Danger: Dopamine Addiction

People like to be appreciated and know they are good at what they do. This goes for social engineering pentesters, too. We are contracted to think like the bad guys but are actually the good guys. This means we don’t post the details of a cool hack we found to get through a specific organization’s security over social media. Embarrassing a client is never good business! Despite the fact that SEs don’t often get to discuss their success story specifics of clients, we can get swept away in the high of validation just by being good at what we do. This means we can get caught up in the same neurotransmitter high that we rely on to encourage information out of others. The more information we elicit from the person, the more validated we feel about our own skills, thus increasing our dopamine levels. The trick is to not get so caught up in it that you can’t see when it is time to walk away.

A recent article in TIME talks about the effect a simple text alert has on our brains even when we are doing something else, like driving (Worland, 2014). That innocuous sound stimulates the brain and dopamine is released because we feel happy to be noticed.  The problem is that dopamine has a downside, one that SEs use to their advantage all the time: it makes you do stuff you know you really shouldn’t do. Even though people know they shouldn’t text and drive, they do it anyway, in part because they become addicted to the flow of dopamine. Another article on the same topic proposed that the problem isn’t that people need to be informed of the risks (they know they shouldn’t text and drive), the real problem is getting people to admit that THEY are the ones with a problem (Mamiit, 2014).

 Dopamine Addiction

The same thing can happen to SEs when we are successful at eliciting information; we lose sight of the fact we are getting a dopamine high too, and can be blind to our own addiction to it.  At Social-Engineer, we call this “managing your expectations” so you know when to walk away before you “crash” and possibly blow the whole assignment. You have to be aware of that voice in the back of your mind reveling in your success and goading you on for just one more piece of info, and then you have to ignore it and walk away. We know the risks of continuing on with the pretext but the natural high makes us take the risk, anyway. And like any addiction program, the solution starts with knowing the problem exists. We need to admit that as human beings, we are just as susceptible to the feeling we get from the validation-high, and then we need the self-control to protect ourselves from falling prey to the same foibles as those we might be targeting.

Repeat after me: I am a social engineer. I can get addicted to feeling good about my work. I need to have the awareness and self-control to know when to walk away from a perfectly validating and chatty target.

Not so hard, right? The trick is remembering it in the moment and acting on it. Somewhere Kenny Rogers is singing and I’m walking away from this post.

Stay safe by knowing and respecting your limits!

Sources:
http://www.techtimes.com/articles/19689/20141108/blame-it-on-dopamine-heres-why-people-text-and-drive-despite-being-aware-of-risks-involved.htm
http://time.com/3561413/texting-driving-dangerous/” target=”_blank” rel=”noopener noreferrer”>http://time.com/3561413/texting-driving-dangerous/”> http://time.com/3561413/texting-driving-dangerous/
https://www.social-engineer.org/newsletter/Social-Engineer.Org%20Newsletter%20Vol.%2004%20Iss.%2042.htm