open menu
Target The Developer, Human Style
Paul Bolton
Author at Bramfitt
01 Apr, 2020
in
Developers

 

In past blog posts it has been discussed how developers could be targeted, especially with the level of access they would generally have. However, some of these areas of attack wouldn’t be possible if it wasn’t for another technique which doesn’t technically require any use of electronic communication, although can play a large part in it. This technique is called Social Engineering.

 

Social Engineering is the term for human hacking. The main purpose is to manipulate individuals to get them to divulge sensitive information which could then be used further. This technique can be used anywhere, but we’ll be continuing the focus on the developer. Social Engineering could be used against developers in a few different ways and most of these would normally require the use of an electronic device of some sort. However, trying to keep away from the electronic side here, how could this be used to psychologically manipulate developers?

 

One situation can be while attending a conference for instance. Due to the social nature of conferences the potential for being manipulated here could be great, and in most cases people might not be aware.

 

The information that can be gained from a conference could seem to be basic, however this could provide leverage to further discovery. The most common information would be the person’s name, which then could lead onto the place of work. By obtaining this small piece of information, social media could be used to find out more, and may even result in soliciting connection requests from the target in order to gain even more information.

 

There can be the potential that the person carrying out Social Engineering can listen in on discussions about technology which the developer (target) and their employer may have during the conference. This could then lead onto persuading the developer to use certain libraries for example which the attacker has created.

 

If the developer then introduces the items (which could be nefarious) into the organisation, the risk would be great, which in turn may lead to loss of proprietary and/or personal information.

Join us in a partnership founded in research, education and execution

Our success is built on protecting our clients’ success. We have a distinguished track record of supporting our clients in building secure by design environments. Our consultants have successfully ushered in new security practices in leading pharmaceutical, energy and retail institutions. Bramfitt has over 50 specialists around the world and we are committed to forging long-term relationships with our clients, providing them with genuine insight and practical advice, and supporting them as they navigate the everchanging security landscape.

Let us be your partner for the next phase of your security journey.

EMEA Headquarters
Tower 42, 25 Old Broad Street London, EC2N 1HN
+44 (0) 208 187 4234
AMER Headquarters
45 Rockefeller Plaza, 20th Floor New York, NY 10111
+1 (800) 468-6046
APAC Headquarters
96 Wanneroo Rd, Yokine WA 6060, Australia
Social
Copyright © Bramfitt Technology Labs 2017-2020 BRAMFITT TECHNOLOGY LABS LIMITED Company number: 09049302
iasme consortium
iasme consortium
cyber essentials
cyber essentials plus
iot security assured
pentest
ukas iso 9001ukas iso 27001
Back to top
Get in touch