The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Framing

Wikipedia defines Framing as information and experiences in life that alter the way we react to decisions we must make. If we dissect this a bit more from a non-social engineer point of view first, framing is our own personal experiences and the experiences of others that we allow into our conscience minds to alter the way we make decisions. An example of this is how grocery stores will put “75% lean” on a package of ground meat as opposed to “25% fat”. They mean the same thing but one is more appealing to the buyer and it will alter their decision to buy.

Areas Framing is Used

Politics

Framing has long been used in politics. Simply the way campaigns or messages are worded can make a huge difference in the way the public perceives this message.

Consider for example:
George Lakoff a professional cognitive linguist had some interesting observations on framing in politics. For one, “Counterterrorism as law enforcement” vs. “Counterterrorism as war”. When the attacks on September 11, 2001 in New York USA occured Colin Powell argued that they should be treated as crime. When the public demanded more action, stricter policies, then President Bush announced the “War on Terror” campaign. Another example is the program in the USA called “Social Security”. It implies that a program can be relied upon to provide security for the future.

Yet another example is the difference in the terms “Bailout” versus “Economic Stimulus.” Bailout met with lots of opposition as it can paint a word picture of bailing water out of a sinking boat. Yet Economic Stimulus paints the mental picture of helping the economy by stimulating the economy. Both programs did almost the same thing, but simple wording made it more acceptable.

Decision Making / Marketing

The term “Frame of Reference” which is defined as: a set of ideas, conditions, or assumptions that determine how something will be approached, perceived, or understood can be used to understand how framing is used here.

Anything that can alter our perceptions or the way we make decisions can be called framing. A friend tells us that last week they went to town and took this certain route and it was backed up for 10 miles due to some construction. Many of us might take a longer route to avoid the potential delay.

We gave an example above of the meat that is sold as 75% lean instead of 25% fat. This is a perfect example of such framing. Our minds are designed to not like “clutter” or chaos and to try and make order out of the things we see or hear. What is order? That depends on our frame.

A great example of this can be found in this image:
Gestalt1 Framing

Our mind insist on finding patterns in things. This contributes to learning and development of insight, but is greatly affected by our frame of reference and what is in our conscience to make that decision. In the image above which is the image and which is the background for you? Can you alter your reality and reverse it from what you saw at first?

What about in this image:
FedEx Truck Framing

Do you see the arrow? How many years have most of us seen this truck but never have seen the arrow?

Need a closer shot?
 Framing

Now that you see it, you will see it forever. This form of framing uses a hidden logo to make a point about their services. It is there to communicate movement, speed and the dynamic nature of the company.

Four types of Frame-Alignment

Wikipedia has some information on the 4-types of frame alignment: frame bridging, frame amplification, frame extension and frame transformation.

  1. Frame bridging involves the “linkage of two or more ideologically congruent but structurally unconnected frames regarding a particular issue or problem”
  2. Frame amplification refers to “the clarification and invigoration of an interpretive frame that bears on a particular issue, problem, or set of events” (Snow et al., 1986, p. 469). This interpretive frame usually involves the invigorating of values or beliefs.
  3. Frame extensions represent a movement’s effort to incorporate participants by extending the boundaries of the proposed frame to include or encompass the views, interests, or sentiments of targeted groups.
  4. Frame transformation becomes necessary when the proposed frames “may not resonate with, and on occasion may even appear antithetical to, conventional lifestyles or rituals and extant interpretive frames” (Snow et al., 1986, p. 473).

When this happens, new values, new meanings and understandings are required in order to secure participants and support. Goffman (1974, p. 43–44) calls this “keying” where “activities, events, and biographies that are already meaningful from the standpoint of some primary framework transpose in terms of another framework” (Snow et al., 1986, p. 474) such that they are seen differently. There are two types of frame transformation:

  1. Domain-specific transformations such as the attempt to alter the status of groups of people, and
  2. Global interpretive frame transformation where the scope of change is quite radical as in a change of world views, total conversions of thought, or uprooting of all that is familiar (e.g. moving from communism to market capitalism; religious conversion, etc.).

 

Framing in Social Engineering

As social engineers our goal is to gain information that will lead to a successful breach of security. Framing can be used to manipulate information that the target will receive to prod them into making decisions the way we want them to. For example, a test done in 1981 by two psychologists Tversky and Kahneman where they presented subjects with a question about disease prevention. The first problem given to participants offered two alternative solutions for 600 people affected by a hypothetical deadly disease:

  • treatment A saves 200 peoples’ lives
  • treatment B has a 33% chance of saving all 600 people and a 66% possibility of saving no one.

These decisions have the same expected value of 200 lives saved, but option B is risky. 72% of participants chose option A, whereas only 28% of participants chose option B Another group of participants were given the same scenario with different statistics:

  • option C in which 400 people die
  • option D has a 33% chance that no people will die but a 66% probability that all 600 will die.

This outlines that when questions where framed with a positive spin the people generally chose life as opposed to negatively framed questions. As social engineers we would need to practice these skills to slant our questions and statements towards the frame we want our targets to be in. To professionally frame questions to have the maximum effect we can follow these principles.

  • Phrase each question so it has only ONE purpose that is clearly focused
  • Avoid technical language that will confuse the target or cause withdrawal
  • Frame questions that will help you discern the targets behavioral type (are they analytical, expressive, Amiable)
  • Ask ourselves, “What do I want to know with this question?”

Introducing a new thought by masking it in a question is a key way to lead the target down a path. In schools many times teachers will use this. For example, “Does ice float because water expands when it freezes?” This introduces the ideas that 1) ice floats and 2) water does expand.

To illustrate, when we want to grep through a large list of data to pull out a certain subset of information the more detailed our grep the better. We can grep just name and get all the information we want and have to dig deeper manually. Yet if we grep for last name smith, address 123 Main street, state CA, Country USA… we are more likely to hit the target with one press of the enter button.

Questions that are framed properly are much like this. If we want to obtain information on a certain type of security device we can ask, “Where can I get some info on security devices?” or we can ask, “What resources are there available to help me find information on security devices that can handle XYZ protocols?”

If trying to obtain personal information from a secretary who has a family photo out you can ask, “What is your child’s name?” That creepy, weird question may close the door quickly. Even if it is answered it may not allow for more questions. Whereas, “Is this your oldest child?” may elicit not only a good response but a plethora of information about other children she may have.

Learning to frame our questions and even our responses is a skill that can set you apart from the average social engineer. Practice makes perfect.