickr.com/photos/squeakywheel/379078841/in/photostream/
Shang Tsung http://www.umk3.net/images/portrait/shang_tsung.gif
Shoulder Surfing http://www.flickr.com/photos/16258917@N00/2785190754
Fisherman http://www.flickr.com/photos/41346951@N05/5187103981
Red Telephone http://www.flickr.com/photos/pulpolux/151179802/
Spam http://www.ciromota.net/wp-content/uploads/2008/10/spam.jpg
Setting Up Email Account http://www.flickr.com/photos/pieterouwerkerk/698618765/in/photostream/
Viagra http://www.n24.de/media/_fotos/bildergalerien/002011/valentinstag_1/7611575.jpg
Pic of Email Screen (SPAM) http://www.fastactiontraining.com/wp-content/uploads/2010/10/Pic-of-Email-Screen.jpg
Jornal Hoje http://4.bp.blogspot.com/_OZcgbN6AowE/S7uYcZuhbqI/AAAAAAAAAWQ/SKOM0o-_mIQ/s1600/jornal
+hoje_globoc%C3%B3pia.jpg
Baby at Computer http://www.flickr.com/photos/65315936@N00/5511409574
Impressed http://www.flickr.com/photos/64114868@N00/1019654125
Security Guy http://www.flickr.com/photos/51035555243@N01/268524287
Head in Hand http://www.flickr.com/photos/34120957@N04/4199675334
White Ninja http://www.flickr.com/photos/cverdier/3893327741/
Lady Cat http://sweettater.files.wordpress.com/2010/03/cimg3458.jpg
God of War http://wallpapers.freewallpapers.im/images/2011/02/1024x600/god-of-war-2-game-1935.jpg
My Files http://www.flickr.com/photos/84172943@N00/5352825299
CD-R http://www.flickr.com/photos/45382171@N00/1515739697
Inside Outside http://www.flickr.com/photos/followtheseinstructions/5571697149/
Pole Dance http://www.flickr.com/photos/46854683@N04/4547706741
Seller http://www.flickr.com/photos/17768970@N00/4485455723
Thumbs up http://www.flickr.com/photos/37961843@N00/6265449
Greed http://www.flickr.com/photos/calliope/2207307656/
Dress Table http://www.flickr.com/photos/centralasian/5968327542/
Trust http://www.flickr.com/photos/43132185@N00/196015953
Sloth http://www.flickr.com/photos/28442702@N00/279470157
Compassion http://www.flickr.com/photos/29553188@N07/3573969837/
Running http://www.flickr.com/photos/51035555243@N01/287666827
Files http://www.flickr.com/photos/juniorvelo/3267647833/
Goofy http://www.flickr.com/photos/42dreams/73838574/
Library http://www.flickr.com/photos/51035555243@N01/85441961
Talking Business http://www.flickr.com/photos/brymo/272834885/
Mask http://www.flickr.com/photos/18548550@N00/5313987
Young Gentleman http://www.flickr.com/photos/64031910@N00/422547724
Goomba VS Mario and Yoshi http://www.flickr.com/photos/77161041@N00/2266201047
Mother http://www.flickr.com/photos/54304913@N00/17647469
Private Place http://www.flickr.com/photos/76151808@N00/6100020538
Kevin David Mitnick http://www.starnostar.com/data/images/who-is-Kevin-Mitnick-is-star-or-no-star-Kevin-David-Mitnickcelebrity-vote.jpg
The Jersey Devil http://www.flickr.com/photos/79874304@N00/285367520
A little better than the last group http://www.flickr.com/photos/81881849@N00/3222035439
Operation Takedown http://filmescomlegenda.net/wp-content/uploads/2009/03/operation-takeodown-300x422.jpg
I Have You Now http://www.fotopedia.com/items/flickr-3500989490
Spying Turquoise http://www.flickr.com/photos/jdhancock/7439564750/
Office Prank http://www.sprichie.com/wp-content/uploads/2012/01/office_pranks_05.jpg