By Sulaiman Badamasi (Mahir)
Social engineering (also known as human hacking) is the art of psychological manipulation of human beings to trick them into making privacy blunders to giving out delicate confidential information. The perpetrator (social engineer) digs background information of the potential victim to identify key necessary weak points and possibly gain the victim’s trust to use the information against them. Before the emergence of social media, it took social engineers a long, frustrating time to acquire as much information as possible about their targets.
However, the dawn of technology saw the 21st century as the swiftest ever in terms of information circulation. The world has appeared at a height where a single tweet (for example) reaches a billion people in seconds. Thus, information runs fast, businesses nurture, distances diminish, causes foster, coverage enlarges, relationships are created/strengthened, thus making us and our lifestyles more publicized and learned about.
Despite its tremendous impact on making life more relaxed, social media compels us to unconsciously reveal vital personal information about ourselves, families, friends, etc., which could be easily used against us. In other words, what you need to know about people to trigger any havoc on them and their close ones is almost certainly on social media. People’s personal info has become so plentiful that they have a copy of their voter card, national ID card, and driver’s license posted on social media.
Moreover, people reveal their workplaces, positions, type and colour of their vehicles, wives and children (by number, names & faces), schools where their children attend (including class, level, course, location), the colour of their children’s uniforms, favourite food, the interior of their rooms, the kind of electronic devices they own/use, current location, movement plans and means of transportation (motorcycle, car, truck, train, plane) with picture evidence. You know when they sleep/wake, to mention a few.
The recent #KanuTrain attack is a decent scenario of how our personal information can be used against us. The intruders appeared to have readily gathered background details of some of the passengers, including their sitting positions on the train and their social profiles. In a video interview, the killer of Hanifa, the primary school pupil who was allegedly abducted and murdered by her teacher, explained how he took his time, gathered adequate information, and built up his fraternity before executing the unfortunate assault.
The fact is, no ill group/individual strategizes and carries out a successful attack devoid of having sufficient information, which of course, we give generously. Without data, plans go wrong, and they (perpetrators) hardly take these risks nowadays. Repeated evidence has struck our screens on how ill-doers use human informants, drones, and social media accounts to gather information about target victims before carrying out attacks on them, including military bases.
Ethical hackers do not just attack or penetrate internet environments or webservers. Instead, they do footprinting and reconnaissance to know the strengths and identify weaknesses in the system they plan to attack and then exploit them.
Have you ever wondered how your profile pictures can be grilled to reveal more information about you? We often change profile pictures on several occasions. Let us assume you have been on Facebook for ten years and have changed your profile picture ten times (once each year). These ten naturally varying images can be processed using deep learning and natural language processing to understand, for instance, the rate at which you are ageing, how happy/angry/suspicious/innocent you are looking, how healthy or otherwise, to mention a few.
A 30-minute walkthrough of the pictures you have uploaded in the last five years reveals what calibre of people you do mingle with, the state of structure your house is in, the number of countries, states, or towns you have visited, conferences you have attended, how beautiful your wife looks like, which of your siblings/parents/children you love the most, and more. Do you know that a data scientist who knows where you have been going for one year or less can use that data to predict where you will possibly be going next?
All these can be used to perpetrate evils against you/us, thus, informing a possible abductor/kidnapper whether you look like someone who/whose family can afford a ransom payment. Knowing a lot about your family tells them of the softer target amongst them. Of course, they would find it easier to abduct that daughter of yours whose school name, picture, name, age, the colour of the uniform, time to and from school you have made available than you.
Unless we have underlying valid reasons to do so, making our private information and our families public could make them more vulnerable to unnecessary access. Life now looks as if the more your sensitive information is made private, the less you are prone to some unfortunate events.
Sulaiman Badamasi (Mahir) can be reached via firstname.lastname@example.org.