The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Information Brokers

Information (Data) Brokers collect data and provide data mining services for various organizations such as the FBI, Credit Monitoring Services, and the DoD. These companies are a high value target for social engineers as they contain huge amounts of information that could be used to further elevate or support your SE activities. Because of relaxed regulations and federal laws much of our personal information is collected by government agencies, such as the DMV, and stored or managed by these Information Broker Companies, such as ChoicePoint.

Examples of Information Brokers

ChoicePoint

ChoicePoint Inc. is an information or data brokerage company that collects private information and then sells that to other companies for use in marketing or other legitimate purposes

KnowX

KnowX “is the place to start for finding information about businesses, people and assets, and can help you discover any critical relationships between them. Run a background check on a business, locate assets, investigate property value and more using public records from across the nation compiled from official data sources.”

DOCUSEARCH

DOCUSEARCH “is the America’s premier provider of on-line investigative solutions. Requesting investigative services has never been easier than using our web site. All functions are available with a simple point and click. Our user-friendly interface will prompt you for all the necessary data.”

LexisNexis

LexisNexis “seeks out and contracts with companies of all sizes and capabilities, from local and regional suppliers, to those with a global reach. We rely on a dedicated, competitive, world-class supplier base to collaborate with our procurement professionals and work within our infrastructure to establish the best value for LexisNexis units around the world.”

Discreet Research

With Discreet Research – you can “be your own public records researcher. You’ll feel like a pro once you log on to the Discreet Research web site. Whether you’re trying to locate a long lost relative, an old classmate or needing to check a criminal record on a shady character, this is the place for you.”

MasterFiles

MasterFiles – “provides information solutions for many fortune 500 and smalll businesses in need of the most accurate and cost-effective products and services since 1989. MasterFiles organic growth approach had spawn innovation in all fields of its expertise. It started from a two person organization that rummaged through dusty courthouse records to one that develops proprietary software platforms today. These platforms are capable of seamless communication with various database systems delivering speedy, real-time, accurate information services through a web portal.”

How Information Brokers Use Social Engineering

Information Brokers use elicitationscams, courting, and pretexting to gather data about personally information. In the book, Halting the Hacker, the author points out that an example or Pretexting. “Information brokers obtain customer account information through pretext phone calling. A broker may call and pose as a customer who has lost their account number and needs help. They will persistently call until they find someone who is willing to help.”

In the book Information Risk and Security: Preventing and Investigating Workplace Computer Crime, the author provides and example of Courting“Information brokers and other determined social engineers often use a technique known as courting. Seemingly random or chance meetings that build a rapport and a level of trust between the social engineer and the target. Over time a relationship is built and subtly pressure is applied and information gathered.”

Examples of Information Brokers Who Were Social Engineered

ChoicePoint

Criminals were able to dupe ChoicePoint into supplying them information as legitimate customers. Social engineering was used to open fake phone numbers, business licenses, and street addresses to open accounts as legitimate businesses. Because of current loop holes in laws it is difficult to determine who is using data for legitimate purposes.

DOCUSEARCH

Liam Youens obtained information about Amy Lynn Boyer from DOCUSEARCH. He contacted DOCUSEARCH on several occasions asking for information about her social-security number, telephone number and address. Each time a service provided by DOCUSEARCH was paid for and provided. DOCUSEARCH actually had some outdated information and placed a call to Boyer, through pretexting, to confirm information about her address. Unfortunately, Youens used this information to track down Boyer and fatally shoot her at her place of work.

Chris Swecker

A counterfeit check ring used identity theft and pretexting to impersonate Richard Johnson and the company name of NEXTEL to open a fraudulent account with Information (Data) Broker ChoicePoint to gain access to over 100 credit reports.

“Homeless Hacker”

Homeless Hacker – Adrian Lamo was able to penetrate the Times’ network and access a database containing personal information of 3,000 individuals. Using pretexting, Lamo opened an account through the Times’ account with LexisNexis the Information (Data) Broker and search other personal information stored on the LexisNexis systems.