The people who know me a little bit better, know that I’m not only interested in Webaplication Security, no I’m also very interested in Social Engineering which I think is the most effective way of hacking if you would call it in this way. Because of the importance of this topic I’d like to write also more about stuff related to it in the next time in my blog.
For starting with Social Engineering stuff, I’d like to talk about an idea I had, how someone can “kill” a whole Company and I call this kind of attack “Hacking Processes”.

If you’re a company, you’ll always have some competitors and many times the is something like a cold war between such companies. Now think about ways to become a leader in the field your company is working, which ways do you have? For Example:

• Have a better product.
• Doing better advertisement.
• Sell your product cheaper then your competitor.
• …

This are the normal ways of become a better position on the market bur now forget all your ethics and think only about your goal to become the market leader. If you do that, you’ll get instantly much more possibilities like:

• Extort some key people in the company of your competitor.
• Kill the CEO.
• Bombing the Headquarter away.
• …

Of course, I don’t think that these are very good ideas at all but if you’re only focused on your goal then you have to think about such nasty things.

Ok, now I should explain how this has to do with social engineering. It’s very simple; nothing. The ways of reaching your goals can be done in the ways I’ve listed above and of course there are much more ways to do it but the first part is not that easy and most of the time very expensive and the second part, yes I think I don’t have to explain you the problem with this kind of ways to reach your goal.
So, let’s start with “Hacking Processes” and let a whole company die without anybody who will know that it was not their own fault.

(At this point I’ve to say that the following are only ideas and I hope that nobody will do what I subscribe there.)

Top-Down concept
Think about a bigger company which not only have a chief and a few workers in there. No, I’m talking about a company which is big enough that it’s normal when there are changes in about the middle of the hierarchy of the company. Now, think of yourself as a CEO of also such a company. For doing the attack I would show you now, you’ll need a team of very good qualified people, which have a very good knowledge in the part they’re working; could be Management, IT, Human Ressources and so on. It’s also important, that this people do their work only for money and not because they really love what they’re doing. Ok, now the point you wouldn’t like: Pay them a very good salary so that the don’t like to change the company. So, we come no to the nasty stuff. Looking for strategic important jobs, your competitor is searching someone new for doing it. Ok, send the best man/woman of your team for getting this job. If that works, you’re in. Now it’s not that hard to reach your goal of ruin, kill, what ever the company of your competitor. Because you have someone in this company, in an important strategic position, this person can now get more people of your “destroying”-Team into your competitors company. Ok, because they’re all very qualified and have more or less important positions, they can start to slowly bring down this company. They can for example:

• Discard good people.
• Pay the employees less money so that they automatically quit.
• Make workflows that complex that nobody can do it in the way they should do.
• …

So you don’t need much time and at least the whole lower part of this company won’t work anymore and this is the end of each company.
Of course your team can also give you important information about the products and strategies of your competitor at the same time but this is normal industrial espionage.

Bottom-Up concept
In the part above we saw, how we can ruin a company with inject people of you into important positions. Now I’d like to show you, how to do the same but from the bottom. This way will take some more time and human resources but it could be more effective and it’s harder for a company to detect.
First, we start also with building our “destroying”-Team but now we need more people in it and all of them have to be very good in the job they’re doing. Now you don’t try to inject these people in such high positions as we did it in the Top-Down concept, put them in different normal jobs. Ok, now the hard part comes, you should have a hierarchy you like to build with your team. Then they start working in your competitors company and the following diagrams will show you how.

As you see, in this example we have five people. in the first step, two people help the other three. Of course in this way they can’t do their own job in a good way an will get fired very fast but this is part of your strategy. Because the two people which will get fired helped the three others, they’ll do an amazing job and will become a higher rank in the company hierarchy very soon. Now you’ve still three people in this company (of course there could be much more) and two of them will do the same for the third as the two did, which where fired. In this way the last one will also do there once more an amazing job and will become a higher position once more. Now this person does the same as in the Top-Down concept and you’ll get the same effect.

Both concepts could work and I also think they’ll work without getting problems if you’ve got the right persons for a job like this.

As I said, I’d like to write a little bit more about Social Engineering related things in the feature and I hope that the people who read my blog will also enjoy that stuff

PS: I was very tired when I wrote the text, so don’t care about the orthography at all