Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Can Liars Really Control Their Facial Expressions?

The University of Buffalo has released more evidence that liars under intense scrutiny cannot suppress their facial expressions of emotion.  Recently, the reliability of microexpressions in lie detection has come into question.  ABC has reported on the perceived validity of microexpressions and their use by the TSA.

The scientific truth is that there are seven universal facial expressions of emotion.  These expressions can and do appear on a person’s face as microexpressions and are very helpful in detecting deception as verified by Dr. Matsumoto in the article “Evaluating Truthfulness and Detecting Deception”, which appeared in the June issue of the FBI Law Enforcement Bulletin.

The article cites renowned facial expert Mark Frank, who has spent two decades studying the faces of people lying in high stakes situations.  The study published earlier this year in the Journal of Nonverbal Behavior, examines whether subjects could suppress facial actions like eyebrow movements or smiles on command while under scrutiny by a lie catcher.

Carolyn M. Hurley, PhD, lead author of the study and Frank, co- author of the study, found that these actions can be reduced, but not eliminated, and the suppression of one element of expression resulted in reduction of all facial movement, regardless of their implications for veracity.

This new study “Executing Facial Control During Deception Situations” found that although liars can reduce facial actions during intense situations such as questioning, they can’t suppress them all.

“As a security strategy,” Frank says, “there is great significance in observing and interpreting nonverbal behavior during an investigative interview, especially when the interviewee is trying to suppress certain expressions.”

An interesting side note is that most of the participants believed that they had controlled all of their facial movements during their interrogations.

What are your thoughts on the veracity of microexpressions in truth accuracy aka deception detection?

Let the Truth Be Told!

Is deceit an intrinsic part of the human emotional condition?

No doubt, it has become an accepted part of human culture.  From the little white lies we tell our kids everyday , ‘yes Santa Clause is real and you have to be sleeping for the tooth fairy to come’, to the exaggerated facts on our resumes, lying has become a part of human social nature.

TV shows as well as literature from the Bible to Shakespeare are filled with exaggerations, contradictions and sometimes bold face lies.   Lying seems to be a lucrative business.

Has a piece of human nature become public enemy number one?  Well, in a word, yes!  However, we don’t just want to be able to recognize deception, we want to stop it before it even occurs, we want to battle human nature and win.

According to Nature Magazine, the U.S Department of Homeland Security has developed a Future Attribute Screening Technology (FAST) designed to spot a criminal before they commit a crime.  In essence, to stop deception before it comes to fruition.  We blogged about this technology in its infancy and it was very interesting to say the least.

Similar to a lie detector, which is not admissible in many courts of law throughout the world, FAST measures a series of physiological indicators such as heart rate, steadiness of gaze etc. In effect judging a person’s “state of mind” while they walk down an airport corridor.

There are significant differences from the polygraph and FAST.  FAST uses non-contact sensors and does not depend on active questioning of the subject.  This new device has undergone preliminary testing in an undisclosed location in the northeast.

However, many researchers point out that the “normal anxieties of travel” are enough to raise the heart rates and stress levels of most people.

What are your thought/opinions on this new “science”?

Social Engineering 101 Workshop … Hash Days 2011 Lucerne Switzerland

This year I have the honour of giving a workshop at Hash Days 2011 in Lucerne Switzerland. The course will run on the 26th and 27th October 2011, coffee breaks, snacks and lunch will be provided, all located at the Radisson Blu in Lucerne. All attendees will receive full copies of the workshop slides including notes, and will have the opportunity to have 1 to 1 discussions with myself to discuss other related workshop topics that they would like more information on.

Registration is now open, so CLICK HERE TO REGISTER

Course Details :

Overview :
All  organizations  have  one  vulnerability  in  common  and  that’s  the  staff.  People  are  valuable  in
making  an  organization  function  but  sadly  the  wetware  is  vulnerable  to  attack.  In  this  course  we
will  look  at  how  to  exploit  those  vulnerabilities.  Attendees  will  cover  the  fundamentals  required
on  a  social  engineering  engagement,  such  as  the  approval  and  planning  stages,  information
gathering  and  execution.  However,  the  main  focus  of  the  course  will  be  the  subliminal  hacking
skills.    In  this  course,  we  understanding  how  the  mind  works  and  why  it’s  vulnerable,  and  how  to
exploit  it  as  well  as  how  language  is  a  powerful  influencer.  Body  language  will  also  be  discussed,
how  to  read  it  and  use  to  our  advantage,  as  well  as  how  to  build  and  operate  a  successful  pretext.
The  subject  of  ethics  is  often  raised  in  connection  with  many  manipulation  techniques,  so  we
shall  also  touch  upon  this,  as  well  as  how  you  can  reduce  the  risk  of  being  social  engineered
yourself  or  your  company.  We  will  also  cover  useful  tools  for  information  gathering,  as  well  as
handy  equipment  whilst  on  the  job,  this  course  is  not  intended  to  teach  you  how  to  run  ports
scans,  exploit  application  vulnerabilities  and  drop  shell,  its  about  how  to  hack  the  mind  and
influence  the  situation  to  your  meet  your  goal.
You  do  NOT  need  any  previous  experience  to  Social  Engineering  or  Penetration  Testing.  If  you
have  thirst  for  knowledge  and  an  open  mind  to  new  possibilities  this  course  is  for  you.
Learning  Objectives:

What  is  social  engineering
Authorization  and  Scoping  Documents
Information  Gathering  Techniques
Engagement  Methodology
Reporting
Mind  /  Brain  Vulnerabilities
Psychological  Approach
Linguistics  /  NLP  /  Hypnosis
Body  Language  /  Micro  Expressions
Elicitation  /  Rapport
Persuasion  /  Influence  /  Manipulation
Pretexting  –  Being  THE  social  engineer
Engagement  mediums  –  Phone  /  Email  /  Face  2  Face
Ethical  and  Moral  Concerns
Handling  Failure
Social  Engineering  Risk  Reduction
Defense  Strategies  for  your  Business
Tooling  for  the  job

Who  Should  Attend: 

Pen-­-testers  who  want  to  get  into  Social  Engineering
Anyone  who  is  responsible  for  Information  Security
Anyone  who  is  curious  in  learning  techniques  to  influence
Company  personnel  responsible  for  security  awareness

Hardware  Requirements:  

Laptop  (Netbooks  not  preferred)
Windows  OS  (Physical  or  VM)
Ability  to  run  VM’s  (VM  Player,  etc)