Wise Words: social engineering and blagging
When I first heard the term “social engineering”, I thought it must be something positive. "Social" makes me think of “social events”, “social skills”, “social networks”, “social calls” and “social life”. OK, there are a few terms I hope I don’t personally have to have anything to do with, such as “social benefits” and “social housing”, but even these terms have a positive side to them. It helps to avoid “social exclusion”. Generally, “social” is good.
As for engineering, it’s probably one of the few professions that are still admired. “I’m in engineering” doesn’t get the same negative reactions as “I’m in the insurance business” or “I’m a banker” or — even worse since the allegations that the News of the World, Britain’s biggest Sunday newspaper until it was shut down last week, had accessed the voicemail of a murdered teenage girl, Milly Dowler — “I’m a journalist”.
But social engineering is not very nice at all — and it’s partly to blame for the so-called phone-hacking scandal in the British press. It also goes by the more informal term “blagging”, which doesn’t even try to sound nice. If you “blag” or use social engineering, you lie or use clever talk to get people to reveal confidential information. It involves deception, the pretence that one is someone else.
Once a person has revealed the information, the “blaggers” can use the new details to gain more information or to access confidential files, private voicemails or bank accounts. Each piece of information, however small, can help them to get even more information from someone else. The more information they can provide about the target, the more likely they are to be successful in their next attempt at getting information. Or at getting paid by the gutter press.
Oh, yes, and blagging phone bills, bank details and health records is illegal in the UK. However, if a journalist or investigator can prove blagging was done in the public interest — to uncover illegal practices, for example — they won't face criminal charges. But, as many have argued before, what the public finds interesting is often very different from what's in the public interest.
Here’s how it allegedly worked for The Sun, another one of Murdoch’s tabloids (only this one is still being printed). The newspaper probably hired a private investigator who used blagging to get hold of Gordon Brown’s bank accounts and his newborn son’s medical records. Yesterday, Brown went public with this information in an interview he gave to the BBC on the whole seedy and disgusting affair.
So why should you be on your guard? You’re not Gordon Brown or a celebrity (I assume). Blaggers are known to target companies and “ordinary” people, too. They try to find out all kinds of information that may seem very innocent at first, but which could be vital. For example, giving out the private mobile-phone number of your boss would not only really annoy him or her, but it could also allow someone with the right knowledge to access the voicemail.
Armed with the phone manufacturer's default PIN numbers — possibly obtained through blagging the phone company — a private investigator can quite easily listen to voicemail messages. Do you know whether your boss has changed the default voicemail PIN number? For that matter, have you?
The blagger could of course just go on Facebook, LinkedIn or Xing, one of those “social” things I said was so positive at the start of this blog post. You’d be surprised at the kind of information that's openly available there.
As the short quizzes at the end of my blog have proved popular, I've added one to this week's post, too. Test your knowledge of some of the expressions used to talk about this topic.