Popular Mechanics (South Africa)
Understanding the human element
As an expert on the human element of security, negotiations, non-verbal communication and deception, Jenny Radcliffe uses her skills to assist companies in protecting themselves from malicious social engineering attacks. She consults, speaks to and trains people in the skills of “people hacking” and explains how social engineering, using psychological methods, can be a huge threat to organisations. telephone conversations with a social engineer,” explains Radcliffe. The procurement professional had been talking to the fraudster for months, believing the individual concerned worked for a remote section of a genuine regular supplier.
“The social engineer worked on gaining trust and rapport over a period of months. By the time the details were changed on the invoice, the employee both liked and trusted the social engineer.”
With full confidence that the person on the other side of the telephone was who they claimed to be, the procurement person changed bank details on a six-figure payment. Why? “Because (the victim) had no reason to suspect that the associate was anything other than genuine.”
Social engineering is often a patient and planned attack and the building of trust illustrated by this incident, which was then exploited, is a good example of a non-technical – but very costly – human hack.
Staying safe in your personal and professional capacity is not impossible. There are steps everyone can take to ensure that valuable data – including passwords and banking details – of themselves and the company they work for remains a secret.
Radcliffe’s guidelines to safety are simple: l Be more suspicious l Learn what pressure looks like.
Whether it be over the phone, in person or via email, we need to understand how social engineers use psychology to manipulate us.
“You don’t need to know everyone. Start by understanding that, if you feel pressure to go outside your normal behaviour, you should step back and think twice before doing what you are being persuaded to do.”
How is this achieved? Primarily by understanding that social engineers, hackers and criminals often don’t look the way they are portrayed in popular media.
“Fraudsters are very good at looking and sounding authentic and unthreatening. So, we all need to be more vigilant at looking beyond the outer appearance of people and observing potentially suspicious behaviour instead.”
A huge amount of online crime takes advantage of ignorance about security. Says Brandon Bekker, managing director of Mimecast in Africa and the Middle East, “The best defence against cyber scamming is to educate yourself about Internet fraud and phishing techniques. Keep up-to-date on the latest scams going around through the banking platform of your choice, so you always know what to look for.”
Here’s one obvious tip: if a special looks too good to be true, it probably is. “People can avoid being scammed by email specials by accessing them on the retailer’s wesite.”
Radcliffe says it all boils down to education. “Employees need to understand the basics of social engineering and other scams so that they can recognise when they are being conned.”
Her advice is to make staff responsible for policing the problems they identify and to reward them for it. “Talking about the scams they have seen in the media or the near misses that have happened within the organisation keeps the dialogue going and the topic fresh in their minds.” But employers are just as responsible. “Managers and leaders need to understand their staff as human beings well.” She explains: “They need to know what ‘normal’ looks like for their people, so that when behaviour changes a red flag is raised.”
This type of monitoring works as an aid in cases of insider threat – whatever form that might take – because people’s behaviour changes once they are under pressure, or become disengaged or disgruntled with the company.
In what were the original AT-ATS constructed from?
The AT-ATS (All Terrain Armoured Transports, or Imperial Walkers, as they were also known) were fashioned from the crushed hopes and pathetic tears of the Rebel Alliance, dispirited by the Empire’s resilience following the destruction of the Death Star and distraught over the discovery of their doomed base on the ice planet Hoth. And hand-machined aluminium, mostly.
Nowadays (as in the excellent Rogue One), such cinematic creations are completely computer-generated. But a long time ago in a galaxy much resembling our own, the special-effects Jedi at Industrial Light & Magic used models and stop-motion animation to bring the Empire’s stork-legged strike force to life. First, skilled craftsmen customfabricated complex, movable aluminium armatures, which were then skinned with moulded materials, typically foam, to assume their final appearance. The most used models were about half a metre tall, but the team worked with a range of sizes from a R5-coin-size miniature to a single foot that was a metre in diameter. Since the moving models had to be photographed 24 times in 24 different positions to produce a single second of action, the ability to shift them in tiny, highly precise increments between individual frames was critical.
ILM’S Paul Huston, chief model maker for The Empire Strikes Back, says it might have taken animators – who would pop up in the miniature “set” through a trapdoor – two hours of work to produce a second’s worth of film. “It’s more than just moving something from frame to frame,” he says. “It’s actually understanding the acceleration and deceleration at different points in motion and how the leg supports the body, and the weight of the body; it drives me crazy just to talk about it.” Huston, still with ILM, harbours some nostalgia for the bygone days, though he acknowledges the advantages of contemporary digital wizardry. “I love the old stuff. I love certain things about that work process and about how things looked,” he says. But, “We would never have the films we have today if we were still doing it this way. It’s just too difficult and expensive and there are so many things that you can’t do.”