Saturday, April 18, 2009

Social Engineering in the Scriptures

This post is really more about historical accounts of social engineering than a discussion about religion. Since social engineering is the focus of this discussion, I felt this post would be of more interest to the security crowd than those interested in religion. I normally discuss religious topics on my religion blog.

Often we think of social engineering as a trick that crackers and pen testers use to gain information to help them get access to someone else's system. However, the concept of social engineering predates computers and hackers by thousands of years.

A couple days ago I came across a passage in Alma chapter 55 in The Book of Mormon: Another Testament of Jesus Christ, which gave a very interesting account of how a group of people around 63 B.C. used social engineering to win a battle without having to kill a single person. A group of people called the Nephites was in the midst of a war with a rival group, the Lamanites. Moroni, a Nephite military leader, found a man among the Nephites who was a descendant of Laman and thus looked like a Lamanite (the man's name, incidentally, was also Laman), and sent him with some wine to the entrance of a city that was being held by the Lamanites. When the Lamanite guards spotted him, Laman told the guards that he was a Lamanite who had escaped from the Nephites and had stolen some of their wine. The guards (who were probably bored during their night shift) said that they were weary and insisted on drinking Laman's wine, which was very strong. Before long, the Lamanite guards were all drunk and had fallen into a deep sleep, and the Nephite army entered the city. When the Lamanites awoke the next morning, they saw that they were surrounded by the army of the Nephites, and they had no choice but to surrender their weapons and plead for mercy. This battle was won all because of a simple but very clever social engineering attack.

Reading this reminded me of a Biblical passage from the Old Testament in Judges chapter 12 which took place roughly a thousand years earlier on the opposite side of the globe. This passage talks about a failed social engineering attempt by the Ephraimites. The Gileadites, who were enemies of the Ephraimites, put guards at the crossing of the Jordan River so that the Ephraimites would have to get past them to return to their own land. The Ephraimites tried to trick the Gileadite guards into thinking they weren't in fact Ephraimites, but they were unsuccessful:
"...and it was so, that when those Ephraimites which were escaped said, Let me go over; that the men of Gilead said unto him, Art thou an Ephraimite? If he said, Nay;
Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two thousand." (Judges 12:5-6 KJV)
The Gileadites knew that the Ephraimites pronounced the word "shibboleth" differently, so they used this as a test which foiled the Ephraimites' attempt to trick them.

If you're interested in social engineering, you'll enjoy reading The Art of Intrusion by renowned security consultant Kevin Mitnick, who shares real-life cases of modern social engineering schemes and outlines how each case could have been prevented.

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)