Sept 2012 Newsletter 

Volume 03 Issue 36  

In this issue

  • MFE vs Body Language
  • Social-Engineer News
  • Upcoming Classes
  • What's coming...
  • Social Engineering Penetration Tests

Social-Engineer News

Join us at Derby Con for an amazing Social Engineering Class also see us at HALO in San Diego for a 3 day version of the class.

 

We are excited to announce a new service by Social-Engineer.  A limited number of seats for a mastermind social engineering group are opening up.  Are you interested in hearing more?  Email us at:  [email protected]


Check out the schedule of upcoming training on Social-Engineer.om


Social-Engineer.Com has launched their Social Engineer Penetration Testers course. It is literally the first of it's kind. As a subscriber to the newsletter you are getting first dibs on knowing where and what is happening.

REGISTER NOW!

Nov 2012 Bristol UK - Some Seats Still Available

Detroit MI - March 4-8, 2013

We are limiting the number of attendees in each class to 22 and under, so first come first serve.

  • 5 days of ground breaking training
  • The Social Engineering Penetration Testing Course guide
  • Special tools to enhance your SE practice
  • A Chance to take the first ever Social Engineering Pentesting Certification
  • Lots more

If you want to ensure your spot on the list register now - Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of Chris Hadnagy's Best Selling Book:  Social Engineering: The Art of Human Hacking?

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now! 
 


UNSUBSCRIBE by sending an email to [email protected]




Check out the awesome music of Dual Core - IT geek, Rapper and all around awesome guy...


To contribute your ideas or writing send an email to [email protected]





What's coming up..

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

Want to say thank you to our sponsors this month

- Spy Associates for continually giving us some awesome products to test out.


- The EFF for supporting freedom of Speech

- Want a very cool website? Check out Social-Engineer.Org's graphic and web dev at Tick Tock Computers.



A special thanks to our Editor:

John 'J' Trinckes, Jr

Check out Robin Dreeke's amazing book called "Its Not All About Me" packed with the top 10 techniques to building rapport fast. It is an awesome book!

 

 


 

Microexpressions vs Body Language

Sometimes it may seem that when someone talks or writes about microexpressions (otherwise known as MFE aka micro facial expressions) body language is looked down upon, or when someone focuses on body language that microexpressions are looked down upon.

Is it true that one trumps the other?  Is one more powerful than the other?  How can you, as a social engineer, know which to focus on?

MFE vs Body Language
The face has been labeled “the organ of emotion.”  Why?  Because when we meet someone the first place we look is their face, we recognize people from their face, we tell how much we trust, like, dislike and are attracted to a person first from their face.

One study done out of the University of Tampere entitled, “Categorical representation of facial expressions in the infant brain.” Indicates that in their research the face is so important to infants who are unable to communicate with language at 7 month old that they rely solely on the face to communicate, trust and determine how much they like a person “before the acquisition of language.”

Studies like this and the many found in Dr. Ekman’s book “Telling Lies: Clues to Deceit in the Marketplace, Politics, and Marriage” indicates the importance of the face while communicating.  So if the fight over?  MFE’s win?

No, not that easy.  Sure the face is very important, one of the most important parts of our body when it comes to communicating, but what about if you are trying to determine deception?

There have been many people who have written articles and stated “facts” that a certain posture, facial expression or eye and body movement indicates deception.  Unfortunately for them, over the last few years all of those beliefs have been debunked.  There was even a recent study named “The Eyes Don’t Have It: Lie Detection and Neuro-Linguistic Programming” done in the Department of Psychology in the University of Hertfordshire, Hertfordshire, United Kingdom, even debunked the long held belief that the ways our eye move in a conversation can indicate our truthfulness.

What About Body Language?

Body language is likewise important in communication.  How the feet are positioned can indicate someone’s interest in talking with you.  Neck touching or rubbing can indicate stress.  Eye covering can indicate shame or sadness.  Palms up can indicate openness… so on and so forth. 

Studies proliferated about both body language and facial expressions and many seemed to center on telling if people where lying our not.  Studies, like the one mentioned about, were valuable in determining that none of this research seemed to indicate there was a sure fire way to ALWAYS tell if someone was being truthful or lying.

There are definite ways to see if someone is under stress  - again a furrowed brow, tension in the face, rubbing the neck, lip compression, biting of lips – all of these can indicate someone is feeling stress… but the question that remains is WHY?

"Why" is the hard question that many times cannot be fully understood through facial expressions or body language.  Imagine this scenario:

As a social engineer you approach the front desk with the goal to get through reception and into the company warehouse.  As you approach the gatekeeper you put a big smile on your face and start your opening line.  You look at her and see that her legs are pointing away from you, her brow is furrowed, and as you start you notice she puts her hand to her neck.

All of these are indicators that she is under stress.  A person may jump to conclusions that all of this is due to her seeing you and she isn't going to tell you anything.  Or they may think that she is about to be untruthful due to these signs.

The facts are is that all we do know for sure is that she is dealing with some stress and it is showing.  Our approach should not be to jump to conclusions but to use body language and facial expressions that will not add to her stress.
 
Coming at her with hips and feet pointing her way can make her feel boxed in and under pressure.  We might want to say something like “I just have a quick question” and doing so while our torso is pointing away from her.  This will back up that we don’t intend to take her time. 

What’s the key? 

Education.  Observation. Adaptation.

We first must educate our selves on what these queues look like.  Learn how stress can be indicated.  How does anger look?  How does sadness look?  How does fear look?  What body language indicates lack of interest? 

Then practice observing these on people.  The mall or a shopping center is a great place where you can watch people without being creepy.  Watch people from a far interact, try to determine as you approach if they are comfortable or not.  Then as you get closer see if you can hear conversation that indicates if you were right.

My partner in my training class, Robin, did this fascinating thing where he spoke to his son about some problems he was having in school and video taped it.  What’s fascinating is seeing how you can easily pick out stress, happiness, comfort, discomfort when you are educated to see it. 

Adaptation is the oil then that makes this machine run.  Once you learn, once you observe be able to adapt your nonverbals to work in the situation you are in.  Be able to think on your feet, think critically and make changes to put your targets in a better state of compliance will make you see like a magician or a mind reader.

Our original question here was who wins in a battle – MFE’s or Body Language and the simple answer is neither beats the other – they both win.  You need one to verify and validate the other.  You use them in tandem, you use them both to read, understand and also influence.

Practice makes perfect.  This was a question submitted through our email at [email protected]

Thank you for that excellent question.  Keep them coming.

Till next month

written by:  Chris "loganWHD" Hadnagy


 

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

Gold Sponsor for The Social Engineer CTF at Defcon 20:

Sponsoring our Kids SE CTF at Defcon 20:

qualys sponsor Sponsors

Also check out our website sponsor: