Magicians and Hackers: Social Engineering 101

Hackers have a special mystique. According to Hollywood, they might sit down at a computer, attempt to type in the password and get in by the third guess. Or maybe they have to navigate through a rendered three-dimensional computer world to discover secrets. The truth is, a lot of hackers don't need to go to such lengths — they get valuable information from living, breathing people.

It's called social engineering, and it's an effective way to get information or access without ever having to crunch any code. While it's important to have a strong security system, it's equally critical to train people how to use the system responsibly and recognize when someone is trying to pull a fast one.


A simple example of social engineering could be a hacker posing as an information technology consultant. She could gain access to a company's equipment just by contacting an employee, explaining that it's time to upgrade equipment and requesting the login information to complete the transition. If the employee hands over that login information, the hardest part of hacking into a system is over, and the hacker can begin snooping around.

But hackers don't even need to talk to you to use social engineering. It's common for people to rely upon insecure passwords — often the word “password” itself. Hackers know this and take advantage of it. Magicians do the same thing: They understand which behaviors are the most common and bet on the safe odds when performing a trick.

Many magicians use patter to misdirect an audience, guiding its attention to a specific point in space at a specific time. Meanwhile, all the sneaky magic stuff is happening outside of the audience's focus. Playing along with magicians is fun — we see the results and are entertained. But with a hacker, the result isn't nearly as amusing.

We interviewed magician Brian Brushwood about social engineering while we were at South by Southwest. Check out the video above to see what he has to say about the tricks of the trade.