From Learn to be a true Social Engineer
In Communication there is always a sender and a receiver (or intended receiver). Everyone has different personal realities and each have their own world formed by their past experiences, their perceptions, their ideas, etc. Everyone perceives, experiences, and interprets things differently based on these personal realities. Any given event will always be perceived differently by different people because of this fact.
Communication is where we bring someone else into our space or bubble and share that personal reality. All participants must have some kind of concept of each other's mental location and of a possible channel of communication existing between them. They must agree sufficiently on these so that communication is taking place. This happens with all interactions, but as it is so common we do it without thinking about it. Communication can take many forms but in all communication something will be transmitted across a distance in the shared space. We can regard it as an object, a particle, or as a wave, or flow. It might be sound vibrations, rays of light, words, pieces of paper, cannon balls, body language, telepathy, or whatever.
In interpersonal communications there are several layers of the message being sent. There will often be a verbal portion, something that is being expressed in language, spoken or written. And there is also a non-verbal portion, covering everything else, most notably body language. This message, both verbal and non-verbal, is filtered through ones personal reality and they will form a concept in their reality on what the message is. Based on what the receiver perceives, and based on their interpretation of the verbal and non-verbal input, they will form a concept in their reality of what the meaning of the message is. It may mean something to them, but it may or may not be what the sender intended. In successful communication the perceived message will approximate the intended message to the sender's satisfaction. However, the sender will only know that if she receives a message back that is congruent with what she had in mind.
One can never take for granted that the receiver has the same reality as the sender. One can never take for granted that the receiver will interpret the message the same way as the sender intended it. Communication is not an absolute finite thing. Particularly, communication with language is always vague and misleading to some extent. To have effective communication one needs to take all the factors into consideration. The different realities, the space the communication takes place in, verbal as well as non-verbal messages, the intended meaning versus the perceived meaning.
History of Modeling
This brings us to forming communication models that we can use to break down vulnerabilities in the humans that are attached to the companies we are targeting. Vulnerabilities in humans are sneaky; they are hidden process of communication and all types of conversation. There are queues and messages in everything we do and how we do them. The messages come from many areas like sight, sound, touch, smell, and words. Messages are processed by the target and used to paint an overall picture of “What’s going on.” This method of assessment is called the Communication Process. This process was originally outlined by Claude Shannon and Warren Weaver in 1947.
They developed what was called "The Mother of All Models".
These models were further advanced by Adler, Laswell, Schram, Berlo and many others. The advancements created other facets to play into the communication path and further increase the level in which one could infer the origin of response and feedback.
As time went on, more and more people came with theories on how communication works. This was last explored in fractal models by Rucker and Wheatley stating that “Communication is a fractal in Hilbert space.”
If we try to simplify the core of what all these great minds had in common we can say that the basics of the communication process consist of three distinct phases.
Three Phases of Communication
In common language, Perception is the combination of our senses and the feedback we get from them being sent to our brain so that we can experience something. Oxford defines perception as: “the ability to see, hear, or become aware of something through the senses.”
Evaluation is the ability to take the feedback that you have gotten from your senses and experience and create an assessment of the situation or context. Oxford defines evaluation as: “form an idea of the amount or value of; assess”
Transmission is not just the thing that changes the engines power into turning wheels, but it is the ability to send our thoughts, perception and evaluation of a particular context to another human. Oxford defines transmission as: “cause to pass on from one place or person to another.”
With these basic phases we can breakdown most communication. This process is cyclical and will work internally and externally between you and your target.
It's pretty obvious that the communication process depends on the ability to transmit the message. The words used in communication are much like packets in a network. These ”packets” carry information from person. Just like packets and their responses, we can tell a huge amount about the target by the “signature” of their response. We have to be able to form the words and have enough "wind" (respiratory capacity) to speak, to communicate verbally. We also have to do it in a way that actually communicates what we mean or the other in the conversation will get the wrong perception. This leads us to the Structure of communication.
The Structure of Communication
Communication can also be broken down into three components:
Within the interaction the self is what is going on for you, your perceptions, and your feelings with relation to the interaction, i.e., your psychosomatic state.
The other human you are interacting with and their psychosomatic state.
The current situation you and the other are in, e.g., Fighting over a bill, arguing a topic, giving someone information about you and your company.
Gaining this understanding will give Social Engineers the ability to quickly deconstruct reactions and better move through the course of the conversation with the target user. The understanding of the communication model and the components of communication will give the engineer an ability to read the situation clearly and create emotions and reactions within the target.
The following is an explanation of the types of reactions using this model. This is formally named Communication Stances. These distinctions may also be called Survival Stances, as they are used by other humans to defend themselves in a situation where they are outmatched in some way. The stances below can be used as an active guide to resolve a situation or can also be used to reverse engineer and create attacks.
Each stance is created by the individuals within the interaction having an understanding of only portions of the Self-Other-Context components and reacting to the lack of congruence in understanding.
Communication or Survival Stances
BLAMING: Target is aware of Self and Context
When a person copes by Blaming, they seek people or things to hold responsible for any problem. This is not done to learn from mistakes, or to prevent them in the future, but to preserve its view of ones own infallibility — and the fallibility of others.
Often times you will want to take your target out of their comfort zone. This feeling of discomfort can cause the target to attempt to return to their comfort zone as quickly as possible, including engaging in actions that they otherwise would not as they are unsure how to behave in this new, unfamiliar, situation. This includes giving up sensitive information. In other situations, you may create a situation where blame rests on someone else’s shoulders but you are just the messenger.
Take the HVAC type attack. Here you can dress up in a Thrift store bought polo/work shirt and start to fake the appropriate credentials (badge, clipboard, work order, etc..). Your interactions with the target (if you get any resistance at all) will be much safer if you can blame your presence there on the home office, scheduled maintenance or some other external driving force. This will give you leverage to say things like “ Maam, I am so sorry! They do this to me all the time. The make me barge into the store after telling me that you all know I am coming. Then I show up and no one has the foggiest idea I was supposed to be here and all heck breaks loose!”. This establishes you both as victims of a third party, and you are now playing the blame game with your target and may even score a friend out of the deal.
PLACATING: Target is aware of Other and Context
A person in the situation shows undue concern for possible negative consequences. The person can be so driven by avoidance of discomfort, that it's willing to exchange it for far greater — even inevitable — discomfort in the future. When the person placates, they collectively avoid confronting issues or people, preferring instead to take full responsibility for any disappointing outcomes. This sort of behavior is often seen by those that engage in passive aggressive actions.
In this action, your target will connected to your needs and have no connection to them self. This is the perfect situation. If someone is on their knees begging for your forgiveness, it is a great time to ask for their credentials or something better. The perfect example of this is the classic attack from a supposed authoritative figure. When a SE poses as a figure of authority, the SE will use the common verification methods (spoofed caller ID, intel on access, org chart, and other vectors) to assume a plausible Executive Identity. Once assumed, the SE will force a user into a Placating stance through the use of various manipulating techniques. One idea is to create a sense of urgency around false pretense.
- “I am giving a presentation at XYZ partner (found during intel gathering) and I just got locked out of my BLEEPING VPN again. Why do you guys *target* keep locking me out? I am sick of this being a problem! I need this fixed RIGHT NOW!
By creating urgency, a sense of assumed authority and rank; you have hopefully forced the target into “I’ll do anything for you” mode.
SUPER REASONABLE: Target is aware only the Context
The "Super-reasonable" individual tries to cope while emphasizing context, usually through devotion to "objectivity or The Facts" and at the expense of human considerations or considerations of a relationship. Super-reasonable coping can lead an individual to adopt self-destructive strategies because they make sense for the "bottom line," or because they emphasize some specific organizational priorities, even if they're self-destructive.
Context takes a bit more work in SE, though it will come up almost always. This is especially true for highly technical individuals. For this exercise, we will need to have done our homework. The idea of this stance is to force the target into a corner where they will rely on “the facts” or “the stats” to get them out of the discomfort. Here are two ideas on how to use this technique.
- Winning the context: In this method the SE will create a subject or select a topic that they are statistically correct. A quick and basic example could be that you ask a user for information about the organization and they respond with “It’s against our corporate policy to give you this information.” At that point you lead them to corporate documentation that proves to them that the claim is not true. This works really well if you can create the fake corporate site ahead of time and inject your *fact* into the policy you are referencing.
- Losing the context: In this method the SE will create a situation where they must be “educated” by the target. In this event, it is good to pick a losing stance in the argument (preferably around their infrastructure). With the intelligence gathered, the SE can argue that certain things are not technically functional or not feasible at all. This will give the target an opportunity to boast about how you are wrong and how “their” environment IS set up that way. This will insert you into a specific conversation to ask more pointed questions around the topic of “how did you get X to work, or How do you have this set up? Because when I did it … it failed!”
IRRELEVANT: Target is not aware of any of the aspects.
Irrelevant coping in an individual is coping by flight. In the face of adversity, the individual copes by avoiding not only the adversity, but also any recognition of it.
For the Irrelevant target there are many possibilities. Think of this target as a blank slate. This is a good stance to force a “tough target” into. If you are having trouble transitioning a target out of one of the states listed above, this is a “plan b.” Targets who are confused or not tuned in to what’s going on will not notice the risk or indicate your actions as malicious. An example of this stance in social engineering can be developed through the exploitation of these that are in a hurry. The typical executive will be regularly running from office to office and meeting to meeting. After profiling the executive, plan a meeting point to intersect the executive on a day their calendar is moderately busy (PS, If you didn’t know, most of their calendars are online or readily available from their admins.) Add a little fun into the mix by spoofing a caller id of another executive and calling the targets cell before intercept. Upon intercept, make sure the exec is on hold. You will be amazed at how much information will be divulged just because someone is acting irrelevant.
Developing a clear model ahead of time will take research, planning and practice. When perfected it can make the difference in success or failure of any SE attack.
- ↑ http://en.wikipedia.org/wiki/Claude_Shannon
- ↑ http://en.wikipedia.org/wiki/Warren_Weaver
- ↑ http://en.wikipedia.org/wiki/Shannon%E2%80%93Weaver_model
- ↑ http://www.amazon.com/Understanding-Human-Communication-Ronald-Adler/dp/0195336127
- ↑ http://en.wikipedia.org/wiki/Harold_Lasswell
- ↑ http://www.shkaminski.com/Classes/Handouts/Communication%20Models.htm#SchrammsInteractiveModel1954
- ↑ http://www.uri.edu/artsci/lsc/Faculty/Carson/508/03Website/Hayden/berlo.htm
- ↑ 8.0 8.1 8.2 http://www.oed.com/
- ↑ http://en.wikipedia.org/wiki/Passive–aggressive_behavior