The technique was then demonstrated to a breathless audience of hundreds, as a hacker on the stage rang up the Directory Enquiries department of the local telephone company (Nynex, as the conference was in New York) and proceeded to persuade the female operator that he was working in another part of the company but the computers had gone down, and could she look up the Reverse Number and Address (RNA) list to find out what address a particular number came from?
All phone companies have RNA databases, but they are carefully protected, and access to them is carefully monitored. But it took no more than three minutes for the hacker to charm the operator - commiserating at having to work on a Sunday, at the hassles with the computers going down - into looking up a number on the RNA system and reading out the address. (If you're not impressed, try it with BT.)
Social engineering often means discovering important peoples' personal details - such as names and birthdates of spouses or children (in order to guess passwords). Or it might entail finding out what version and make of operating system a particular department uses (in order to exploit any faults in it, or even to send a fake "improvement" which lets the hacker in). All are among the techniques hackers have used.
The key point about social engineering is that it is applied to the people in an organisation who have maximum access to information but the least direct involvement in controlling that information - such as the hapless telephone operator targeted by the hacker. (Other favourite targets are secretaries, especially temps.) The moral? Attacks on computer systems do come over phone lines but often in voice, rather than data, form.
Correction: Last week's description of RISC omitted to mention Acorn's Archimedes, launched in 1987, which was the first personal computer to contain a RISC chip.Reuse content