SE

Search for:


Archive for October, 2010

Gift Giving, Social Engineer Style

Tuesday, October 26th, 2010

Here is another article from our resident behavioral expert, Robin Dreeke.

Robin Dreeke, a 1992 graduate of the United States Naval Academy and former US Marine Corps Officer, has been studying interpersonal relations for the past 23 years of his government service. Through the use of non-verbal behavior; the Personal DISCernment Inventory, the Myers Briggs Type Indicator and personal anchoring, Robin has built highly effective tools for all aspects and stages of interpersonal communication. For the past thirteen+ years Robin has applied and taught his tools and techniques for the FBI as a member of the Counterintelligence Division’s elite Behavioral Analysis Program. Robin has combined all these tools and techniques and created a very unique, People Formula.

Today Robin is a recognized expert, author, and gifted lecturer, in the art of interpersonal communication.  These skills are used every day in the areas of leadership, sales, human resources and all relationships both business and personal.

In article two he discusses…

Social Engineers Utilize the “Gift Giving” Technique

Gift giving is one of the most basic of human survival functions. From the time when humans were living in caves, we gave gifts in advance in hopes we would have the favor returned trojanhorse Gift Giving, Social Engineer Stylewhen we most needed it. Early hunter gatherer society’s routinely demonstrated gift giving for survival. A hunter would share his food with others after a good kill. The hunter was hopeful that should he have a bad hunt or become injured, his earlier generosity would be rewarded by a gift of food from another hunter that felt the need to reciprocate the original generosity (Burnham T. & Phelan J., 2001).   Understanding that humans are genetically coded to reciprocate gift giving is a great advantage. A simple gift can be in the form of flattery or validation.  A simple yet meaningful compliment, if delivered in a nonthreatening manner, can be an excellent gift. The individual often receiving the gift will have a compulsion to return the gift, most often with dialogue. An accomplished Social Engineer capitalizes on these human traits.

Background

John is a successful manager for a well known defense contractor. He is in his mid-40s, has two teenage children and has been married for 20 years. John lives a comfortable lifestyle in the suburbs of an East coast metropolitan area. John is a friendly, outgoing individual who enjoys meeting new people. John is also known as an “idea guy”, always thinking of new ways of doing things and the future. John’s personality, coupled with his sharp ideas, generally has him traveling the country on behalf of his company. John typically represents his company with existing and prospective clients.

Steve is a former military officer who has spent most of his professional career interviewing and developing human sources for the purpose of overseas force protection. Following his career with the military, he was able to re-frame his skills to that of a Social Engineer. He currently works with a number of clients as a corporate intelligence gatherer. His job is to identify individuals with access to confidential company information and elicit the same. He also is able to ascertain security passwords and protocols when necessary.

Situation

Building the Desire to Reciprocate a Favor:

John was preparing to travel to a large conference that he was asked to attend on behalf of his company. While at the conference, he is going to be meeting with a prospective client that his company has recently made an open contract bid for. John made his flight arrangements and hotel accommodations. He was planning on staying at the host hotel for the conference. The meetings with the prospective client were very close to the conference venue.

(more…)

Characteristics of an Effective and Successful Social Engineer

Tuesday, October 19th, 2010

It was only a short while ago that we asked for anyone interested to send us information they want to share with the world on the topic of becoming a better social engineer.

SocialEngineer Characteristics of an Effective and Successful Social EngineerWe were put in contact with an excellent resource that has years of experience in social engineering.  Robin Dreeke, a 1992 graduate of the United States Naval Academy and former US Marine Corps Officer, has been studying interpersonal relations for the past 23 years of his government service. Through the use of non-verbal behavior; the Personal DISCernment Inventory, the Myers Briggs Type Indicator and personal anchoring, Robin has built highly effective tools for all aspects and stages of interpersonal communication. For the past thirteen+ years Robin has applied and taught his tools and techniques for the FBI as a member of the Counterintelligence Division’s elite Behavioral Analysis Program. Robin has combined all these tools and techniques and created a very unique, People Formula.

Today Robin is a recognized expert, author, and gifted lecturer, in the art of interpersonal communication.  These skills are used every day in the areas of leadership, sales, human resources and all relationships both business and personal.
Robin has written a series we will be using in the blog that will outline some key components of becoming a better social engineer.  This is our first in the series and it is entitled:

Characteristics of an Effective and Successful Social Engineer

Even though humans are guarded about giving away personal information, crafting non-alerting dialogue can elicit sensitive information because a Social Engineer is an expert at making a person feel very comfortable and a human being seeks the validation that a Social Engineer gives (Carnegie, 1939). The validation of emotional or physical feedback that boosts and ego, supports a weakness or allows for an excuse to not do their job is given.  For instance, a social engineer may tail-gate into the company and by acting and looking like the “fellow employees” he gives the security a reason to not stop him and do his job.

How often do we travel, socialize, or just interact with people we hardly know? We do it frequently enough to give away a massive quantity of personal information without realizing it. In conversation with other people, in the way we give information in public while on the cell phone or through our use of social media.

There are many aspects to Social Engineering. One characteristic is the well crafted art form of eliciting potentially compromising information from unsuspecting individuals. In the corporate world, it means potentially giving away a company’s trade secrets to competitors. This dialogue will explore the tools and techniques that a successful Social Engineer will use to illicit information from unsuspecting strangers. The first step in analyzing a social engineer is the personality of the social engineer.

Personality characteristics

The first and most important step a Social Engineer will take to ensure success is how he or she presents themselves to the surrounding environment, and most importantly their target. There are a great many books and resources about how to have a positive personal interaction with another human being. All of these books, techniques and methods are what a Social Engineer embodies. One personality trait of a successful Social Engineer is his or her ability to suspend his or her ego and appear non-threatening.

(more…)

How To Make Your Own Eavesdropping Social Engineering Tool

Monday, October 11th, 2010

Wouldn’t you just love to know how to make your own super secret spy listening eavesdropping tool that is self powered and so covert that no one will ever know it was in the room with them?  Well now you can.  We sent out a request recently for social engineers or security enthusiast to join in helping us educate our readers and listeners on cool, new and neat ways to enhance social engineering skills.  We received a very interesting post from a guy who goes by the nick “AC”.  He recently partook in the Cyber-Raid contest and did some very interesting things to take down the competition that involved some nice social engineering tools.  He teaches us how to make our own social engineering eavesdropping tool.

eavesdropping How To Make Your Own Eavesdropping Social Engineering Tool

On September 16 and 17 2010 Cyber-Raid 0 was held in Kansas City. The event was sponsored by the Kansas City InfraGard program and consisted of an exercise simulating an attack on a live network. Information security professionals were divided into two groups the red and blue teams.

The red team were the attackers and the blue team consisted of the defenders of the network. Our writer found himself on the red team and looking for an edge that would give him an unfair advantage. Upon careful review of the scope and rules he decided to take a social engineering approach.
(more…)




SE Polls

SE CTF

Brad Smith