SE

Search for:


Archive for the ‘Tactics’ Category

The Power of Nonsexual Touch

Wednesday, October 19th, 2011

touch pic The Power of Nonsexual TouchOften when we think about Social Engineering we think about manipulating individuals by speaking to them. We think of talking the call center employee into doing our bidding or posing as a delivery representative and talking our way onto the facilities. We rely on our eyes and ears as we navigate the world but we often forget about, or don’t give enough credit to, the power of nonsexual touch. Let’s explore the role of nonsexual touch in communication and see how it can benefit the Social Engineer.

Research shows how simple touching can increase compliance, helping behavior, attraction, and can be used to signal power. Even the slightest touch can influence the way someone thinks about you or perceives the situation. Knowing how touch can influence your target is vital information every Social Engineer should be familiar with.

A 2003 study from the Université de Bretagne-Sud in Vannes, France showed that a simple light touch on the arm increased the likelihood of strangers helping an individual from 63% up to 90%.  Similar techniques can be used to increase compliance. As an example, a study by Willis and Hamm asked individuals to sign a petition. 81% of those touched signed the petition compared to 55% who were not touched. A second and similar study asked people to fill out a questionnaire. Simply touching the individuals asked to take the questionnaire increased their compliance from 40% to 70% – How would you like those results on your next social engineering pentest?

(more…)

Posted in Tactics | No Comments »

A new level to spearphishing

Wednesday, March 3rd, 2010

A recent story on slashdot brought this to my attention and we have archived it in the social engineer archives under the new and improved spear phishing attacks section.

What struck me as interesting about this story that made me rush over here to type this up at the worst time to release a blog post on earth was the way that these attacks are being “made new”.

Heck, most intelligent IT Admins won’t click on the link to “See Britney Naked” or “Adjust your Bank of America Account” because they know it is phishing.

But comes in the “new and improved shiny phishing”. These social engineers have done their homework. They have the names of IT Admins, they have the names and details of current projects and other information that makes the emails very believable. But it doesn’t stop there, this is the part that will make you stand up and pay attention. They are not asking for a link to be clicked or a file to be run or a website to be visited…. they are merely asking for the admin to change some configurations to their servers. These changes would allow their mail servers to be used for spamming, or open up some other vulnerability in their servers.

Take a look at one such email:

---------------------------------
Dear Valued Customer,

We are pleased to announce the go-live date for a new Data Center, scheduled to go live on April 19, 2010.
Please update your firewall rules to allow SMTP traffic on port 25 from the following IP address ranges:xxx.xxx.xxx.xxx/xx (xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx)xx.xxx.xxx.xx/xx (xx.xxx.xxx.xx - xx.xxx.xxx.xxx)

If you have settings on your e-mail server which control the IPs which are allowed to connect for e-mail relay please confirm that those settings are updated as well.

We will be able to test and verify connections one week prior to April 19, 2010. Additionally, we will be proactively running connection tests prior to the launch on behalf of all customers, and contacting you directly if we are unable to connect to any of your domains from ALL specified IP addresses for that domain.

Prior to the launch of the new IP addresses, we recommend that you set up and configure the Deferral Notification alerting feature for your domains using the Deferral Notification option on the Domain properties page in the Admin Center. The Deferral Notification alert feature sends a message to you when a customized threshold has been met or exceeded for deferred e-mail in your domain. After the new IP addresses are launched, this feature will help to ensure that e-mail sent to your domains is not deferred because of unsuccessful connection attempts to your network, and that you alerted in the event that e-mail is being deferred beyond your acceptable limits. For more information on how to set up the Deferral Notification alert feature, see the Admin Center Guide in the Resource Center.

Please refer to the Configuration subtab of the Administration Center for a complete list of IPs which should be allowed to connect to your environment at any time.
---------------------

An unsuspecting admin would and they ARE falling for this wreaking havoc on networks all over.

Until next time….

Posted in Interesting SE Articles, Tactics | 1 Comment »

The Truth About Eye Contact and Detecting Deception

Monday, September 28th, 2009

For years studies have come out that link the fact that people from all cultures across the globe link the lack of eye contact with their belief the person is lying. Is this true? How can we tell?

Much research has been done in this fact. Dr. Paul Ekman and Dr. David Matsumoto have devoted their lives to researching ways to detect deception and tell if someone is lying. Recently Dr. Matsumoto wrote a blog post that included much research from social psychologist and micro-expressions expert Dr. Mark Frank. His blog post states that many videos, articles, and newscasts suggest that a person’s eye contact and/or eye gaze often times has a hidden meaning: Looking up to the right means someone is making up something. Looking up to the left means they’re remembering something. If someone isn’t looking at you, they’re lying.

So where do these doctors feel that this wrong view comes from? Dr. Matsumoto writes, “There is no simple answer to this complex question, but Dr. Frank alludes that it may be associated with children’s behavior when they lie. He states that eye contact is probably a good clue to deception with younger children – possibly due to the emotion of guilt – but that as they grow older, children learn socially that they have to maintain eye contact in order to lie successfully.”

So what is a better gauge to tell if someone is lying?  It is a good idea to first get a read on the person you are speaking to… do they look at you during normal speech? Or do they look away?  Are they nervous talkers or confident?  Knowing how they talk in normal speech will help you to see if that pattern changes when you get into “uncomfortable territory”.  If a persons pattern changes when you start asking them questions that might be hard to answer, that MAY be an indication they are lying.

New studies concluded that eye contact is not an indication of lying or truth telling.  In 2008, Dr. Stephen Porter’s of Dalhousie University published a study called “Lying? The Face Betrays Deceiver’s True Emotions, But In Unexpected Ways”.

Porter concluded that it is indeed the face that gives liars away, but not in the stereotypical ways we believe. To him “it’s not the shifty eyes or sweaty brow or an elongated nose (à la Pinocchio) the lie detector should look for. Instead, other elements of a liar’s face will give them away – ‘cracking’ briefly and allowing displays of true emotion to leak on to the face”.

Again another notch in the micro-expression door post.  Learning how to read people’s micro and macro expressions can aid in detecting deception. 

Humintell has announced they are offering training about this topic very soon.  More on that topic soon.

** parts of this blog have been reprinted from Dr. David Matsumoto’s blog with the permission of www.humintell.com and Dr. Matsumoto.

Posted in Tactics | No Comments »




SE Polls

SE CTF

Brad Smith