2025-12-13 –, Rookie Track 1
Security professionals are no strangers to black-hat hackers' social engineering tactics, and the news is filled with well-known examples of them enabling massive breaches. But if these techniques work so well at the micro level, what happens when the same core principles are deployed by governments against millions of people at once?
This talk expands the lens through which we normally view social engineering in cyber security. Rather than focusing on isolated cyberattacks, we'll examine how propaganda, disinformation, and psychological manipulation are engineered at national and global scales, and how strikingly similar they are to the phishing emails and pretexts we warn about daily.
Ignoring the 'macro' side of social engineering is no longer an option for defenders.
This talk looks at social engineering from a "macro" perspective, showing how governments and state actors use the same psychological tricks hackers and red teams rely on, but on a national/global scale. While cyber security professionals are familiar with phishing, pretexting, and other interpersonal attacks, we rarely talk about large-scale influence operations like propaganda, disinformation, and psychological manipulation.
We'll explore both recent and historical examples of state-sponsored campaigns, showing how core social engineering principles (such as authority, reciprocity, scarcity, and social proof) are used to shape public opinion, manage behaviour, and influence adversaries. Comparing these large-scale operations with everyday social engineering techniques makes it clear that the same human vulnerabilities are at play, just amplified across millions of targets.
The talk will help attendees:
- See the connection between small-time social engineering and organised influence operations,
- Understand why defenders need to look beyond organisational or technical perimeters,
- Touch on practical ways security professionals, policymakers, and educators can respond to macro-level manipulation.
Learning security researcher and social engineering nerd.