Social engineering is a term that is used differently in two fields. In Sociology, social engineering is defined as the act or art of causing planned changes in the key elements or factors of a society. In the security and computer fields, social engineering is the act of using manipulation or deception to manipulate people into revealing or releasing private or secure information.
In the social aspect, the tools for social engineering begin with good old Rhetoric. The art and skill that the great rhetoricians apply to the language serves to manipulate, inform, teach, deceive, motivate, lead, convince or rouse the members of a society. When a polling result shows that the majority of the population disapprove of proposed legislation to raise taxes, for example, then the proponents of the legislation can produce print, television and radio advertising. They can publish blog and internet forum discussions, they can send their best rhetoricians out to do battle on the all-news channel interview circuit in order to convince enough people to change their minds and to support their plan.
In the social definition, polling, “scientific findings” and “independent reports” can be used, honestly or deceptively to change minds, spur action or get planned redirection of society off the tracks, or back on track as required. The recent report by a reputable accounting firm that was critical of health care reform measures, was intended to change public opinion and to affect a congressional vote. But it was exposed as a factually flawed and deceptive attempt which backfired, created public and congressional outrage, and gave the incentive for even more public and congressional support for the legislation. Also, the report and its ensuing controversy affected the reputation of the firm that created it.
The most dramatic, sometimes controversial and successful examples of sociological social engineering include vaccinating children and adults against deadly diseases, changing attitudes and behaviors in ways that reduce pollution and environmental damage, and motivating people to gain as much formal and technical education as they can. The tools for these social engineering events included scientific research and development, directing taxpayers funds, passing laws, and using the government’s financial or coercive authority to enact and enforce the laws.
In the second definition of social engineering: using human weakness or flaws in security systems in order to obtain access to computer systems or to obtain secure information. The computer hacker uses a variety of artificial intelligence tools and techniques to get past virtual firewalls and other protections for computerized databases.
Others prey upon the inherent trusting natures, ignorance, or gullibility of humans in order to deceive them into releasing personal information. This is commonly referred to as “Phishing”, where counterfeit banking and finance notices, documents, phone calls, and false mailings are used to convince individuals to reveal their access codes, social security numbers and other information.
Some virtual forms of social engineering are of a far more sinister and destructive nature. Individuals who encourage others to commit suicide, sexual predators who pose as children in chat forums, pornography sites that are falsely labeled and presented along with other innocuous search engine results, extremists who cause mass political hysteria, and pranksters who cause false rumors to spread are examples of some truly ugly aspects that are not included in academic discussions of virtual social engineering.