Social Engineering Attacks and Counter Intelligence - Case Study Example

? Social Engineering Attacks and Counter Intelligence What is Social Engineering? Social engineering is seen to essentially describe the non-technical intrusion that is seen to primarily rely on human interaction with the prime objective of essentially ticking other persons to break the established normal security procedures and provide them with either the confidential information its self or access to it (Mann, 2010). To achieve their objectives, social engineers run con games on other individuals by relying on these people’s weaknesses and natural helpfulness. Social engineering is seen to comprise of a collection of various techniques and tools that are seen to range from psychology, ethical hacking and negotiation. Social engineering is seen to mostly rely on people’s innate inability to effectively keep up with the current culture that heavily relies on information technology, this essentially refers to the fact that most persons happen to not be well aware of the actual value of the information that they happen to possess and are therefore rather careless about its protection (Rouse, 2006). It is not uncommon for most social engineers to try and search dumpsters in a bid to try and obtain valuable information, engage in the memorizing of access codes by essentially looking over someone else’s shoulder in a technique that is commonly referred to as shoulder surfing, or taking full advantage of people’s natural inclination to constantly choose passwords that happen to be meaningful to them and can be easily guessed (Rouse, 2006). Most Security experts have taken to proposing that as the modern day culture continues to become ever more dependent on information, it is increasingly evident that social engineering will ultimately remain as the greatest threat to any possible security system. What is Counterintelligence? According to Hawkins (1997), counterintelligence has actually been around for as long as espionage has been. Traditionally, counterintelligence has mainly been thought of only in the context of solely attempting to counter human espionage efforts. However, modern counterintelligence is designed to be a multi-disciplinary effort and can be defined as being the detection and effective neutralization of the activities and opportunities of a given competitor with the sole objective of gaining proprietary advantage over a certain given organization by using a raft of unethical and illegal methods. Competitors can be identified as being anything from a local or foreign business enterprise or individual to a foreign government. Hawkins further notes that, over the past ten years, counterintelligence has been redefined by the United States federal government to counter more than the threat from human intelligence to now include imagery and signal intelligence collection. The Potential Implications of Social Engineering and Counter Intelligence in respect to the Leaked Iraq War Logs and Afghan War Diary It is probable that social engineering was primarily used to trick Bradley Manning who is the 22 year old U.S Army Intelligence analysis suspected of leaking an approximated over 700,000 secret government documents to the Wikileaks website. As such, it is seen that Manning may have been tricked into going beyond his already established user rights into divulging this information. The Wikileaks website owner Julian Assange is however seen to refuse to divulge exactly who it was that provided him with the leaked documents. To this end, it is seen that the United States counterintelligence efforts happened to experience a serious lapse in that such important and classified information could be copied and sent to an outside source unofficially. As a result of social engineering and inefficient counterintelligence efforts, the United States military is now seen to be exposed as the Pentagon claims that it is aware that a number of various terrorist organizations are currently actively engaged in mining the leaked Afghan War Diary documents in an effort to try and obtain information that they can be able to use against the United States military. Concerns are now being raised that the Iraq War Logs which are four times as large as the Afghan War Diary documents essentially put the United States military in more danger as they contain more information pertaining to the military’s operations. The sensitive information contained in these documents is also feared to disclose information on some of the individuals in Iraq and Afghanistan that happened to collaborate with the military which puts these individuals in danger of attacks by armed groups such as the Al Qaeda and supporters of the ousted Iraq ruler Saddam Hussein. The Importance of Forming a Sound Information Security Workforce According to Vacca (2013), people arguably form the weakest element in the formula that is used in securing an organization’s or country’s networks and security systems. As compared to the technology factor, the people factor is a critical factor that is often seen to commonly be overlooked in the security question. It is important to ensure that an organization or country forms a sound information security workforce if its overall objectives and goals are to eventually be realized. Targeting the right individuals and providing them with the right information aids in the development of an effective information security programs within an organization or country. It also aids in the prevention of incidents of information leakage (Vacca, 2013). Challenges Experienced in Establishing a Sound Information Security Workforce There are a number of key challenges that are associated with setting up a sound information security workforce. Some of these include that most of the more experienced information security personnel happen to have reached retirement age and this is seen to leave a much needed gap in security, these more experienced personnel would have been able to provide guidance and stopped incidents such as those experienced in the Iraq War Logs and Afghan War Dairy leaks. Carey (2006), points out that most of the current younger crop of information security experts are not looking for career security and long-term employment opportunities as they are focused on trying to obtain new experiences and challenges. They are also seen to expect to be furnished with the newer technologies so as to be able to be productive and perform well in their jobs. It is important for the United States government agencies to formulate new programs and policies that will serve to attract the younger employees. The Influence of Release on Wikileaks of the Iraq War Logs and the Afghan War Diary Documents on Risk Management Procedures and Security Policies Some of the more probable effects of the release of the Iraq and Afghan documents on Wikileaks on the security policies and risk management procedures include the creation of new strict security procedures and the formulation of new risk management policies designed to facilitate legal or disciplinary action against those persons that might happen to fail to comply with their established information security obligations. The leakage will also lead to the improvement of the effectiveness of the various information security controls through measures such as the implementation of a number of new, acceptable and cost-effective controls. There will also be a redesigning or retirement of some of the more ineffective controls. Probable Methods that can be used to Effectively Thwart this Type of Intelligence Leak in Future and why they would be Effective Employee Training Programs: It is possible to use employee training programs to help in educating employees and sensitive them on the dangers of social engineering and the intense effects of intelligence leaks. According to Vacca (2013), security employee training and awareness programs happen to be a crucial component of information security programs and can act as the vehicle via which organizations and countries can be able to disseminate security information to their workforce. Providing information and training to employees can help in effectively guarding against document leaks. Enhancement of Security Monitoring and Effectiveness: A relatively large number of various suspicious events tend to occur within most computer systems and enterprise networks nearly every day and successfully manage to go undetected. However, with the implementation of a security monitoring strategy, an appropriate incident response plan, and effective security metrics and validation, it is possible for governments and organizations to achieve optimal security levels. It is important to build intelligence into security tool so that these tools will serve to alert the users in the event that a bad set of events happen to occur or a given vulnerability happens to be under attack (Vacca, 2013). As such, this can result in preventing leakage of information and some of the possible social engineering attempts. References Mann, I. (2010). Hacking the Human: Social Engineering Techniques and Security Countermeasures. Gower Publishing, Ltd. Rouse, M. (2006). social engineering. Retrived on Oct 31, 2013 from http://searchsecurity.techtarget.com/definition/social-engineering. Hawkins, G. (1997). Protecting critical information & technology : fourth national operations security conference. [S.l.] : Diane Pub Co. Vacca, R. J. (2013). Computer and information security handbook. Amsterdam : Morgan Kaufmann Publishers is an imprint of Elsevier. Carey, A. (2006). 2006 Global Information Security Workforce Study: A Special U.S. Government Perspective. Retrived on Oct 31, 2013 from https://www.isc2.org/uploadedFiles/Industry_Resources/wfs_gov.pdf. Read More