 
 


  ,        ?     ,   ,  ,  ?

,            ,    蠖        .     :   ,       ,        ,        .

  ,      ,         .

 ,      ,           .        ,     ,   ,   ,   .  ,   ,       .





 

 :     



  

   

  ,  

  . 

  . 

 . , . 

  . 

  . 



 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana

All rights reserved. This translation published under license with the original publisher John Wiley & Sons, Inc.

    , , .   , 2020



  .           () .  ,  ,   ,  ,   ,          .  ,   ,     ,  ,          ,      ,   ,       .

,      ,  ,   ,        () ,        ,    .


* * *


,       , , , , ,     . ,       .

, ,  ,       ,   .    ,  ,    .   .

,   !  ,         ,       .  ,      ,     .







  


   ,    :      .  ,         .           .

 1947 ,    ,      ,     80%         [1 - Allen W. Dulles. Memorandum Respecting Section 202 (Central Intelligence Agency) of the Bill to Provide for a National Defense Establishment, April 25, 1947, p. 525.].    ,         : 90%     10%  [2 - Donna OHarren, Opportunity Knocking: Open Source Intelligence For the War on Terrorism, Thesis, Naval Postgraduate School, December 2006, p. 9.].   , ,  ,      .     :       ;    ,             .

          .     ,       . ?      ,    .    ,   Facebook     PayPal. ,  ,       .   ,         ,         ,   .       ,    堖 ,       .   ,    :          ?   ,        .

        .  ,   ,     .      ,        .        ,    -   ,     .         Skype:

 , .         .        ?   .

    .

  ?

,  .

,     .

   ,   .  -    .    , ,   15     . ,       ,    , , -,          ,  -,              .

    .       ,        :   .          .   ,     䠖       .        ,      .  , ,       ,       ?         ⠖   .  ,           .

  ,    .   ,      ,    .  頖  .     ,        .    ,     ,   . ,      ,     .      .      ,    ,       ,   .

              .       ,       ,     ,      .   .    ,      젖         OSINT,  黠   ..



 ,
, ,
      




 


 Ƞ    Social-Engineer, LLC.         -,   , http://www.social-engineer.org (http://www.social-engineer.org/). 蠖       (Social Engineering Village,  SEVillage)   DEF CON  DerbyCon[3 -        . DEF CON   -  1993 , DerbyCon  2011   . . . .]      [4 -   (Capture the Flag)  ,      .         :  ,   .           ,         ,    ,     .    ,         .    : https://ctfnews.ru (https://ctfnews.ru/). . . .],     (Social Engineering Capture The Flag SECTF).        :     ,  RSA, Black Hat, DEF CON,        .  Twitter     @humanhacker.




  


 Р       .   20      ,       .        ,   ,     .

                  ,     ,      ,  Black Hat Briefings, RSA, SourceCon, SC Congress, Interop  Techno Security.

              ,          .         (CISSP).







               http://www.social-engineer.com (http://www.social-engineer.com/)        :     . ,     ,  ,   , -        .     ,      12 ,     ,       ,      .

        ,  ,      .        ,  ,  ,  ,       .           .       MI5  MI6.         35   ,       ,  .

       . ,  ,     ,    ,         ,   ,  ,   .   ࠖ       ,      .       ,      ,      .      ,    .

     ,    ,  ,   . ,           ,     .          .

,  :          :  -     .     ,      ,         . ,     ,   .

         ,  ,      .    .

     ,      :

 ꠖ        .

         .

       (ILF)     .

   ,        ( ).     ,    .  堖 ,    .

ILF         .   ,        ,   .

             ,  ,  .

          ,      .           .

 ,             (    - ).

   Social-Engineer, LLC,   . , , , , , ,             . !

      , .   ,                    (  ,  !).

  ,   Social-Engineer Podcast,    SEVillage     ,   !       .               . !







  1976       Apple Computers,      ,     .     :   ,        .  - 40   ,       .      ,     ,        .        ,   ,      ,       .

    ,      .  ,    ,            .      ,      .

   :    ,   ,  ,  .       HOPE  2004   ,       :      .            ,     .

      :          .             .

       ,       ,   .       ,          .



 







  ,             ,         .             .       (,      )        .  : ,    !

   .   :   ,    ,     ,    ,       .

,            :            .  ,    .

      ,     : ,       .    (  )  , ,      ,      .    , ,   .        ,  , , , .     , , .  ,       ,       .     ,  ࠖ .            ,      .

              .  ,       -       ,     .  ,       .

 ,  :   ,    ,         . , ,     ,   . , -          .     ,   !     Twitter   @humanhacker.       ,    http://www.social-engineer.org (http://www.social-engineer.org/)  http://www.social-engineer.com (http://www.social-engineer.com/).

      ,          ,      .    ,  ,        ,   -  ,     .   ,     .           .

,     .  ,         .  ,          .   , ,   .

,   .



 




1.     


,    ,     .

 


  ,           :     .     2010 .    ,          ,    ,   .

  ,       ,             ,  ,      ,         McDonalds.          .   -    ,         , , , ,    , ,    .

-       .    :      , . ,    ,    . ,       ,       . ,       ,            (    ),          .     , 蠖   .   .      ,     ,     .      ,   2017   80%            .

    ,  IBM  2017 , -       $3,62. ,      :   .



   2017  IBM     12  .       https://www-03.ibm.com/security/data-breach/ (https://www-03.ibm.com/security/data-breach/).        : IBM,   .


  ,           2010 .  :    ,        ? ,  .          :    ,   .

      ,   1960-     .     ,     ,      :    ,    ,       .         .  ,     ,  ,   ,        .         .

     ?  :        ,        .   -       ,    ? .       ,   :     .

  ,    ,          ,    ,     .     ,      . -        ,   .  -   ,       .     -  .  ,   .

  ,    ,    .    ,         , ,   ,  ࠖ .   ,   ,    (  ,      ).      ,   :    ,      .

  , , :     ,      ?.  .




 ?


     .    ,     .          . ,      ⠖  ,   (     -  1800    ).       ,          - .  ,                .      ,      ,    ,   .      .          ,  .     :     ,         .         .    :             . ,   ,      .

      ,    ,     蠖         .    ,       .

     [5 -  . voice + phishing  .      .  ,      ,     .      ,        .          ,    ,          .]. ,      :    ,     .  :    : laH yIlo  ghogh HablI  HIv (    ). ,  2015         .



   頖  ,     (http://www.kli.org (http://www.kli.org/))   ,         .     -.              .


,     .  ?   ,           . ,     ,      .

      .    ,        . ,    ,            [6 - .  . fishing  .         -,    ,   .         ,         ,    ..  ,      , ,           . . . .] e-mail:         24/7.    ,                (BYOD),          -,              -.

 ,  ,   .          .    ,     ,      ,  , .       ,         :    ,   .

     :     . ,      ,        .        .       ,      ,     .

,       ,     :     ,   ,  ,     ,   ,          .  ,  , .   ,                 .




    ?


 ,           ,     .       ,        . ,  ,        ,     .

 ? :      ,       ,   .   ,  99,9999999%      .   ,     ,           .

  ࠖ      .        ,       ,   , ,  .    70-      (The Social-Engineer Podcast,  -)           .       -  -  .

 -        8  13  (   ).         ,    ,  .



  -

         ( ):

       堖     :https://www.social-engineer.org/podcast/episode007-using-persuasion-on-the-mindless-masses/ (https://www.social-engineer.org/podcast/episode007-using-persuasion-on-the-mindless-masses/).

70-      .      ,       :https://www.social-engineer.org/podcast/ep-070-thinking-with-out-a-box/ (https://www.social-engineer.org/podcast/ep-070-thinking-with-out-a-box/).


   -   14  100 .         ,        .

     ? , -:        .         : ,       ,   ,       .

,        :         ,    , ,    .  ,       .      ,       ,     .    ?                  .        . 1.1.

  ,        ?    ,          .            ,             .   ,  ,  ,      .   ,       .           .








     .   ,     ,      -.  ,         .     ,      .

               ?.




 : 


        ,        10 .

,     ,     : Ƞ  ,    . ,     ,   :     ,   , ,     ,      .

, ,      ,    .      (,     , [7 -              . . . .]): ,  .       蠖          ?

40- ;

43- ;

27- .

        ,    ?

40- ;

43- ;

27- .

,         ,      .           ?    :       .

 ,   ,     :

    ,     ,       ,   .

    ,  ?        .

 ,    ߠ        ,         .    ,      .       ,     ,   . ,     ,    ,       .

    ,      ,   :       ,    . ,   ,      .       .

    .        : , , ! ,         .   -   ,   , ,      ,     ,     ,     .          .

 ? ,          . ,         (    ,     !),    . ,         -   ,         .   ,          ,   99%        .



 

,  ࠖ     ,        145   ,         .   ,    299 792/,  ,      30.


      ,     ,   ,        ,        .       ,    .

 44-  -   ,   ,     (The Moral Molecule; Dutton, 2012).                      .        : ,   ,  -  ,    . ,      .          -,     ,  -  .    ,       ,        ,  ,      ,    .



  -

 44-            :http://www.social-engineer.org/podcast/ep-044-do-you-trust-me/ (http://www.social-engineer.org/podcast/ep-044-do-you-trust-me/).


        .      ,     .    ,        ,      .

          ,     .   ࠖ      .

 ,  ,    ,       : , , , , ,  젖  ,  .  ,    ,       ,     .

 ,             ,     280 ,      .      ,       .         :            .

,          ,      :



- (SMiSHing),      .   2016      Wells Fargo,   -,     . 1.2.







 ,       Wells Fargo           ( ,          ,   ).

  ꠖ         /      .



,   ,      .  2016        .  ,       . ,      ,       .

㠖       .          ,  ,     堖      :    (Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails; Wiley, 2016). (, ,        .)      ,      (),         ,   .           .

[8 - .  . impersonation .     ,         ,     . ,         . . . .],  .       .         ,    .     ,        .         ,    ,       - ,     . ,   2017       ,     :     ,    ,   .

 

           ( ):http://www.sun-sentinel.com/local/broward/pembroke-pines/fl-sb-pines-man-child-porn20170418-story.html (http://www.sun-sentinel.com/local/broward/pembroke-pines/fl-sb-pines-man-child-porn20170418-story.html).


   -,    ,        .             .

   ,          ,  ,      .   ,        ,            .         .




-


     ,    ,           .     . 1.3.

 ,              ,   .

       ,   ,   ,     .







    

    [9 -         OSINT Open Source Intelligence.     ,   ,   . . . .]    .           ,         .           .     :   ,     ?        .


 

  ,    ,    :     .           .      ,          ,         .


 

  ,  ,  .       ʻ:

  ?   ?   ?   ,      ;

   ;

     ,   ?


 

    .    ,     .      ,           .     ,          .        堖    ,   - .    ,      ,     .    ,        .        ,   ,    ,   .




,    !  ,    . ,     .     :          ,   ,  ,   .      ,    .  ,   ,      .           ,  ,       .

      ,        ,       ,       .      ,   ,      .     ,  .

 2015    Dark Reading     ,     . (         :      : https://www.darkreading.com/vulnerabilities-threats/careerbuilderattack-sends-malware-rigged-resumes-to-businesses/d/d-id/1320236 (https://www.darkreading.com/vulnerabilities-threats/careerbuilderattack-sends-malware-rigged-resumes-to-businesses/d/d-id/1320236).)

1.,       ,       . ,          Career Builder.

2.          .       ,        -.     ,  ,      :     .

3.   ,        ʻ-.

4.         ,     Career Builder. ,      ,         .       .

5.    , ,     Proofpoint,         .

         ,   e-mail      (Career Builder),         .     :     ,   ,       .




     ?


   ,        ,        .        ,        ,       .

  ,        :   , ,     .     ,       ,     .

 ,   ,   (   ,   ?)      .    ,      .         ,     ,      .

  (  )   ,        .            .

   (   )                .         .          ,          ,   .

   ( ,   )      ࠖ  ,  , ,   .         ⠖ ,            (,   )       .  堖           .            .      .

  ( )      ,         .

   ( )   [10 - .  . frame .      .     (-  ),          . ,          .   ,     .     :     ,      .         ,       ,  ,     . . . .]   ,   ,     .

   ( ,    )        젖  .        ,   :     (Unmasking the Social Engineer: The Human Element of Security; Wiley, 2014),         .

   ( )  ,  ,    ,       -.     ,      ,    .

,   (    ?)       .             ,      -,      .

,       ,   .      ,      ?.

        :

     Wikipedia    ,       (,     ).

     ,          .            ,      .   ,    ,     .

        ,      ,          .

      ,       ,   .         ,   .       ,    ,   .    ,  ,     ,    (,    -    ).     , ,        ,   ,   .      ,  ,          .    ,     ,         ,  ,    ,  .







           .      ,      . ,       ,  ,   .           .       .        ,        .    ,    ,   .   ,    ,    .

      ,    , ,     .             ,         .

           ,           .            . ,       (,     ),       ,    . ?

 ,        ,         .        ,   :     ,     . , ,     ,     .  ,  .

       ,     ,      蠖      .           ,     ? (  .)   ,       ,       ? (     .)

           .     ,   ,  -       .     .

 -    ?    ,       . :      .  , ,  :     .     ? -, .            (, ,   ).

,    .         .




2.   ,   ?


,  ࠖ   ,     .

 


        .           .    ,          .

   ,       ,    ,    .     ,  .           廠   .       ,          .




       


         .     http://www.worldwidewebsize.com (http://www.worldwidewebsize.com/),        4,48 -.      ,    ..   -  1,3  (  1 300 000 000 000 000 000 000 ).         10   (   10 000 000 000 000 000 000 000 000).



 

,   ,   ,         . ,       ?       : , shilentno-  domegemegrotte-.


      -? ,     ,      ,    .      ,                .         ,        .         ,   ,          .

 ,      4,48 .        ,      .

 ,    2.1      .

,         .        :   ,  ,  ,    .








   ,     2017  ( : https://gizmodo.com/this-is-almost-certainly-james-comey-s-twitteraccount-1793843641 (https://gizmodo.com/this-is-almost-certainly-james-comey-s-twitteraccount-1793843641)).  頖     .    ,        .     ,      .          .  . 2.1    ,   .  ,        .

-,     : ,         ࠖ  .

    : 2016     -60 黠     .            .          .

 ,              :      .      ,       Twitter  Instagram.

      : 60   . ,   .

,   ,   ,    Twitter   ,  .      ,          .

         .    :    Instagram  Twitter.    Instagram  ,            .

     .   Instagram   ,        ,    .  ,         (     )      @reinholdniebuhr.








  Google ,     ,    .    1971       Instagram  .     ,  ,           .




  .


   .

   ,     (https://www.litres.ru/pages/biblio_book/?art=48709539)  .

      Visa, MasterCard, Maestro,    ,   ,     ,  PayPal, WebMoney, ., QIWI ,       .



notes








1


Allen W. Dulles. Memorandum Respecting Section 202 (Central Intelligence Agency) of the Bill to Provide for a National Defense Establishment, April 25, 1947, p. 525.




2


Donna OHarren, Opportunity Knocking: Open Source Intelligence For the War on Terrorism, Thesis, Naval Postgraduate School, December 2006, p. 9.




3


       . DEF CON   -  1993 , DerbyCon  2011   . . . .




4


  (Capture the Flag)  ,      .         :  ,   .           ,         ,    ,     .    ,         .    : https://ctfnews.ru (https://ctfnews.ru/). . . .




5


 . voice + phishing  .      .  ,      ,     .      ,        .          ,    ,          .




6


.  . fishing  .         -,    ,   .         ,         ,    ..  ,      , ,           . . . .




7


             . . . .




8


.  . impersonation .     ,         ,     . ,         . . . .




9


        OSINT Open Source Intelligence.     ,   ,   . . . .




10


.  . frame .      .     (-  ),          . ,          .   ,     .     :     ,      .         ,       ,  ,     . . . .


