With the number of data breaches that have occurred over the past few years it’s easy to imagine that hackers are always coding in their terminals. That couldn’t be further from the truth. In order to hack a system effectively, you have to know people just by observing them. That’s because people make much more serious blunders than computers do. It takes much more time and effort to attack a secure system remotely than to pretend you’re the IT guy at a company and manually infiltrate a system.
Even as new attack vectors emerge with the rise of IoT and as cybersecurity becomes more and more of a buzzword, we shouldn’t forget that robots aren’t trying to hack systems; people are. There are many great articles that delve into the psychology of dress and what it says about a person.
That’s just at a superficial level.
For example, a tailored suit may say that a person is confident and successful. A hacker would go a level further. That suit, if it was pinstriped, might tell the hacker that this lawyer is an associate at a certain law firm in New York. The hacker then might pinpoint a list of law firms in New York whose partners wear pinstriped suits regularly to judge if wearing pinstriped suits is part of the firm culture.
That was just one example of how one would think like a hacker. It’s all about gleaning data and then applying that data. We can then take this analogy further and say that the hacker can then wear a pinstriped suit, claiming to be an IT professional after finding out that IT professionals at this specific law firm like to impress the higher ups by adhering to the dress code. This is obviously just an example but people have been fooled by impersonations and other crafty social engineering.
One great way to become secure is not to have a password that relates to our occupational or personal lives. Just by looking at your affects, a good social hacker might be able tell where you work and what your role is. From there, the hacker can work their way up.
If you’re still wary about how hackers can infiltrate a system without any technology, this 2007 video from Schmoocon walks you through a hacker’s thought process. The hacker presenting is Johnny Long who’s known for using Google searches to hack vulnerable servers.