مهندسی اجتماعی سوء استفاده زیرکانه از تمایل طبیعی انسان به اعتماد کردن است، که به کمک مجموعهای از تکنیکها، فرد را به فاش کردن اطلاعات یا انجام کارهایی خاص متقاعد میکند.
مهاجم به جای استفاده از روشهای معمول و مستقیم نفوذ جمعآوری اطلاعات و عبور از دیواره آتش برای دسترسی به سیستمهای سازمان و پایگاه دادههای آن، از مسیر انسانهایی که به این اطلاعات دسترسی دارند و با استفاده از تکنیکهای فریفتن آنها، به جمعآوری اطلاعات در راستای دستیابی به خواستههای خود اقدام میکند.
منشأ حملههای مهندسی اجتماعی[ویرایش]
حملههای مهندسی اجتماعی از دو ناحیه سرچشمه میگیرند:
چرخه حملات مهندسی اجتماعی[ویرایش]
سارا گارتنر در مقالهای راجع به روشهای دفاع در مقابل حملات مهندسی اجتماعی، اذعان کرد هر جرمی دارای الگوی متداولی میباشد. برای مهندسی اجتماعی نیز الگویی وجود دارد، که قابل تشخیص و قابل جلوگیری میباشد. این الگو به صورت چرخهای در شکل نشان داده شدهاست. این چرخه شامل چهار مرحله، جمعآوری اطلاعات، برقراری ارتباطات بهرهکشی و عمل و اجرا است، که مانند تکههای پازل به هم مرتبط و وابستهاند.
تکنیکهای مبتنی بر کامپیوتر[ویرایش]
تکنیکهای مبتنی بر انسان[ویرایش]
Social engineering is a discipline in social science that refers to efforts to influence particular attitudes and social behaviors on a large scale, whether by governments, media or private groups in order to produce desired characteristics in a target population. Social engineering can also be understood philosophically as a deterministic phenomenon where the intentions and goals of the architects of the new social construct are realized.
Decision-making can affect the safety and survival of billions of people. The scientific theory expressed by German sociologist Ferdinand Tönnies in his 1905 study The Present Problems of Social Structure, proposes that society can no longer operate successfully using outmoded methods of social management. To achieve the best outcomes, all conclusions and decisions must use the most advanced techniques and include reliable statistical data, which can be applied to a social system. According to this, social engineering is a data-based scientific system used to develop a sustainable design so as to achieve the intelligent management of Earth’s resources and human capital with the highest levels of freedom, prosperity, and happiness within a population.
Social engineering can be carried out by any organization, without regard to scale, or sponsorship in the public or private sector. Some of the most comprehensive, and most pervasive campaigns of social engineering are those initiated by powerful central governments with the systems of authority to widely affect the individuals and cultures within their purview. As a result of abuse by authoritarian regimes and other non-inclusive attempts at social engineering, the term has in cases been imbued with a negative connotation.
Social engineering can be used as a means to achieve a wide variety of different results, as illustrated by the different governments and other organizations that have employed it. Discussion of the possibilities for such manipulation became especially active following World War II, with the advent of mass television, and continuing discussion of techniques of social engineering, particularly in advertising, and bias-based journalism, remains quite pertinent in the western model of consumer capitalism. Journalism, when the intent is not to report objectively, but to report with an intent to sway popular attitudes and social behaviors or to "shape public opinion", comes under the scope of social engineering. This also applies when information that would bring into question the viewpoints and social goals of a journalistic establishment is withheld in favor of other information. Within ethical journalism the knowledge of both personal and establishment/producer bias allows the journalist to avoid social engineering by correcting it and by reporting factual evidence in a way which does not promote or oppose attitudes and social behaviors, and thereby portray or deny them as the "popular" attitude and preferable social behavior by virtue of the establishment's authority or possession of a national or international platform.
Social engineering practiced in exclusion of cultural elements and interacting societies has led to pogroms and to mass murders, particularly when employed by authoritarian regimes. Often this occurs because these cultures or societies are perceived as possessing "undesirable" traits. The acting engineers have used the simple "effective" tool of violence rather than the difficult and time-consuming methods of persuasion and logic.
Caution in social engineering methods includes consideration of the inherent incompleteness of their body of information and how it affects their utilization of tools at hand. Analysis of social engineering goals and their desirability—which includes the desires of the community which they desire to engineer—answer the question of the ethics of disclosure. Social engineering without consent is a violation of the culture, and constitutes an assault tantamount to a rape, or seizing by force of that culture (raptio). Consent, full disclosure and involvement, presents additional difficulties which help to avoid marginalization and feelings of violation within the culture. Long-term attempts at social engineering in the Middle East may be considered to have extreme backlash, as a result of being non inclusive of the cultural values, body of reliable information, or utilization of effective tools.
In defense of the comparison to rape, consider the article Raptio, which describes the origin of the word, which meant "seize prey, take by force", from raper, an Old French legal term for "to seize", in turn from Latin rapere—"seize, carry off by force, abduct". Social engineering is an exercise of removing an attitude or behavior and replacing it with another. Which is done with force, when done without consent, that constitutes a violation through abducting an individual or societies culture and replacing it with the engineers' culture.
R. D. Ingthorsson states that a human being is a biological creature from birth but is from then on shaped as a person through social influences (upbringing/socialisation) and is in that sense a social construction, a product of society.
The Dutch industrialist J.C. Van Marken (de) introduced the term sociale ingenieurs ("social engineers") in an essay in 1894. The idea was that modern employers needed the assistance of specialists in handling the human challenges, just as they needed technical expertise (traditional engineers) to deal with non-human challenges (materials, machines, processes). The term came to America in 1899, when the notion of "social engineering" was also launched as the name of the task of the social engineer in this sense. "Social engineering" was the title of a small journal in 1899 (renamed "Social Service" from 1900), and in 1909 it was the title of a book by the journal's former editor, William H. Tolman (translated into French in 1910). This marked the end of the usage of the terminology in the sense created by Van Marken. With the Social Gospel sociologist Edwin L. Earp's The Social Engineer, published during the "efficiency craze" of 1911 in the U.S., a new usage of the term was launched that has since then become standard: "Social engineering" came to refer to an approach of treating social relations as "machineries", to be dealt with in the manner of the technical engineer.
A prerequisite of social engineering is a body of reliable information about the society that is to be engineered and effective tools to carry out the engineering. The availability of such information has dramatically increased within the past one hundred years. Prior to the invention of the printing press, it was difficult for groups outside of the wealthy to gain access to a reliable body of information, as the media for conveying the information was prohibitively expensive. With the rise of the information age, information can be distributed and produced on an unprecedented scale. Similarly digital technology has increased the variety and access of effective tools. However, it has also created questionably reliable bodies of information.
Extremely intensive social engineering campaigns occurred in countries with authoritarian governments, while non-authoritarian regimes tend to rely on more sustained social engineering campaigns that create more gradual, but ultimately far-reaching, change. Governments also influence behavior more subtly through incentives and disincentives built into economic policy and tax policy, for instance, and have done so for centuries.
In the 1920s the government of the Soviet Union embarked on a campaign to fundamentally alter the behavior and ideals of Soviet citizens, to replace the old social frameworks of the Russian Empire with a new Soviet culture, to create the New Soviet man. The Soviets used newspapers, books, film, mass relocations, and even architectural-design tactics to serve as a "social condenser" and to change personal values and private relationships. In a less positive manner, political executions (for example the Night of the Murdered Poets in Moscow in 1952), and arguably fear of becoming a victim of mass murder, played an influential role in the social engineering frameworks in Soviet Russia. Similar examples include the Chinese "Great Leap Forward" (1958–1961) and "Cultural Revolution" (1966–1976) programs and the Khmer Rouge's deurbanization of Cambodia (1975–1979).
In Singapore, the Ethnic Integration Policy attempt to promote a mix of all races within each subsidized housing district in order to foster social and racial cohesion while providing citizens with affordable housing.
In the United States, cases of social engineering include the "War on Drugs", the increasing reach of intellectual-property rights and copyright, and the promotion of elections as a political tool. The campaign for promoting elections, which is by far the most successful of the three examples, has been in place for over two centuries.
In British and Canadian jurisprudence, changing public attitudes about a behaviour is accepted as one of the key functions of laws prohibiting the behaviour.
Social theorists of the Frankfurt School in Weimar Germany, like Theodor Adorno, had observed the new phenomenon of mass culture and commented on its new manipulative power in the 1920s. These theorists left Germany around 1930 due to the rise of the Nazi Party, and many of them became connected with the Institute for Social Research in the United States. After Nazi Germany was established, the new government also made use of methods to influence political attitudes and redefine personal relationships. The Reich Ministry of Public Enlightenment and Propaganda under Joseph Goebbels was a synchronized, sophisticated and effective tool for shaping public opinion.
In Greece, Greek military junta of 1967–1974 attempted to steer Greek public opinion not only by propaganda but also by inventing new words and slogans such as palaiokommatismos (old-partyism), Ellas Ellinon Christianon (Greece of Christian Greeks), and Ethnosotirios Epanastasis (nation-saving revolution, meaning coup d'état).
In Egypt, social engineering is being practiced by the current authoritarian regime and by the media controlled by the Egyptian Intelligence, Military since July 2013. They engineered a coup d'état to overthrow the first democratically elected president, Mohamed Morsi. The media had been criticizing Morsi's every move during his one-year presidency, which had fueled much opposition against him and resulted in demonstrations against him in Tahrir Square on 30 June 2013. Many supporters of Morsi came to the street to support him. They were later all killed and imprisoned in the Rabaa Massacre and were labeled as terrorists when General Abdel Fattah el-Sisi called Morsi to give him support to end terrorism. Since then, Sisi has been using social engineering by controlling the media and falsifying evidences and news to gain support, blocking any news agency that opposes him and VPN providers to prevent citizens from gaining any source of news other than the one controlled by him. Social Engineering is also being used on children in schools by ordering children to repeat sentences in support of Sisi like "Long live president Sisi". The video was shared on Facebook and seen by 1.5 million viewers. Many Egyptians believe that this is an attempt to imprint on children in order to shift their behavior and thinking, fearing another revolution like the one in January 2011 that ousted president Hosni Mubarak and was led by youth and young adults. Something a little similar to Nazi Germany when Hitler was using children.
In India, social engineering was effectively done[by whom?] in the state of Bihar, on a grander scale, to unify different castes after 2005. The coherency of voting allegiances based on social extremes among upper castes and Dalits were challenged by this vote (Poll in Indian reference).
In his classic political science book, The Open Society and Its Enemies, volume I, The Spell of Plato (1945), Karl Popper examined the application of the critical and rational methods of science to the problems of the open society. In this respect, he made a crucial distinction between the principles of democratic social engineering (what he called "piecemeal social engineering") and Utopian social engineering.
According to Popper, the difference between "piecemeal social engineering" and "Utopian social engineering" is: