It was only a short while ago that we asked for anyone interested to send us information they want to share with the world on the topic of becoming a better social engineer.
We were put in contact with an excellent resource who has years of experience in social engineering. Robin Dreeke, a 1992 graduate of the United States Naval Academy and former US Marine Corps Officer, has been studying interpersonal relations for the past 23 years of his government service. Through the use of non-verbal behavior; the Personal DISCernment Inventory, the Myers Briggs Type Indicator and personal anchoring, Robin has built highly effective tools for all aspects and stages of interpersonal communication. For the past thirteen+ years Robin has applied and taught his tools and techniques for the FBI as a member of the Counterintelligence Division’s elite Behavioral Analysis Program. Robin has combined all these tools and techniques and created a very unique, People Formula.
Today Robin is a recognized expert, author, and gifted lecturer in the art of interpersonal communication. These skills are used every day in the areas of leadership, sales, human resources and all relationships both business and personal.
Robin has written a series we will be using in the blog that will outline some key components of becoming a better social engineer. This is our first in the series and it is entitled:
Characteristics of an Effective and Successful Social Engineer
Even though humans are guarded about giving away personal information, crafting non-alerting dialogue can elicit sensitive information because a social engineer is an expert at making a person feel very comfortable and a human being seeks the validation that a social engineer gives (Carnegie, 1939). The validation of emotional or physical feedback that boosts an ego, supports a weakness or allows for an excuse to not do their job is given. For instance, a social engineer may tail-gate into the company and by acting and looking like the “fellow employees” he gives the security a reason to not stop him and do his job.
How often do we travel, socialize, or just interact with people we hardly know? We do it frequently enough to give away a massive quantity of personal information without realizing it. In conversation with other people, in the way we give information in public while on the cell phone or through our use of social media.
There are many aspects to social engineering. One characteristic is the well crafted art form of eliciting potentially compromising information from unsuspecting individuals. In the corporate world, it means potentially giving away a company’s trade secrets to competitors. This dialogue will explore the tools and techniques that a successful Social Engineer will use to elicit information from unsuspecting strangers. The first step in analyzing a social engineer is the personality of the social engineer.
The first and most important step a social engineer will take to ensure success is how he or she presents themselves to the surrounding environment, and most importantly their target. There are a great many books and resources about how to have a positive personal interaction with another human being. All of these books, techniques and methods are what a social engineer embodies. One personality trait of a successful social engineer is his or her ability to suspend his or her ego and appear non-threatening.
These two things sound easy at first glance, but how many individuals can actually not correct someone when we know they are wrong? How about intentionally saying something incorrect so the other person will correct us? Or, simply have a story to share that is not nearly as good or interesting as the individual speaking with us? All of these items and more are the starting points of what makes a social engineer effective. Most of the human beings in the world think they are an expert in many things, relative to the individuals around them. An effective social engineer will identify these topics and validate the individual’s belief in his or her own sense of greatness (Carnegie, 1939). When individuals are exchanging social dialogue, there sometimes arises a desire to have a better story to tell (Nolan, 1999). An alert social engineer identifies these topics and plays to it.
The second way a social engineer appears non-threatening is nonverbally. A practiced social engineer will always present a smile, just for you. As they approach, the smile will come alive because they saw you, no one else. He or she will also have plenty of open and ventral displays to nonverbally indicate they are listening to you. The easiest way they do this is to speak with a slight head tilt and with their palms facing up when discussing topics. When first contact is being established with a target, the social engineer will keep his or her body bladed slightly away so as not to seem too intimidating. He or she may even create an artificial time restraint such as, “Hi, I only have a minute before I have to meet my friends. I don’t know much about art, may I ask you your opinion about that painting on the wall?” This type of dialogue is non threatening because the social engineer states he is leaving. He or she is also asking an opinion because he or she doesn’t know about art. This is one of hundreds examples. The last key to the dialogue described was that the social engineer wasn’t asking the target information about the target, such as, ‘What is your name? Where do you work, etc?” The social engineer is also not talking about himself or herself. Let’s face it; no one really cares to hear about you.
Lastly, the social engineer will use his or her voice effectively. The social engineer will have a slightly slower tempo, so as not to have the appearance of overselling the topic that is being discussed. The social engineer will have good modulation, tenor, and vibrato to their voice. These characteristics give the voice a very soothing and calming effect. Ultimately, the voice helps the social engineer reinforce that he or she is a safe and good person to converse with.
Overall, the effective social engineer has knowledge of their own personalities and how to mitigate his or her own weaknesses and strengths in this environment. Only when they are effective and not raising the defensive personality shields of a subject will the social engineer be successful. Some very useful tools in the area of self awareness are assessment instruments such as the Myers Briggs Type Indicator (MBTI) and the Personality Discerment Instrument (PDI). There are numerous websites that offer these assessments online for a fee. I prefer these because they also allow me to figure out how the target prefers to take in information, process information and communicate that information to the rest of the world.
Utilizing this knowledge, a social engineer can rapidly make an individual feel at ease. These personality matching techniques are the first step a social engineer will take to lower an individual’s guard against disclosure of personal information. The next post will discuss…….(can you add…)
The next post will discuss reciprocal altruism, more commonly know as gift giving.
Carnegie, D. (1939). How to win friends and influence people. New York, NY: Simon and Schuster.
Nolan, J. (1999). Confidential: Business secrets – getting theirs, keeping yours. New york, NY: Yardley – Chambers.
By: Robin K. Dreeke contact Robin via email at [email protected]