Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Hiding in plain sight… Playing it loud and proud

Happy New Year. 2011 has already gotten off to a hectic start for me, as I type this I am still in California working, but looking forward to flying back at the end of the week.

In the last week I have tried out something a little different, and wanted to share my thoughts with you on the matter this month. We have discussed before about the importance of rapport, building those relationships and the fact we like people who are like us, and we like people who like us. With this in mind we tend to try to fit in with our surroundings, look the part so that we can blend in and go unnoticed.

However, what if we went for something almost completely the opposite. What if we didn’t look to sneak under the radar, instead we looked to stand out, stand out so much everyone would remember us. I am talking LOUD and PROUD.

Now I am not saying this is a situation that would suit every engagement, but in certain circumstances I think it can be an approach worth investigating.

In my scenario I found it worked very well in a shared building. I am sure many of you will be familiar with this setup. A large corporate looking building, a central reception, and several floors all occupied by different organisations. On each floor there will then be local receptions, but very often no turnstyles etc to bypass just straight on entry. True possibly an easy target, but a great example to experiment.

So let me get on with my point of loud and proud. If you were to see someone with their best hawaiian holiday shirt, shorts, messenger bag, and iPod on full blast what would you be thinking…… I am hoping you are thinking crazy courier type guy?? If you X-Factor delusions you might want to sing along to your selected Kylie track :)

What I have observed in this scenario is that staff, especially reception staff will allow you to go unnoticed. You are the common sited, crazy courier dude, who no one really wants to talk to, and they just want you to get in, deliver your package, and sod off :)

I think this approach may work best in the US where in my opinion (not to be Americanist) people are more colourful in their outfit selection, and the warmer weather is more tolerable of your best Magnum Hawaiian special.

Like all social engineering engagements, you need to be aware of what will work culturally, and what will play best to you as an individual and the pre-text you are working from. The take away I really want people to take from this is the following, sometimes playing it safe isn’t the most obvious approach, and getting a little more creative and flamboyant, although making your more noticeable, may actually have that more stealthy approach your seeking.

Give it some thought, experiment, and share your opinions.

Quick deception links from December 2010

Here are the deception-related crimepsychblog tweets from last month.

Technology-facilitated deception detection (brain scans and machines that go ping):

Thermal Imaging as a Lie Detection Tool at Airports http://retwt.me/1QhzC
New research on fMRI-based deception detection measures’ vulnerability to countermeasures http://retwt.me/1QbCJ
Article on fMRI in court is one of Nature News top stories of 2010. Well worth a (re)read. http://retwt.me/1QfBJ
New research: Improving efficacy of Concealed Information Test? “Denoised P300 & machine learning-based CIT method” http://retwt.me/1QbCC
Psychophysiological Response Pattern in Symptom Validity Testing Arch Clin Neurology http://retwt.me/1QbDE
Great write-up of a rare study of fMRI countermeasures (via @ResearchBlogs) How To Fool A Lie Detector Brain Scan http://goo.gl/fb/7oNFv
Free access: The Polygraph and Forensic Psychiatry (Don Grubin) J. American Academy of Psychiatry & Law http://retwt.me/1QggR
Beliefs, predictions and shortcuts in the deceitful brain (Uni of Cambridge article): http://bit.ly/eK1rVw
Ocular motor deception detection technology http://secprodonline.com/articles/2010/09/01/seeing-through-the-lies.aspx
Frequent truth telling makes lying more difficult, but frequent lying makes lying easier. http://is.gd/hQeIM
Articles on cognitive neuroscience of confabulation, free access til Feb 28 (scroll down ->symposia) http://ht.ly/3qYl8
“When volunteers suspected they were being lied to activity levels rose in dorsomedial prefrontal cortex” New Scientst http://retwt.me/1Qcgj

Interviewing (deception detection the good ole fashion’d way):

Eliciting Cues to False Intent: A New Application of Strategic Interviewing http://retwt.me/1QhzA
Influence of Investigator Bias on the Elicitation of True & False Confessions http://retwt.me/1QhzB
Looks & Lies: Physical Attractiveness in Online Dating Self-Presentation and Deception. Communication Research 37(3) http://retwt.me/1QgIz

And some other deception-related stuff that caught my eye:

From Scientific American: What Makes An Honest Smile Honest? http://bit.ly/hkX7HN
Can deception be a life skill? http://bit.ly/e4jYYk
@evbasedmummy discusses how and why parents lie to their children http://is.gd/ivosZ
Cricket’s old boys are proposing lie detectors as a way to combat corruption: http://ht.ly/3q4KH Sigh
Great summary of the DWP ‘Lie Detector’ trials from @Unity_MoT http://tinyurl.com/2366dlg. Big sigh.

Scout Motto… Always be prepared

Apologies its been a few weeks since I posted, what with starting a new day job, and many many things to sort out at home I have struggled to get the time and the mindset to get something written.

So I thought I would do a quick post on how important it is to always be prepared, dib dib, dob dob and all that :) This might sound obvious but a key part of social engineering is research, as obviously as this may be many social engineers spend little time doing thorough information gathering.

This information gathering is vital to increase our chances of success. With this information we can get information about the target organisation, how it interacts with other organisations and the public. We can identify specific key subjects, and then gain information on them and their social connections, preferences, and history.

This then gives us the ability to create informed believable pretexts, and improves our ability to think on our feet, adjust accordingly and make some what informed decisions. Social engineers often overlook these points and I can understand why, the reality is that we are so often unchallenged in our engagements that we don’t have to think on our feet to much, and when it does happen perhaps we can bluff and fluff our way through.

I am sometimes cocky myself and don’t do the right level of prep work, and being sloppy can lead to disaster. As we continue to educate and bring awareness to the masses about social engineering, I really hope that companies and Joe Public will become more aware and more challenging, meaning that social engineers finally have to up their games.

Give this some thought, and don’t forget to do your homework. Next year I aim to put some posts together on Open Source Information Gathering and the information that can be revealed.