My task was: “Convince a fellow player your name is
something other than it is.”
Did I accomplish it? Yes
I don’t have evidence to confirm this because we had verbal
conversation.
I’ve had many conversation with this fellow player in
previous classes and we were talking about our ethnicity and where we come
from. That’s when I told him my name was Maria and explained this was my
grandmother’s name but I just don’t use my first name but my middle name.
Application: I think this is a task that could be easily
performed by someone trying to get inside a social circle or a company. This
technique could be used to make the victim feel they have something in common
and start a casual conversation to obtain information from the victim. This can
also be used to impersonate someone from a company the attacker is targeting.
Ethical reflection: I think the idea of impersonating
someone else to obtain information or break into a company related to identity
theft in some way. This could be dangerous for a company because once the
attacker has physical access to the company assets the game is on the
attacker’s board and it’s very easy to lose after a company lost protection to
physical assets. A good way to apply this is for example a criminal office from
the information security/forensics department of a law enforcement entity can
try to impersonate an attacker to gather more information from one of their
peers. Also, a white hacker can test the ability of employees from the
management tier of a company to see how easily they will give away information
via email, to someone pretending to be the CEO of the company.
No comments:
Post a Comment