Social Engineering: A Physical Access Attack
One of the most common kinds of social engineering attacks is a physical access attack. Social engineering attacks target physical access to computer systems and networks. It involves interaction with computer users to have them reveal security-relevant information to cause breaches in a network system or perhaps even permit an attack. Since social engineering tries to persuade a victim to be helpful, the attacker will often impersonate the person. Many times, the damage of social engineering is not known by the victim for some time. To combat such an attack, people must first understand social enginnering and then know how-to protect against a social engineering attack.
Once a victim falls to a social engineering attack, the attacker will provide physical access to a computer and possibly a network. The only hold up may be the users' password and authentication on to a PC or network. This assumes, of course, that no other biometric device (like a finger print scanner) is used. Hint: It may be a good investment in owning one since passwords are known to be easily hacked.
Next explains how a social engineering attack works...
An attacker would start by mounting your drive using a linux live-cd (for instance the security distro Backtrack 3). To gain read write access they would use ntfsmount. Assuming your disk was at /dev/hda1 they would use this command:
ntfsmount /dev/sda1 /mnt/hda1
Passwords on your computer are stored in the form of encrypted hashes. The attacker would use two commands to dump these hashes to their disk.
bkhive /mnt/sda1/WINNT/system32/config/system systemKey.txt
This dumps the computers boot key to ‘systemKey.txt’.
samdump2 /mnt/sda1/system32/config/SAM userHashes.txt
This dumps the password hashes to ‘userHashes.txt’.
The attacker can then crack these password hashes at their leisure on their own machines using tools like Cain and Abel, John the Ripper or Rainbow Tables. To finish our example using John the Ripper, the attacker would use:
The user then has access to all of the local accounts on the machine. Easy wasn’t it?
Advice: Since a social enginnering attack will raise awareness for victims, any education and user awareness training on social enginnering will be beneficial for them.