Laporan Praktikum

ANTAR JARINGAN

No NIM Nama Prodi

1. 13322030 Ronaldo Julius Siregar D3TK

6 Maret 2024

Institut Teknologi Del

Jl. Sisingamangaraja, Sitoluama, Laguboti
Kabupaten Toba, Sumatera Utara
 DAFTAR ISI
Daftar isi tidak dibangkitkan secara manual.

DAFTAR ISI.............................................................................................................................. 2
Objective .................................................................................................................................... 3
Resources ................................................................................................................................... 3
Instructions ................................................................................................................................. 3
Step 1: Research Social Engineering Examples .................................................................... 3
Question: ........................................................................................................................... 3
Answers: ........................................................................................................................... 3
Step 2: Recognize the Signs of Social Engineering .............................................................. 4
Question: ........................................................................................................................... 4
Answer: ............................................................................................................................. 4
Step 3: Research Ways to Prevent Social Engineering ......................................................... 5
Answer: ............................................................................................................................. 5
References .................................................................................................................................. 5

2
Lab – Social Engineering
Objective
In this lab, you will research examples of social engineering and identify ways to recognize and
prevent it.

Resources
• Computer with internet Access

Instructions
Step 1: Research Social Engineering Examples
Social engineering, as it relates to information security, is used to describe the techniques used by
a person (or persons) who manipulate people in order to access or compromise information about
an organization or its computer systems. A social engineer is usually difficult to identify and may
claim to be a new employee, a repair person, or researcher. The social engineer might even offer
credentials to support that identity. By gaining trust and asking questions, he or she may be able to
piece together enough information to infiltrate an organization's network.
Question:
Use any internet browser to research incidents of social engineering. Summarize three examples
found in your research.
Answers:
- Eksperimen Milgran (1961)
Eksperimen milgran merupakan sebuah eksperimen yang mengeksplorasi sejauh mana
seseorang untuk mau mentaati otoritas, bahkan jika itu melibatkan tidakan yang bertentangan
dengan nilai dan moral. Eksperimen ini dilakukan di Yale University, Amerika Serikat.
(Milgram, 1963)
- Eksperimen Zimbardo di Penjara Stanford (1971)
Seseorang yang bernama Philip Zimbardo melakukan simulasi penjara di Stanford University
untuk meneliti efek psikologis dari peran penjara dan tahanan. Eksperimen ini menunjukkan
bagaimana lingkungan dapat memengaruhi perilaku individu. (Zimbardo, P. G., Haney, C.,
Banks, W. C., & Jaffe, 1973)
- Pengaruh Sosial Media pada Pemilihan Umum (2016)
Manipulasi psikologis melalui kampanye politik online dan berita palsu di media sosial menjadi
fokus perhatian selama Pemilihan Umum Amerika Serikat 2016. Penggunaan data pengguna
Facebook oleh Cambridge Analytica adalah salah satu contohnya. (DiResta, R., & Shaffer,
2018)

3
Step 2: Recognize the Signs of Social Engineering
Social engineers are nothing more than thieves and spies. Instead of hacking their way into your
network via the Internet, they attempt to gain access by relying on a person’s desire to be
accommodating. Although not specific to network security, the scenario below, described in
Christopher Hadnagy’s book, The Art of Human Hacking, illustrates how an unsuspecting person
can unwittingly give away confidential information.
"The cafe was relatively quiet as I, dressed in a suit, sat at an empty table. I placed my briefcase
on the table and waited for a suitable victim. Soon, just such a victim arrived with a friend and
sat at the table next to mine. She placed her bag on the seat beside her, pulling the seat close
and keeping her hand on the bag at all times.
After a few minutes, her friend left to find a restroom. The mark [target] was alone, so I gave
Alex and Jess the signal. Playing a couple, Alex and Jess asked the mark if she would take a
picture of them both. She was happy to do so. She removed her hand from her bag to take the
camera and snap a picture of the “happy couple” and, while distracted, I reached over, took
her bag, and locked it inside my briefcase. My victim had yet to notice her purse was missing
as Alex and Jess left the café. Alex then went to a nearby parking garage.
It didn’t take long for her to realize her bag was gone. She began to panic, looking around
frantically. This was exactly what we were hoping for so, I asked her if she needed help.
She asked me if I had seen anything. I told her I hadn’t but convinced her to sit down and think
about what was in the bag. A phone. Make-up. A little cash. And her credit cards. Bingo!
I asked who she banked with and then told her that I worked for that bank. What a stroke of
luck! I reassured her that everything would be fine, but she would need to cancel her credit
card right away. I called the “help-desk” number, which was actually Alex, and handed my
phone to her.
Alex was in a van in the parking garage. On the dashboard, a CD player was playing office
noises. He assured the mark that her card could easily be canceled but, to verify her identity,
she needed to enter her PIN on the keypad of the phone she was using. My phone and my
keypad.
When we had her PIN, I left. If we were real thieves, we would have had access to her account
via ATM withdrawals and PIN purchases. Fortunately for her, it was just a TV show."
Remember: “Those who build walls think differently than those who seek to go over, under,
around, or through them." Paul Wilson - The Real Hustle
Question:
Research ways to recognize social engineering. Describe three examples found in your research.
Answer:
- Phishing
Penyerang mencoba memperoleh Informasi pribadi atau login dengan cara menyamar sebagai
entitas terpercaya melalui email, pesan teks, maupun situs web palsu. (Dhamija, R., Tygar, J.
D., & Hearst, 2006)
- Vishing (Voice Phising)
Penyerang menggunakan Teknik perekaman suara atau panggilan telepon untuk dapat
memanipulasi korban dan memperoleh Informasi rahasia atau melakukan Tindakan tertentu.
(Jakobsson, M., & Myers, 2007)

4
 - Pretexting
Penyerang menciptakan cerita palsu atau scenario untuk meyakinkan korban agar mau
memberikan informasi rahasia maupun mengambil Tindakan lain. (Jagatic, T. N., Johnson, N.
A., Jakobsson, M., & Menczer, 2007)

Step 3: Research Ways to Prevent Social Engineering

Does your company or school have procedures in place to help to prevent social engineering?
If so, what are some of those procedures?
Answer:
- Pelatihan kesadaran keamanan
- Mensimulasikan Upaya Rekayasa Sosial
- Tingkatkan penyaringan spam melalui gerbang email
- Menerapkan kebijakan seputar penggunaan media social
- Menerapkan kebijakan yang tepat untuk prosedur utama
- Otentikasi multi-faktor
- Pantau sistem kritis 24/7
- Manfaatkan sistem ssl

Sumber: https://www.stickmancyber.com/cybersecurity-blog/8-ways-organisations-prevent-
social-engineering-attacks

References
Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why Phishing Works. 581–590.
https://www.scirp.org/reference/referencespapers?referenceid=71502
DiResta, R., & Shaffer, K. (2018). The Tactics & Tropes of the Internet Research Agency.
https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1003&context=senatedocs
Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing.
Communications of the ACM. 94–100. https://dl.acm.org/doi/10.1145/1290958.1290968
Jakobsson, M., & Myers, S. (2007). Phishing and Countermeasures: Understanding the Increasing
Problem of Electronic Identity Theft.
https://www.academia.edu/50610535/Phishing_and_countermeasures_understanding_the_incre
asing_problem_of_electronic_identity_theft
Milgram, S. (1963). Behavioral Study of obedience. The Journal of Abnormal and Social Psychology.
371–378. https://psycnet.apa.org/doiLanding?doi=10.1037%2Fh0040525
Zimbardo, P. G., Haney, C., Banks, W. C., & Jaffe, D. (1973). The Stanford prison experiment: A
simulation study of the psychology of imprisonment.
https://www.veronaschools.org/cms/lib02/NJ01001379/Centricity/Domain/588/simplypsychology.
org-Zimbardo__Stanford_Prison_Experiment.pdf