August Newsletter 

Volume 03 Issue 35  

In this issue

  • Priming: For Better or Worse
  • Social-Engineer News
  • Upcoming Classes
  • What's coming...
  • Social Engineering Penetration Tests

Social-Engineer News

The first ever Black Hat Social Engineering Class went amazing.  Watch for all the Vegas Details coming soon!


Check out the schedule of upcoming training on Social-Engineer.om


Social-Engineer.Com has launched their Social Engineer Penetration Testers course. It is literally the first of it's kind. As a subscriber to the newsletter you are getting first dibs on knowing where and what is happening.

REGISTER NOW!

Nov 2012 Bristol UK - Some Seats Still Available

Detroit MI - March 4-8, 2013

We are limiting the number of attendees in each class to 22 and under, so first come first serve.

  • 5 days of ground breaking training
  • The Social Engineering Penetration Testing Course guide
  • Special tools to enhance your SE practice
  • A Chance to take the first ever Social Engineering Pentesting Certification
  • Lots more

If you want to ensure your spot on the list register now - Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of Chris Hadnagy's Best Selling Book:  Social Engineering: The Art of Human Hacking?

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now! 
 


UNSUBSCRIBE by sending an email to [email protected]




Check out the awesome music of Dual Core - IT geek, Rapper and all around awesome guy...


To contribute your ideas or writing send an email to [email protected]





What's coming up..

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

Want to say thank you to our sponsors this month

- Spy Associates for continually giving us some awesome products to test out.


- The EFF for supporting freedom of Speech

- Want a very cool website? Check out Social-Engineer.Org's graphic and web dev at Tick Tock Computers.



A special thanks to our Editor:

John 'J' Trinckes, Jr

Check out Robin Dreeke's amazing book called "Its Not All About Me" packed with the top 10 techniques to building rapport fast. It is an awesome book!

 

 


 

Priming: For Better or Worse

Last month, Chris Hadnagy’s newsletter article explored how a person’s abilities can be increased by merely adorning one’s self with a jacket believed to be a jacket belonging to a doctor. This month, we will take that idea a step further, deeper into the world of Priming. For those of you unfamiliar with the topic of Priming, I recommend you read my article, “A Primer on Priming, to get an introduction to the topic. Priming is exposing your target to specific stimulus in order to predictably influence their behavior when exposed to future stimulus.

We want to find out if we can manipulate complex behavior in an individual by priming a stereotype or trait. For instance, if we prime someone with the stereotype of professor, stereotypically known to possess the trait of intelligence, will they do better on a test of general knowledge versus someone who has not been primed? Conversely, will an individual primed with the stereotype of an enraged soccer fan or hooligan, known stereotypically to lack forethought and critical thinking, test poorer than someone not primed? Let’s find out!

In 1998, published in the Journal of Personality and Social Psychology, Ap Dijksterhuis and Ad Knippenberg from the University of Nijmegen sought to find out the answers to the questions raised above. They also sought to determine if the length of a prime would have a direct correlation with the abilities increased or decreased by the prime. Using a series of four experiments, Dijksterhuis and Knippenberg discovered some amazing results as they examined the relation between perception and behavior.

The Experiments

In experiment one, group A received a professor prime, group B received a secretary prime, and group C received no prime. Sixty individuals were selected and placed into groups. Group A and group B were given five minutes and asked to write out traits relating to behavior, lifestyle, and appearance of a typical individual they associated with their assigned prime, professors for group A and secretaries for group B. They were then provided 42 multiple choice questions of general knowledge (taken from the game of Trivial Pursuit). Group C was given no prime and therefore skipped the writing exercise and went straight to the multiple choice questions. All groups were given an unlimited amount of time to complete the questions, but their response time was recorded. The questions were also broken up into thirds to measure if there was any degradation of the prime over time.

Table 1 - Professor vs. Secretary prime

Prime All Questions 1st 1/3 2nd 1/3 3rd 1/3
No Prime 49.9 51.3 46.1 52.3
Professor 59.5 60.0 62.1 56.4
Secretary 46.4 44.4 46.4 48.4


As you can see by Table 1, participants receiving the professor prime did significantly better than the secretary primed group and the control group. An unexpected result was also seen by this experiment. Those primed with the secretary prime completed the tasks faster than the professor or control prime. Not enough testing was put into this to give concrete explanations, but it’s hypothesized that secretaries are stereotypically known to be efficient at handling large amounts of tasks quickly.

It is important to note that the priming task and the quiz task were believed by the participants to be completely unrelated, as proven by exit surveys conducted by the professors. The participants did not believe the two tasks were related and, even when told the priming exercise could influence their scores on the Trivial Pursuit questions, rejected even the possibility. Even though these targets did not know they were being primed, our previous research shows that even if you are aware of the prime, it works.

Experiment two was designed to test whether the duration of a prime would affect the performance during the testing. The prime was applied here in experiment two in the exact same way it was applied in experiment one except for the duration in which the prime was applied. In this experiment, group A spent 2 minutes writing down traits related to professors, group B spent 9 minutes, and group C received no prime and went immediately into the question portion of the experiment. In this experiment, the testing questions were increased from 42 to 60.

Table 2 - Professor prime (duration)
Prime All Questions 1st 1/3 2nd 1/3 3rd 1/3
No prime 45.2 45.2 45.9 44.6
2 min prime 51.8 49.1 51.2 55.0
9 min prime 58.9 59.2 58.9 58.6


Table 2 echos the results of experiment one and also shows performance increased as the length of the prime is increased. The longer your target is exposed to the prime, the more in-line, stereotypically, the target becomes with the prime.

Experiments one and two show that your target can be influenced to the positive, but is it possible to influence people to do negative things or to perform negatively? In general, people do not desire to perform poorly or act negatively. Can we unwillingly influence the target to go against nature and to act in a negative way? Experiment three was designed to answer this question.

In experiment three, three groups were formed and primed using duration as in experiment two, only this time instead of being primed with professor to achieve positive testing results, the groups were primed with the term soccer hooligan, stereotypically associated with stupidity. Can we actually cause negative performance? Can we actually cause an individual to subconsciously go against the grain of nature and perform poorly? As you may have guessed, the answer is, YES!

Table 3 - Soccer Hooligan prime (duration)
Prime All Questions 1st 1/3 2nd 1/3 3rd 1/3
No prime 51.3 49.6 53.6 50.6
2 min prime 48.6 48.1 48.5 49.1
9 min prime 43.1 45.7 42.9 40.8


Table 3 shows that participants primed with a negative stereotype pertaining to intelligence and lack of patience not only did worse than the no prime control group, the degradation of performance was increased with increased exposure to the prime!

We’ve seen how priming stereotypes can make the target behave in line with the perceived traits of those stereotypes. Is it possible to skip the stereotype all together and prime with the desired trait? Experiment four took four groups. Group A was primed with professor, group B with intelligent, group C with soccer hooligan, and group D with stupid. As in the experiments above, the groups primed with intelligent or stupid were given paper and asked to think about the concepts of intelligence or stupidity. They were then asked to list synonyms and behaviors characteristic of their assigned trait. As expected, those primed with professor or intelligence did better than those primed with soccer hooligan or stupid.

Table 4 - Stereotype vs. Trait
Target Intelligent Stupid
Stereotype 55.6 42.5
Trait 46.0 37.9


Making Sense of the Experiments

The results of the experiments are incredible. We know that by priming our targets we can influence them in positive or negative ways, but how is this possible? Did the groups primed with professor or intelligence magically become smarter? Obviously the answer to that question is no. So what’s going on here? There are three points of discussion here. Perhaps pr iming with the professor stereotype subconsciously makes the participants concentrate on the task and to think harder. Perhaps the prime encourages the targets to simply think smarter when it comes to problem solving. It is also hypothesized that, perhaps, the prime enhances the participants confidence in answering the questions and not to second guess themselves. Further investigation into the “why” is definitely needed.

Caveats

Further research was performed by Ap Dijksterhuis and Ad Knippenberg that showed when you prime someone with an extreme direct term, such as Hitler or Einstein, the opposite effect happens. The reason for this is priming with specifics such as Einstein invokes comparison. When you prime with professor, you’re leaving your brain to fill in the blanks. You are interpreting the word professor to mean smart, etc. When you prime with extreme specifics, such as Einstein, your brain says, “well, I’m no where near an Einstein” and you end up performing worse. This only works if your contrasts are exemplars such as Hitler or Einstein.

Implications for the Social Engineer

As a fellow social engineer or fan of social psychology, I’m sure the wheels are already spinning. As Bargh, Chen, and Burrows (1996) noted, “the perception- behavior link may be of crucial importance to our understanding of a large number of social psychological phenomena: Compliance and conformity, emotional and behavioral contagion, empathic reactions, imitating and modeling, mass media effects on behavior, and behavioral confirmation of stereotypes are expected to be at least partly under the influence of the perception-behavior link.”

In your study of social engineering, one of the topics that should have caught your eye is pretexting.  The study of priming can increase your success in a pretext.  In the research above, the “targets” were able to adjust the mental faculties just by thinking about words and ideas that coincide with a specific stereotype or trait.

As a social engineer, once you chose your pretext the use of priming can increase your chances of success. Let’s say your pretext revolves around playing the role of a janitor. The cultural stereotype of a janitor is that of a layman. Obviously this is not true of all janitors, but remember, we’re dealing with perception here. Right before your engagement, prime yourself by taking a piece of paper and writing down everything that comes to mind when thinking about a janitor relating to behavior, lifestyle, and appearance. Then allow that list to flow into your pretext, altering not just the physical appearance, but the actions you will have while in your pretext. Pri ming is another tool in the arsenal of the professional social engineer and one that can make you a master at pretexting.

written by:  Eric "Urbal" Maxwell


 

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

Gold Sponsor for The Social Engineer CTF at Defcon 20:

Sponsoring our Kids SE CTF at Defcon 20:

qualys sponsor Sponsors

Also check out our website sponsor: