Abstract
Social engineering is widely considered to be one of the most significant contemporary threats to information security. Despite its ubiquitous use among online criminal subcultures and security practitioners, there exists no single agreed upon conceptualization of “social engineering.” Responses from 37 qualitative semi-structured interviews with “social engineers” are analyzed using grounded theory methods to generate a subculturally grounded understanding of the term. The results of this analysis indicate that “social engineering” is nearly indistinguishable from other forms of fraud or influence except in the manner in which participants frame the concept. Drawing from the work of Mikhail Bakhtin (1981), we argue that the concept of “social engineering” is part of a linguistic heteroglossia that reveals the subcultural values and ideologies of its practitioners which are underpinned by a computational or mechanistic worldview.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
In this study, ellipses denote instances where words were removed from a participant’s statement. Text was removed either because the participant was pausing, stumbling over his/her words, provided redundant information, to save space, or because the point could be made without the extraneous verbiage.
The Social Engineering Framework can be found at https://www.social-engineer.org/framework/general-discussion/.
References
Alexander, J., & Schmidt, J. K. H. (1996). Social engineering. In A. Podgorecki, J. Alexander, & R. Shields (Eds.), Social engineering (pp. 1–19). Ottawa: Carleton University Press.
Bachmann, M. (2010). Deciphering the hacker underground. In T. J. Holt & B. Schell (Eds.), Corporate hacking and technology-driven crime (pp. 105–126). Hershey, PA: IGI Global.
Bakhtin, M. M. (1981). The dialogic imagination. Austin, TX: University of Texas Press.
Becker, H. (1963). Outsiders. New York: Free Press.
Brown, J. J. (2008). From Friday to Sunday: The hacker ethic and shifting notions of labour, leisure, and intellectual property. Leisure Studies, 27(4), 395–409.
Brownell, B. A. (1983). Interpretations of Twentieth-Century urban progressive reform. In D. R. Colburn & G. E. Pozzetta (Eds.), Reform and reformers in the Progressive Era (pp. 3–23). Westport, CT: Greenwood Press.
Button, M., & Cross, C. (2017). Cyber frauds, scams and their victims. New York: Routledge.
Charmaz, K. (2002). Qualitative interviewing and grounded theory analysis. In J. F. Gubrium & J. A. Holstein (Eds.), Handbook of interview research (pp. 675–694). Thousand Oaks, CA: Sage.
Coleman, G. E. (2012). Phreakers, hackers, and trolls and the politics of transgression and spectacle. In M. Mandiberg (Ed.), The social media reader (pp. 99–119). New York: NYU Press.
Corbin, J., & Strauss, A. (1990). Grounded theory research: Procedures, canons, and evaluative criteria. Qualitative Sociology, 13(1), 3–21.
Cross, C. (2019). Is online fraud just fraud? Examining the efficacy of the digital divide. Journal of Criminological Research, Policy and Practice, 5(2), 120–131.
Drew, J. M., & Cross, C. (2013). Fraud and its PREY: Conceptualising social engineering tactics and its impact on financial literacy outcomes. Journal of Financial Services Marketing, 18(3), 188–198.
Durkheim, E. (1951). Suicide. New York: The Free Press.
Durkheim, E. (1982). The rules of the sociological method and selected texts on sociology and its method. New York: The Free Press.
Ferrell, J. (1993). Crimes of style. Boston: Northeastern University Press.
Ferrell, J. (2013). Cultural criminology and the politics of meaning. Critical Criminology: An International Journal, 21(3), 251–271.
Ferrell, J., Hayward, K., & Young, J. (2015). Cultural criminology: An invitation (2nd ed.). Thousand Oaks, CA: Sage.
Genosko, G. (2013). When technocultures collide. Waterloo, Ontario: Wilfred Laurier University Press.
Ghallagher, S., & Kravets, D. (2017). How did Yahoo get breached? Employee got spear phished, FBI suggests. ArsTechnica. https://arstechnica.com/tech-policy/2017/03/fbi-hints-that-hack-of-semi-privileged-yahoo-employee-led-to-massive-breach/. Accessed March 22, 2019.
Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory. Chicago: Aldine Publishing Company.
Grabosky, P. (2001). Virtual criminality: Old wine in new bottles? Social and Legal Studies, 10(2), 243–249.
Graebner, W. (1987). The engineering of consent. Madison, WI: The University of Wisconsin Press.
Gray, J. (1842). An efficient remedy for the distress of nations. Edinburg: Adam and Charles Black.
Hadnagy, C. (2011). Social engineering: The art of human hacking. Indianapolis: Wiley.
Hadnagy, C. (2018). Social engineering: The science of human hacking. Indianapolis: Wiley.
Hatfield, J. M. (2018). Social engineering in cybersecurity: The evolution of a concept. Computers & Security, 73, 102–113.
Heidegger, M. (1977). The question concerning technology and other essays. New York: Harper Perennial.
Himanen, P. (2001). The hacker ethic. New York: Random House Inc.
Holt, T. J. (2009). Lone hacks or group cracks. In F. Schmalleger & M. Pittaro (Eds.), Crimes of the internet (pp. 336–355). Upper Saddle River, NJ: Pearson Education.
Holt, T. J. (2010). Examining the role of technology in the formation of deviant subcultures. Social Science Computer Review, 28, 466–481.
IC3 (Internet Crime Complaint Center). (2019). 2018 internet crime report. Retrieved July 15, 2019 at https://pdf.ic3.gov/2018_IC3Report.pdf.
Krebs, B. (2014). Target hackers broke in via HVAC company. Krebsonsecurity.com. https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. Accessed February 2, 2019.
Lakoff, G., & Johnson, M. (1980). Metaphors we live by. Chicago: University of Chicago Press.
Lapsley, P. (2013). Exploding the phone. New York: Grove Press.
Larsson, B., Letell, M., & Thörn, H. (2012). Transformations of the Swedish welfare state. In B. Larsson, M. Letell, & H. Thörn (Eds.), Transformations of the Swedish Welfare State: From social engineering to social governance? (pp. 3–22). New York: Palgrave Macmillan.
Layton, E. T. (1971). The revolt of the engineers. Cleveland: The Press of Case Western Reserve University.
Leukfeldt, E. R. (2017). The human factor of cybercrime and cybersecurity. The Hague: Eleven International Publishing.
Levy, S. (1984). Hackers. New York: Penguin.
Maurer, D. W. (1940/1999). The big con. New York: Anchor Books.
McClymer, J. F. (1980). War and welfare: Social engineering in America, 1890–1925. Westport, CT: Greenwood Press.
McLeod, K. (2014). Pranksters. New York: NYU Press.
Mitnick, K., & Simon, W. L. (2002). The art of deception. Indianapolis: Wiley.
Orth, M. (1971). For whom Ma Bell tolls not. Los Angeles Times. http://www.historyofphonephreaking.org/docs/orth1971.pdf. Accessed March 10, 2018.
Popper, K. R. (1945). The open society and its enemies: The spell of Plato. New York: Routledge & Kegan Paul Ltd.
Rosenbaum, R. (1971). Secrets of the little blue box. Esquire 117–125, 222–225. http://www.historyofphonephreaking.org/docs/rosenbaum1971.pdf. Accessed March 10, 2018.
Schaffer, S. (1999). Enlightened automata. In W. Clark, J. Golinski, & S. Schaffer (Eds.), The sciences in Enlightened Europe (pp. 126–165). Chicago: University of Chicago Press.
Sennett, R. (2008). The craftsman. New Haven, CT: Yale University Press.
Steinmetz, K. F. (2016). Hacked: A radical approach to hacker culture and crime. New York: NYU Press.
Sutherland, E. H. (1937). The professional thief. Chicago: University of Chicago Press.
Taylor, F. W. (1914). The principles of scientific management. New York: Harper & Brothers Publishers.
Thomas, D. (2002). Hacker culture. Minneapolis: University of Minnesota Press.
Thompson, S. (2006). Helping the hacker? Library information, security and social engineering. Information Technology and Libraries, 25(4), 222–225.
Tolman, W. H. (1909). Social engineering: A record of things done by American industrialists employing upwards of one and one-half million of people. New York: McGraw Publishing Company.
Truitt, E. R. (2015). Medieval robots. Philadelphia: University of Pennsylvania Press.
Verizon. (2017). 2017 Data breach investigations report. https://www.phishingbox.com/downloads/Verizon-Data-Breach-Investigations-Report-DBIR-2017.pdf. Accessed March 22, 2019.
Warnick, B. (2004). Technological metaphors and moral education: The hacker ethic and the computational experience. Studies in Philosophy and Education, 23(4), 265–281.
Zetter, K. (2015). Teen who hacked CIA director’s email tells how he did it. Wired. https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/. Accessed March 22, 2019.
Zinn, H. (2003). A people’s history of the United States. New York: HarperCollins.
Zuboff, S. (1984). In the age of the smart machine. New York: Basic Books.
Acknowledgements
The authors would like to thank Daniel (pseudonym) for looking over a previous draft of this manuscript.
Funding
This work was supported by the US National Science Foundation (Grant Number SES-1616804).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Steinmetz, K.F., Pimentel, A. & Goe, W.R. Decrypting Social Engineering: An Analysis of Conceptual Ambiguity. Crit Crim 28, 631–650 (2020). https://doi.org/10.1007/s10612-019-09461-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10612-019-09461-9