This post is for two people by design.
The first is the person who doesn't understand Social Engineering, but has a general understanding of the Bible.
The second is the person who understands Social Engineering well, but does not understand the Bible or the purpose of the inspired book. This is for the person who views it as being a flawed book about outdated laws, rules, or children's stories that escape the test of logic and scrutiny, such as Noah's Ark, or Jonah spending 3 days in the belly of the whale, or for those that are pretty sure it says something about "money being the root of all evil". Spoiler alert...read 1 Timothy 6:10 to see that the Bible doesn't actually say that.
The goal of this post is not to convince anyone of anything. It is simply to share the thoughts that came to me while listening to a sermon that briefly mentioned the interaction between the "serpent" and Eve in the Garden of Eden, then a quick thought that led to a more in depth review of these fairly obscure verses.
Social Engineering is simply "using interactive tactics that make you successful in ulterior motives".
A good social engineer knows what the rules, or generally accepted practices are through reconnaissance and research. In Gen 2:16 We see what "ground rules" were set by God. Here is that verse. Read it closely! And the Lord God commanded the man, saying, “You may surely eat of every tree of the garden, 17 but of the tree of the knowledge of good and evil, you shall not eat, for in the day that you eat (Or when you eat) of it you shall surely die.”
Satan knew what the "rules" were, he also knew that Eve was somewhat sketchy on knowing what God actually said. God spoke to the man, so we can assume that Eve only knew what Adam had told her about this forbidden tree. Modern day Social Engineers do the same thing. They capitalize on human behavior and the probability that certain people don't truly understand the important instructions that they are supposed to follow and why. Don't give out a password over the phone, don't hold the door open for that nice man whose hands are conveniently full of boxes, even though he doesn't have a badge and you've never seen him before.
Here is how things went down in Gen chapter 3 verse 1. He (the serpent, aka the devil) said to the woman, “Did God actually say, ‘You shall not eat of any tree in the garden’?” 2 And the woman said to the serpent, “We may eat of the fruit of the trees in the garden, 3 but God said, ‘You shall not eat of the fruit of the tree that is in the midst of the garden, neither shall you touch it, lest you die.’ ” 4 But the serpent said to the woman, “You will not surely die. 5 For God knows that when you eat of it your eyes will be opened, and you will be like God, knowing good and evil.” Did you catch that? The Social Engineer can use a tactic of exaggeration and misdirection at times with a simple word like "any".
Things get lost in translation, and unless you understand "The Grapevine" like Johnny Dangerously. Only listening to a man interpretation of things, etc will get you in trouble with understanding God's ways. Never heard of Johnny Dangerously, or the Grapevine? Check this short clip out! http://www.youtube.com/watch?v=aFII-edH-Yo.
God addressed Adam, not Eve as far as we see in scripture anyway. Either Adam explained it improperly, or Eve did not really pay attention to what he said. Social Engineers know this and capitalize on it.
Exaggeration emphasizes things to make us feel we are missing out. He uses the "art of misdirection". He said "you shall not eat of the fruit of any tree in the garden". A big twisting of what God actually said. Eve didn't understand God's expectations, so she defended what she could do. A good social engineer strokes your ego, by first framing an extreme version of what "you can't do", getting you defensive and prepared to prove that you can actually do what is not in your best interest to do....read that twice! This is where a teenager proves they can engage in dangerous activity that the parent told them not to engage in, often to unintended and negative consequences. You want a non-Christian themed movie to be successful? Post an outraged message to a couple of social network sites and get Christians talking about how bad and evil the movie is! You will generate enough buzz to ensure all the rebellious teens go see it despite the warnings from church and parents...think of Harry Potter. There is a lot of free advertising to gather and Social Engineers know this! For the record, I have nothing against the Harry Potter series!
The next thing is significance. People will not protect what they don't realize is important. Eve didn't understand the significance of "the tree of knowledge of good and evil". She referred to it as"the tree that is in the midst of the garden". You know it's just "that tree". She also added that she couldn't even "touch" it. We have no record of God ever saying that they couldn't touch it. There are churches full of these false rules that have been taken out of context and misunderstood. "Cut your hair above your ears", "women can't wear pants", "don't ever go to a movie", etc. Now the ultimate social engineer can demonstrate, "see you touched the tree and your still alive, if you eat you'll be okay too". Just like a real life social engineer, they put together several pieces to their scam with no visible effect, lulling us into a sense that "everything is all right. We can trust this person, etc"
Exaggeration emphasizes things to make us feel we are missing out. He uses the "art of misdirection". He said "you shall not eat of the fruit of any tree in the garden". A big twisting of what God actually said. Eve didn't understand God's expectations, so she defended what she could do. A good social engineer strokes your ego, by first framing an extreme version of what "you can't do", getting you defensive and prepared to prove that you can actually do what is not in your best interest to do....read that twice! This is where a teenager proves they can engage in dangerous activity that the parent told them not to engage in, often to unintended and negative consequences. You want a non-Christian themed movie to be successful? Post an outraged message to a couple of social network sites and get Christians talking about how bad and evil the movie is! You will generate enough buzz to ensure all the rebellious teens go see it despite the warnings from church and parents...think of Harry Potter. There is a lot of free advertising to gather and Social Engineers know this! For the record, I have nothing against the Harry Potter series!
The next thing is significance. People will not protect what they don't realize is important. Eve didn't understand the significance of "the tree of knowledge of good and evil". She referred to it as"the tree that is in the midst of the garden". You know it's just "that tree". She also added that she couldn't even "touch" it. We have no record of God ever saying that they couldn't touch it. There are churches full of these false rules that have been taken out of context and misunderstood. "Cut your hair above your ears", "women can't wear pants", "don't ever go to a movie", etc. Now the ultimate social engineer can demonstrate, "see you touched the tree and your still alive, if you eat you'll be okay too". Just like a real life social engineer, they put together several pieces to their scam with no visible effect, lulling us into a sense that "everything is all right. We can trust this person, etc"
Social Engineers are result driven with a goal in mind and they are also very patient. The result of the serpent's tactics resulted in what is known as "the fall of mankind", at least in Christianity. The same can result in a fall of your organization (financial, reputation, etc), if sensitive information is exposed and people get tricked into a social engineer's trap.
What does this have to do with me?
What does this have to do with me?
To counter the social engineer, you need to be aware of the truth, what is acceptable, what is sensitive, realizing that what you say or hand over can get the "adversary" closer to his goals. Good security comes from awareness, systems that thwart the social engineer and a knowledge of truth (policies) to make it more difficult for them to be successful.
In a spiritual sense, the ultimate Social Engineer was successful with his human exploit in this story. He tricked Eve and ultimately Adam to do what God did not want them to do.
In a spiritual sense, the ultimate Social Engineer was successful with his human exploit in this story. He tricked Eve and ultimately Adam to do what God did not want them to do.
Thankfully God is smarter than the serpent and offers "eternal security" for those who simply put their confidence and hope in Christ. His sacrifice reversed the finality of the battle known as "the fall" and won the war against the ultimate social engineer when he died on the cross for our sins.
If you just balked at the last sentence, the ultimate social engineer just tricked you into missing out God's design for us to experience eternal security.
If you just balked at the last sentence, the ultimate social engineer just tricked you into missing out God's design for us to experience eternal security.
Securing information assets and protecting them from social engineers is not easy and the consequences can be severe. However, your soul is arguably more valuable than any asset you will ever protect, yet we often miss the point, or get distracted by our biased understanding of spiritual things.
I will not try to convince you that the greater asset at stake is your soul and your eternal security, but it may be worth looking into.
