🕵️HUMINT

Introduction

Human Intelligence (HUMINT) refers to techniques used to gather intelligence through human resources.

However, one of the main problems of HUMINT is to check the veracity of the information, as there is a risk of obtaining false information, leading us down contradictory paths.

Piggybacking & Tailgating

Piggybacking consists of getting access into a restricted area with the permission, in most cases obtained by deception, of an authorised person. Meanwhile, tailgating consists of an intruder following an authorised person closely in a reserved area unnoticed, waiting for the victim to open the door with their credentials and, before the door closes, taking advantage of this to enter inside.

Eavesdropping

Listen to a face-to-face conversation secretly to gather information. For doing so, a typical example would be the use of bugs, an electronic listening device, physically placed in a home or office.

Shoulder surfing

The attacker will try to sneak a peek to try to find out a password/PIN or any other information that could be useful. This attack is facilitated by the concentration of people in certain places, such as public transport, where proximity to victims allows an attacker to look at the screen of a mobile device.

Office snooping

It is taking advantage of the absence of a worker to snoop in his workplace all the visible and accessible information that the worker has left due to overconfidence. This not only consists of post-its and papers but also the session itself that has been left open, being able to access the victim's email, files or corporate applications and install control or monitoring programs.

Baiting

Disperse physical media with malware where the victim can easily see it. Later on, the victim will insert the flash drive into work or home computer, being the malware executed automatically or by the victim.

References

Last updated