The Importance of Information Gathering

default-featured-image

Our friend and contributor Matt was kind enough to put into writing a few stories from his law enforcement days. This excellent example shows how important it is to pay attention to the little details when information gathering. Sometimes the littlest details can make or break the story…..

I got into work one Saturday morning and was immediately called out to a home invasion. It was summer and I really didn’t want to be working as it was very nice out, but duty calls. It was 8:30 in the morning when I arrived at the victim’s house. The house was a multi-level home – not very big, but not very small. It was a fairly nice, quiet neighborhood and the house sat near the top end of a cul-de-sac.

When I got there, two male deputies and a female sergeant had spoken with the victim already. They relayed his story and I had a look around. The house wasn’t torn apart, but a few items were in disarray. There was a good amount of blood on the wall of the stairs leading up to a bathroom and the bedrooms. Only a few items were missing: a TV, the computer including monitor, keyboard, and mouse, and the victim’s wallet. There were other valuable items that weren’t taken.

After looking around, I started asking the victim a few questions. He was about 45 years old and had a pretty good black eye and some other bumps and bruises. Normally, when I would ask someone to tell me their story, I would ask them to start at the beginning. I don’t want to determine the beginning for them. Here is his story, starting from his beginning.

“I dropped my wife off at the airport on Thursday afternoon since she went to visit some family. I came home and hung out for a while. I went to bed that night, but didn’t go to work on Friday. I’ve had horrible back problems and I’m on muscle relaxants and pain killers. And yeah, I like to drink a little bit, so I had a couple of drinks too. Somewhere between 8 and 8:30pm last night, a guy and a girl I’ve never seen before open my front door and walk in. I start to yell at them and the man hits me in the face. They made me go upstairs in the bathroom and he tied me up. They kept yelling at me and the guy hit me a few more times. They took some stuff and then they left. I didn’t see what they were driving and the whole incident is a little hazy. I don’t really remember too much of it.”

So there is his story. Looking at the entirety of the situation, things didn’t make sense to me. There were seven red flags that popped up in my mind…

Red flag 1: The victim didn’t report the crime until 12 hours later. If someone had broken into your house and beat you up, wouldn’t you call the police right away?

Red Flag 2: Wife just left to go out of town. Interesting…nothing happens when she’s around, but she leaves and all hell breaks loose? This was also important as it was the beginning of his story. Normally an event like this would begin with the intruders entering the house.

Red Flag 3: Time and Location. The house was on a cul-de-sac. It was at the top of a circle and had other houses facing it. It was 8pm on a summer day which meant that it was still pretty light out. If anyone arrived at the house and went in, surely there was a chance they would be seen. The house was not randomly chosen.

Red Flag 4: Items stolen. I had never seen anyone steal a keyboard and mouse along with the computer tower. The fact that other valuable items were not taken was also an issue.

Red Flag 5: Intoxication. The victim had been taking pills and was drinking.

Red Flag 6: Front Door was unlocked. This may not be a red flag to everyone, but the victim didn’t go to work and had a car in the garage. Suspects generally aren’t that lucky to find unlocked doors.

Red Flag 7: The presence of the female sergeant was distracting for him. Whenever she walked into view, he would turn his head away and begin to mumble. He didn’t want her to hear his story.

Any one of these items aren’t a huge issue on their own, but put them together and you have the perfect storm of BS. Several things pointed to the story being incomplete, so to get to the truth I had to ask questions and draw out more information. I couldn’t just call him a liar (since he was a victim after all) and I used leading questions to get to him to finally admit. I decided to focus on the computer being taken and asked him questions about it. It turned out that the key question was asking him what types of things he does on the computer. He slowly admitted he looked at online porn which led to him admitting he had “ordered” prostitutes in the past. Getting the rest of the story was easy.

Here’s what really happened: The victim thought he would have a little fun since his wife was gone. He went online, found an adult website, and contacted an escort. She showed up, they had their fun, and she left. Half an hour later the two suspects showed up and beat and robbed the victim. He was scared, embarrassed, and didn’t want to get into trouble with either the police or his wife. The escort called her associates and told them about an easy “mark” who was too drunk to stop them. They took the computer since this was how the victim originally found the escort.

Now, is this the complete truth? I doubt it, but it makes a lot more sense than the original story.

There were a lot of little things that went into making a determination on the truth. I made a few assumptions and inferences before the victim ever opened his mouth. The questioning wasn’t as important as the initial information that lead to the right questions to ask. The surrounding environment and location were almost more important than what the victim actually said. Without the initial information, his story wouldn’t have seemed quite so out of place.
—-

Thanks Matt and we look forward to the next story.

Social Engineering in the news

default-featured-image

It brings to light some very interesting facts…. malicious social engineers are looking at what is “bothering” people and then offering information and/or solutions if “you just click here.” Everything from money help for the economic woes people are experiencing right down to cures for the H1N1 Virus. It makes a further valid point, that the users are the ones who are to blame.

Ask The Social Engineer

default-featured-image

Do you have questions you want answered from a social engineer, about social engineering or learning how to become a social engineer? Send them in and we might just use yours for the next column.

Liar, Liar your hands are on fire….?

default-featured-image

Probably one of the hottest topics for social engineers is how to detect who is lying and how to improve your ability to fool your targets. Today we picked two articles to discuss about this topic briefly.

Offensive Security Exploit Archive Online

default-featured-image

After a short and intense setup, we are ready to present the Offsec Exploit Archive. We’ve recreated the milw0rm database, updated it and are now accepting submissions. The purpose of the site is to provide researchers and security enthusiasts a repository of exploits, and when possible, the relevant affected software. We’ve started the party by Continue Reading >

Interrogation Tactics and Social Engineering

default-featured-image

When we decided to do the release of our first podcast we had many people who were skeptical about Interrogation and Social Engineering actually meshing.  Heck a lot of people where even sure if they could ever be tied in. Well we did it.  We found a willing participant, Matt Churchill.  He was not only Continue Reading >