Social-Engineer.Org : Security Through Education

For almost 3 years the team at Social Engineer has been bringing you the best in Social Engineering information and education.  Social Engineering information, tips, tricks, research, which eventually has branched off and created live, in-person, intensive training classes. As the new year gets into full swing we wanted to highlight some of our upcoming events and announcements.

Chris “loganWHD” Hadnagy will be conducting a round table open discussion at RSA this year. The topic of his panel is “Social Engineering – Is it the Biggest Threat?” Social Engineering (SE) is a hot topic that has gained a lot of notoriety in recent attacks.

(more…)

Not too long ago the announcement about an Internet Sponsorship Law, SOPA, basically caused the Internet to blow up with people voting, supporting, and showing how much they disliked this proposed bill. The way the “Internet Community” came together is a lesson in mass influence itself, but we are going to focus on a different aspect of this drama.

The hacktivist group Anonymous reared its head in this debate to show it’s disdain for any law that would censor or prohibit the use of the Internet, and they do so using a form of social engineering.

One of the less influence based forms of social engineering involves drawing people to a website that is either loaded with malicious software/code or has downloads that are dangerous or infected. Apparently, Anonymous used this form of social engineering to create, in essence, one of the world’s largest botnets full of unsuspecting participants.
(more…)

Unless you are starring in the next “Planet of the Apes” this Holiday season, you will undoubtedly find yourself surrounded by humans. Many situations may arise from company parties, family get-togethers, to year end celebrations. These events provide you with a perfect test bench to try out your social engineering skills. Take advantage of the fact you will be submerged into groups of people, some familiar, some not.

Sadly, your family will insist you not be on IRC during the holiday festivities. I know, crazy, right? It is what it is, so make the best of it. In this blog we will recap some previously explained techniques and give you handy suggestions on how you can put these skills and knowledge to the test. You can even make a game out of it!
(more…)

We have previously written about how to read other poker players and determine the strength of their hand by using various Social Engineering techniques. In this article we will discuss ways to use Social Engineering to trick and deceive the other players to give yourself an advantage on the table.

Poker is a unique game at a Casino. Unlike every other game in the Casino, in poker, you are playing against the other players as opposed to playing against the house like in Black Jack, Craps, Roulette, etc. As you analyze the game and really understand poker, you quickly realize that it’s not a card game, it’s a people game.

Here are some famous quotes from Poker players, professional and amateur:

“If, after the first twenty minutes, you don’t know who the sucker at the table is, it’s you.”  ~David Levien and Brian Koppelman, Rounders

“The commonest mistake in history is underestimating your opponent; it happens at the poker table all the time.”  ~David Shoup

“In a game of poker, I can put the players’ souls in my pocket.”  ~Beausourire

“Poker is… a fascinating, wonderful, intricate adventure on the high seas of human nature.”  ~David A. Daniel

(more…)

Often when we think about Social Engineering we think about manipulating individuals by speaking to them. We think of talking the call center employee into doing our bidding or posing as a delivery representative and talking our way onto the facilities. We rely on our eyes and ears as we navigate the world but we often forget about, or don’t give enough credit to, the power of nonsexual touch. Let’s explore the role of nonsexual touch in communication and see how it can benefit the Social Engineer.

Research shows how simple touching can increase compliance, helping behavior, attraction, and can be used to signal power. Even the slightest touch can influence the way someone thinks about you or perceives the situation. Knowing how touch can influence your target is vital information every Social Engineer should be familiar with.

A 2003 study from the Université de Bretagne-Sud in Vannes, France showed that a simple light touch on the arm increased the likelihood of strangers helping an individual from 63% up to 90%.  Similar techniques can be used to increase compliance. As an example, a study by Willis and Hamm asked individuals to sign a petition. 81% of those touched signed the petition compared to 55% who were not touched. A second and similar study asked people to fill out a questionnaire. Simply touching the individuals asked to take the questionnaire increased their compliance from 40% to 70% – How would you like those results on your next social engineering pentest?

(more…)