Criminal law and social engineering

Social engineering pertains to the set of technologies that are employed to influence individuals to disclose their personal information to another party (Mitnick et al. , 2002). It is similar to a simple fraud wherein an individual is deceived to release essential information regarding their identity through a computer website. Generally, the attacker does not have the opportunity to be physically present to commit the crime. Social engineering works as a scam that targets individuals to authorize a website to take any information about him.

The victim technically accepts the authority that the website handles the information by clicking on a command on the website that shows his expression of willingness to cooperate with the people managing the website. The individual managing the website and gathering the information is known as the social engineer who extracts critical personal information from a client and potential victim such as his social security number, bank account numbers and bank names, as well as login identification and password.

The techniques of social engineering have flourished due to the errors in human logic or cognitive prejudice (Barrett, 1997). These prejudices are employed, together with other techniques of deception, to create procedure that will trick individuals into disclosing their personal information. One technique of social engineering is pretexting, which pertains to the designing and employing a fabricated scenario, or pretext, to convince an individual to provide their personal information or to execute an action that is generally performed through the telephone.

Pretexting is an intricate form of a lie because in requires comprehensive research and arrangements, as well as personal information of the target individual before the perpetrators could commit the planned crime. The personal information that social engineers would need include the target individual’s date of birth, his social security number, the amount indicated in his last bill. This information would then be presented to the target individual over the phone in order to prove to the target individual that the called is a legitimate member of a company.

This procedure was initially employed by private investigators to gather information on an individual’s telephone, utilities and bank accounts, also for the goal of proving his legitimacy to extract information from the client. Another social engineering technique is phishing, which pertains to the deceptive extraction of personal information from an individual. Phishing generally involves the transmission of an email that seems to be connected with a legitimate company such as a bank or a credit card company.

The email states that the target individual is required to verify some information so that the individual’s account with the company can be maintained. The target individual thus is tricked into performing the action because he is concerned about his account with the company (Cialdini et al. , 1992). The fraudulent website is thus accessed by the target individual on the internet and he submits his personal information on the website. Other social engineering techniques include Trojan horse and road apple which are physical media that focuses on the curiosity of the target individual.

The social engineer attaches a malware in the website so that he can gain access to the individual’s computer as soon as that person clicks on the website on his interest. If I were in a position to enact laws, I would create and propose serious penalties for the unlawful and deceitful gathering of personal information from an individual through the use of a computer and its related hardware. I would put up specific law and corresponding penalties to acts of social engineering. The penalties should be serious enough to scare the attackers so that they will not perform these scams again.

For example, accessing personal information from a target individual is one grave violation of people’s privacy, but to release a virus that would destroy millions of computers around the world is also a serious crime. The introduction of a computer virus results in the destruction of the computer system itself, but more gravely, is causes theft and damage of electronic information that is very important to the victims of the crime. I would campaign for implementing a huge fine on the perpetrator of this cyber crime as well work for the mandatory imprisonment of the attacker from one to several years.

Internet usage involves access to different establishments around the world hence social engineering involves crimes and frauds that not only involve one country but the entire world. Thus I would also campaign for the establishment of international laws that will be accepted and implemented by all of the continents around the globe. This international law will take time to be established because several discussions with other countries is necessary in order to address the current situation and needs of each country.

It should be understood that certain countries has highly efficient in the use of computers hence there are certain countries that have a higher risks of experiencing cyber crimes and social engineering attacks. I would also want to suggest that a central unit be identified for this international law on cyber crime. This central unit can be established anywhere around the world and its main role is to serve as the central hub for the information on social engineering incidents around the world.

This would be the main office wherein the rest of the national centers for cyber crime would communicate with so that the entire world is advised of any new techniques of social engineering that are silently being scattered around the world. References Barrett N (1997): Digital crime: Policing the cybernation. London: Kogan Page, UK. Cialdini RB, Green BL and Rusch AJ (1992): When tactical pronouncements of change become real change: The case of reciprocal persuasion. J. Pers. Soc. Psychol. 62(1):30-40. Mitnick K, Simon WL and Wozniak S (2002): The art of deception: Controlling the human element of security. New York: John Wiley & Sons.