The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

GPS Trackers

This month we were sent the SpyHawk SuperTrak GPS Worldwide Super Trackstick USB Data Logger to review. This device is interesting as it attaches to a vehicle and does NOT need a clear line of site to the sky to work. We did a few tests to see how it would work and it passed every one of them.

Initial Install

Installing the software needed to make the device run was painless. It installed without any problems and the set up afterwards was equally as painless. The screen is very intuitive and easy to set up:

SoftwareScreen.jpg

As you can see, you can choose how often it logs, time zones and even more.

Device Usage

The device itself is light weight, easy to use and hide. It comes with an on/off switch but has some pretty neat technology. It runs off of vibrations. When it feels movement it turns on and starts logging. If movement stops for a period of time it stops logging.

The directions tell us to hide it somewhere with the powerful magnets against metal but the device pointing up or towards plastic. Our first run we were worried about testing the strength of the magnets and didn’t want to lose the device. So I stuck it under the hood in a secure location.

Even through the metal of the hood it logged perfectly. Here are a few more pictures of locations in tests we have done and how unnoticeable it is.

We also did another test where the “victim’s” car was unlocked and we were able to get to the trunk. In the trunk we attached it to the metal under the carpet by the rear lights. We were curious how it would work. In this test we had it run for over 5 days collecting data. It collected times, speeds, distance, locations. Take a look at some of the data:

Data1.jpg

Looks like our “victim” likes to speed from the image above.

Data2.jpg

Data it tracks routes based on dates

MapData1.jpg

Notice a Google Earth Map – Each icon shows speed, times, time stopped and more

MapData2.jpg

It creates nice maps of the whole route

Closeup.jpg

Can even get close ups

Once the device is in place for a social engineering pentest, just make sure you can get it back without busting a window, 🙂

Using the Data

This is where we really see a great benefit to this device.

Imagine you are tasked with auditing a company for security and maybe you want to target the CEO. One day as you are scoping out the office you see him pull in. You take a little stroll through the parking lot and attach this device to his car. A couple days later when you obtain it and pull up the maps you find out every morning at 6:30am he stops at the Starbucks on 3rd for 20 mins. He then goes to the gym on Main St for 45 mins. After that he takes the scenic route to work arriving around 8:30am. Having this information can put you in the right time and place to copy his RFID badge, social engineer him while on the treadmill next to him, over hear his phone conversations in Starbucks. All of this done without having to stalk him like the creepy guy next door.

Look at the screen of data:

SoftwareScreen.jpg

Notice the detail… you see the speed he drove, the time he stopped, the date he stopped. Want to see the location in more detail, click Google Maps:

Map5.JPG

Want to see his whole route.. no problem, just export his whole route to many options

Map4.JPG

Want to see it in Google Earth?

Map3.JPG

This device can be very useful in a social engineering audit and we recommend checking it out at: http://www.spyassociates.com/spyhawk-supertrak-gps-worldwide-super-trackstick-usb-data-logger-p-2020.html