Back

A History of Social Engineering: From Mass to Interpersonal to Masspersonal

"Social engineering" is quite familiar to hackers. Instead of breaking through encryption or utilizing a zero-day exploit, it's often easier to get a password or network access by simply asking for it. It can be done over the phone, via email, or even in an in-person visit. The approach is often highly targeted, designed for a specific individual. This form of social engineering began among the phone phreaks in the 1970s, and by the 2000s, it has become a professionalized practice, complete with a systematized process of gathering OSINT, developing pretexts, engaging, and writing up reports.

This presentation explores two less-familiar areas of social engineering. First, there will be a look back to a time before the phone phreaks and hackers to another group of people who called themselves social engineers: late 19th and early 20th century social reformers and public relations professionals, specifically Edward Bernays and Doris Fleischman, who developed the "engineering of consent" program of using mass media to persuade people to adopt ways of thinking. This earlier form is referred to as mass social engineering, in contrast with the phone phreak and hacker version of interpersonal social engineering. Robert and Sean will look forward beyond the hacker form of interpersonal social engineering to consider a contemporary, emerging mixture of these two forms that are called masspersonal social engineering.

While the phreaks and hackers often targeted individuals, and the consent engineers targeted masses, masspersonal social engineering is a new form that leverages social media to target individuals on a mass scale. It relies on interpersonal, hacker social engineering techniques, but it has societal-shaping ambitions. A key example of this new form is the Russian election interference campaign of 2016.

Overall, this presentation places hacker social engineering into a larger historical context and shows how social engineering is a serious matter, not only for organizational security but also for geopolitics.