Xbox 360 Hoaxes, Social Engineering, and Gamertag Exploits

In its most basic form, social engineering can best be summarized as the art of manipulation. By convincing another individual to divulge sensitive information or permit access to a restricted location, the hacker´s ruses unsuspecting participants to achieve their goal. In his book, The Art of Deception, Kevin Mitnick, the infamous hacker and one time FBI fugitive, asserts that humans are the biggest threat to security. So, if humans are the Achilles´ heel or weakest link in security, it is only logical that when trying to gather information or gain access, taking advantage of unsuspecting humans is the best place to begin. This research will discuss how the Kevin Mitnick style of social engineering might not be needed when most of the personally identifying information is online. Social engineering might not be able to obtain the same type of information from Data at Rest (DAR) and Data in Motion (DIM). Furthermore the paper will analyze the privacy and identity disclosure in virtual societies, specifically the Xbox 360. Swatting, stolen accounts, kicking, and identity theft will be discussed.