CSCD 303 Assignment 3
Social Engineering - Research and Practice

Due: Monday, October 30th

Instructions
The purpose of this assignment is to learn about Social Engineering as a technique to penetrate and compromise systems. You will get an opportunity to research and learn techniques and then potentially try them out yourself.

Part 1 - Explore Social Engineering
a. Watch a video from the Last Hope Hacker conference on the Social Engineering panel
URL is here: Last Hope Social Engineering Panel

Answer the questions.
1. What did you learn about the ease or difficulty of performing social engineering?
2. Do You believe its easy for most people to be fooled by social engineering? Explain.
3. Do you believe social engineering is a skill most people can learn? Can you learn it?

b. Research a topic within Social Engineering and report on it. Use Internet resources for this and report any sources.
Some suggested topics include, spear phishing, vishing, Internet Scams, Internet Hoaxes, others

4. Describe the topic.
5. Provide evidence of the success of this technique.
6. List any tools available for accomplishing this technique.
7. Discuss expertise needed to carry out this technique.
8. Provide an example.

Part 2 - Do Social Engineering
Try social engineering yourself. Some of you have already succeeded in obtaining passwords from your family and friends. You can report on this if you like. You must change your mindset to perform this task. Your goal in doing Social Engineering is to help humanity to be more secure. For this part, write up the results of your experimenting with one or more techniques.

Look for opportunities to glean information:
Trash - Dumpster dive
Shoulder surfing
Borrow computers,use thumb drives
Pre-text - Gain information about family, friends or an employer and report how you could use the information gained to compromise them digitally
Pretend - talk your way into somewhere by being something you are not, look official

Deliverables

1. Write up your results in a one-two page paper. Printed copy is required.
2. Include a list of the papers or books with URL's that you used.