Alethe Denis is a social engineer who specializes in open-source intelligence (OSINT) and phishing, specifically voice elicitation or phishing over the phone. Awarded a DEFCON Black Badge at DEFCON 27 for Winning the Social Engineering Capture the Flag (SECTF) contest, she is the VP of Dragonfly Security, CFO of PENGUIN, Voice & Data Services and a Founding Member of the DC209 DEFCON Group.
She’s presented at BSides San Francisco, the Layer 8 Conference, WeAreHackerz WHackzCon and joined panels at DerbyCon and the Human Firewall Event. She will be speaking later this year at GrayHat and training at BSides Orlando.
Most recently, she and her team ‘Password Inspection Agency’ placed Second in the TraceLabs Global Missing Persons OSINT CTF V. Then came back to win the Black Badge (or 1st place) in the TraceLabs Global Missing Persons OSINT CTF VI.
Question 1: Do you think social engineering tactics such as phishing and smishing will see a decline in the future?
Alethe: Absolutely not, I believe it will be quite the opposite. Phishing is here to stay. Whether it’s over the phone, email or SMS text messages, attackers will always be ready to adapt to new communication technologies and create new ways to manipulate people into falling for their scams, cons and other types of attacks.
Question 2: What are your thoughts on social media platforms and their impact on amplifying social engineering attacks?
Alethe: Social Media is a bad actor’s best friend. From my perspective as someone who does social engineering assessments against business clients, I can say that much of the intelligence I gather during the reconnaissance portion of a project comes directly from company managed and employee managed social media posts and media.
Question 3: What’s your take on the role of Artificial Intelligence and its impact on our everyday digital lives?
Alethe: AI is a fantastic tool for a lot of use cases where manual processes can instead be completed by automated processes creating new efficiencies and improving productivity, among other things. However, like any technology, there is always a dark side to how it can be used. Ultimately the responsibility falls on the administrator.
Question 4: Do you think app developers have a moral obligation to develop apps that focus on the privacy of user data?
Alethe: I do. I know there’s quite a debate about this but I do believe that creation of apps that are both morally sound and developed ethically for ethical purposes is important.
Question 5: Have you seen ‘The Social Dilemma?’ If so, would you suggest it to Internet users?
Alethe: Yes, and it is fantastic and fascinating. I would recommend it to anyone, even if they don’t use social media. The psychology of influence and the tactics used to manipulate users into staying engaged and online are with us wherever we go. Everything from mobile gaming to advertisements online and on TV use these types of tactics to keep us focused and influence our decisions. A lot of these tactics also translate into social engineering tactics used by scammers and other bad actors.
Question 6: How do you feel about being an online privacy intelligence analyst in 2020?
Alethe: I feel that my contribution matters. Also, that I am able to give back to both my community and my clients by sharing my findings and educating people on how to avoid falling victim to potential attacks if incredibly fulfilling.
Question 7: Are you of the opinion that all Internet users must take their online privacy and security seriously?
Alethe: It’s my belief that they absolutely should. This is why it’s so important to make security awareness training accessible to everyone. I also like to make sure that I address personal security as well as business and company security in my trainings. If people adopt these practices at home, it’s only natural for them to carry them in to work with them too.
Question 8: What are your thoughts about VPNs?
Alethe: For those unfamiliar, a VPN or Virtual Private Network can seem intimidating or excessive. However, hiding your IP and encrypting your communications makes your activities private and it’s essential to good business security. While also useful for personal security, where applicable, depending on what you’re doing.
Thank you so much for the interview, Alethe. As for our readers, you can follow Alethe on Twitter: @AletheDenis. If you have any questions, do leave us a comment and we will be more than happy to cater them.
Furthermore, our next guest on the blog is the Director of Global Research & Analysis Team (GReAT) at Kaspersky, and we will be questioning him about cybersecurity and cyberattacks, and how to stay safe digitally. Until our next episode of the expert interviews then.