Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Imagination … The Power of Infuence??

Albert Einstein was once quoted as saying “Imagination is more important than knowledge. For knowledge is limited to all we now know and understand, while imagination embraces the entire world, and all there ever will be to know and understand”.

I believe this is very appropriate to social engineering today, and could be what separates someone being successful or not in their abilities to persuade and influence. Remember as a child how you could imagine anything, invisible friends, a scribble on some paper could tell a life’s story, you could make anything and everything from a cardboard box and a toilet roll. To top it all off, you had every adult wrapped right around your finger. As we grow and develop into adulthood we learn new expectations on behaviour and interaction, and we struggle to observe anything that isn’t blindly obvious and poo poo the impossible.

What got me thinking about all this was some new research that has been going on around influence and hypnosis, and imagination is a key attribute to some of the success. I have been doing a small amount of research on this myself (hoping to get some video together for future talks) and I have found imagination can be a powerful frame. Those of you who have done any reading on NLP will know that imagination is a key word in language, and if you have looked into neuroscience you will know that some studies with MRI scanners have shown that when we imagine a situation, the same parts of the brain are stimulated, we can feel the associated emotions and our senses are stimulated.

So why do I think this is going to help you on your social engineering engagement, well I have three things based on the way I do things.

We all know how important the pretext is, you have done your recon and research, and you know how you are planning to approach your target. So now you have to BE your character. Imagination is an awesome way to achieve this. Imagination what it would be like for you to go about your day as this character, what would your mannerisms be, how would you handle conflict, whats your opinion on yourself and your job? This might sound obvious, but if this is the first time using this character it would be well worth sitting in a chair for 15 minutes or so and just carrying out this exercise. Then when it comes to actually doing this for real, you have been there before in your imagination, so there will be some sense of familiarisation. Its basically Déjà vu.
Utilise the imagination language. Factual information is important, however it can also be restrictive. When we include key words in conversation such as imagine, experience and feel we are requesting the mind run that scenario, asking them to mentally go on the journey we describe, or recall a similar situation of their own experience. You need to take somewhat of a gamble at times that you are going to invoke the emotions you want for your influencing desires are. If you have set yourself up as an engineer, and gaining entry is reaching some challenge, you could talk about not believing you forgot your badge, how you feel embarrassed and cant imagine the trouble your going to be in for not repairing / replacing the device. This will help to build the rapport you need to get the person on your side, to then execute other stages of your planned attack (Don’t forget your multiple outs).
If you are magically inclined like myself you may want to try out some imagination research. I have discussed before about my opinions on Hypnosis, what it is or isn’t, but I still think really its all just language. So whats my point. Well, there are constantly all sorts of Psychology studies and research going on, so I thought I would use this to my advantage. So I become the annoying research person with the clipboard, researching how good peoples imagination is, based on age, sex, industry they work in etc. This is all kinda irrelevant, but facilitates the pretext of whats coming. From here I go into the Non Trance approach of a hand stick or similar, then the name amnesia, and its during this interval before bringing the name back information of value is extracted. This information could be passwords, pin numbers, ID badge, all sorts. Everyone has different imaginations and different barriers internally so results will be varied. I am still trying to get consent for video footage to show this approach in a non targeted approach, so you can just get an idea of how it works.

So this is why I think imagination is very powerful. You may not know all the answers, you may not know what someone who actually does that role would do, but you can take a stab at it and imagine it based on your research and observations. All of which will leave you better prepared than someone who hasn’t done this. At this point I think there is value in pointing out some research on airplane crash survivors. Many survivors of plane crashes who managed to escape the wreck said the reason for the miracle escape was that they had played the scenario out in their mind many times. What would it be like, how would I get out, what would the likely route be, what obstacles would I face. So when it became reality they had better preparation, and where able to remain calmer and tackle the challenge of escape more successfully that their fellow passenger.

* Disclaimer – I share this information based on my own research and experiences. Should you decide to try out any of these techniques I am not responsible for the outcome, I say this as not everyone reacts well to being duped, and I have had people be a little peeved when they realise they have given or disclosed information, and even after explaining (and rightly so perhaps) are not the best of sports.

Subliminal Hacking at Hash Days 2011 … Swiss Security Conference

Hashdays – the premier technical security conference in the center of Switzerland organized by DEFCON Switzerland.

During 4 days the center of Switzerland will become also the center of IT security knowledge transfer. On October 26th and 27h you will be able to learn a lot in the workshops. The following 2 days (October 28th and 29th) will be full of highly technical IT security talks.

Be sure to reserve your seat early – the space is limited.

I have the pleasure of once again speaking at the awesome Hash Days Security Conference held in Lucerne Switzerland. The conference had its first outing last year and it really was a brilliant event, with great talks, workshops and attendees, it really was a good time, I even went to jail there :)

So this years talk is called “Social Engineering Like In The Movies – The Reality of Awareness and Manipulation”. On the TV and on the Big Screen we see all sorts of strange and amazing things, and when it comes to reading peoples minds, telling if they are telling a lie, or influencing someone to carry out our desires even the far out can seem possible. With the growing exposure of body language, micro expressions, and lingustic techniques sometimes we forget about actual reality. In this talk I will talk about what you can really gain when you understand body language tells, can the eyes really reveal hidden messages, and can we really get people to hand over their possesions with the right language and framing.

Social Engineering Like In The Movies – The reality of awareness and manipulation
View more presentations from dalepearson

Remember Remember … Constructing A Memory Palace

So today is the Royal Wedding, and I am sure of you hadn’t forgotten that. However as we have discussed before the memory isn’t really the best at remembering stuff, and our subconscious is only to happy to fill in the gaps with made up information to make us feel better :)

There are some individuals with mad memory retention though, Ben Pridmore, Boris Conrad and Wang Feng to name a few are world memory champions. The interesting thing is that all of us have this amazing ability to some extent, we just need a method to follow and like any skill we need to practice it.

So why is a good memory retention of benefit to you a social engineer? Well in my opinion it is very useful. One of the key skills of social engineering is being able to see the big picture and think of your feet. Sure you can use a pen and paper, but this isn’t always practical and not exactly covert. Do you not think it would be of benefit to remember badge numbers, items you see in wallets and bags, peoples names, etc that you see as your completing your engagement, as well as all the prep work.

I had heard about these memory techniques, especially in relation to magic and mentalism, however it wasn’t until I read Derren Brown’s Tricks of the Mind that I found a method that it appears I was already using to some extent but I have now developed further. This method is the loci system, simply put this method works by associating images in places you are familiar with in real life, along a route you can easily recall and associated. The loci mnemonic is often referred to as a memory palace, due to the fact you could construct a virtual palace in your mind (perhaps based on your house) and have a defined route that you can place objects on.

My personal memory palace is my local Tesco store. I have a set route when I go shopping, and its a large store with lots of space for storage, I literally have shelves of space to remember stuff. I am by no means an expert, but I am certainly better at remembering using this method than I have been in the past.

There are a few books on this subject, and I will mention these at the end. For now I will summarise how you can go about building your own memory palace, then you can try it out and perhaps save yourself a few quid on books.

First things first, to have an effective memory palace you need a decent foundation. So you need to construct in your mind your palace of choice, this could be completely fictional, however there is no doubt a real environment you know well and visualise will be much easier to utilise. You can always change and grow your memory palace, so I suggest you start of with just a room to start of with, you furniture etc, so you have somewhere to store your visual memory items.
Next you need to define how you get around. A memory palace is going to be difficult to easily recall and access information if its all over the shop, so you need a defined repeatable route (this is why the supermarket is good for me as I do the same aisles each time in a certain order) of how you travel through your memory palace, what objects you pass etc.
Now we have the foundations in place, and the route we will take around our memory palace, now we need to furnish the environment. You don’t need to use actual furniture, but it should be distinct and easy to identify and different from each other. So if initially you want to remember 10 things, you should allocate 10 different pieces of furniture so you have somewhere to place the memories. I recommend you put in as much as you can so you have room for growth in that room, and you can then add other rooms with other distinct furniture (you don’t want them to be the same as this will add confusion).
Now its all built up in your mind its time to remember everything in real detail. Do a decent amount of laps around your route, remembering all the furniture, its order on the route, really commit to it, imagine the colours, smells, what it feels like, as much detail as possible. If you have decided to completely make this up, you may want to draw a blueprint of some kind, to really help you visualise and commit everything to memory. Spend some time here, and come back often, as this is an important part of developing your memory palace.
Good to go. Hopefully now everything is in place, so now you can try it out. A good thing I find to test yourself, that isn’t super critical is your shopping list. Give yourself a reasonable test so more than 10 items, go for 20 on your first outing (make sure you have the furniture to accommodate). So place each item on you shopping list on a piece of furniture in your memory palace, circle around your route a couple of times, then head out and test it. It does not always need to be the actual item, it could be a symbol of something bigger that will trigger another memory to remind you.
Rinse and Repeat. For things you want to commit to longer term memory (perhaps an engagement in a few weeks) take some time to really explore your memory palace and be creative with what you use to trigger those memories, the more wacky the better sometimes. The more familiar you become with your palace the more memorable it will be and as a result more effective.
Getting comfortable. As you get more familiar with your palace you will find it grows and become more valuable, and you will use it for all sorts of things. You will also find you can start at any point on your route, so you don’t always need to start from point one on the router, you could kick off from point 5.
Monopoly. We have mentioned already about adding new rooms and expanding your palace is possible and encouraged, however you may have a reason to really segment your memories. In this case get yourself an additional palace, and add it to the road of memory palaces you may want to acquire over time. The process for setting up another memory palace is always the same, just remember to setup a route from one palace to another.

Hopefully you found this post of interest and your going to give it a shot. If you are dubious about the success you will have, I would like to ask you to recall the last time you left your keys somewhere, what did you do? If like most people you recalled your steps (route) that you took recently, and as if by magic you are able to focus the area of where to look. This is very similar, just alot more focused and dedicated for a purpose.

The Memory Book – Harry Lorayne
Tricks Of The Mind – Derren Brown
The Memory Palace of Matteo Ricci – Jonathan Spence
Chambers For A Memory Palace – Donlyn Lyndon
Max Your Brain – James Harrison
How To Be Clever – Ben Pridmore