Distraction and the Social Engineer as well as other amazing information from the team at Social-Engineer Is this email not displaying correctly?
View it in your browser.

Vol04 Issue 50
November 2013

In This Issue

  • Distraction and the Social Engineer
  • Social-Engineer News
  • Upcoming classes
THE NEWS

The Social-Engineer CTF Report has been released.  If you haven't downloaded your copy you can do that on our site.

Also the seats are almost full for our first ever FREE WEBINAR about the SECTF.  Sign up now.


_______________________________

The team at Social-Engineer is really excited to announce our brand new service - The Social-Engineer Mastermind Group.  For more info click below:

As a member of the newsletter you have the option to OPT-IN for special offers.  You can click here to do that.

_______________________________

Check out the schedule of upcoming training onSocial-Engineer.com

REGISTER NOW!

Feb 10-14, 2014 Social Engineering For Penetration Testers – Orlando, Fl

May 19-23, 2014 Social Engineering For Penetration Testers - Amsterdam

Nov 3-7, 2014 Social Engineering For Penetration Testers - Reston, VA

We are limiting the number of attendees in each class, so first come first serve.

  • 5 days of ground breaking training (4 Days for Black Hat)
  • The Social Engineering Penetration Testing Course guide
  • Special tools to enhance your SE practice
  • A chance to take the first ever Social Engineering Pentesting Certification
  • Homework each night and one instructor led engagement
  • Lots more

If you want to ensure your spot on the list register now - Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of Chris Hadnagy's Best Selling Book:  Social Engineering: The Art of Human Hacking?

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!  
 


To contribute your ideas or writing send an email to [email protected] 


 Special Thanks and Notices: 

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes. 

A Special Thanks to: 

- Spy Associates for continually giving us some awesome products to test out.


- The EFF for supporting freedom of Speech

A special thanks to our Editor:

John 'J' Trinckes, Jr 


Check out Robin Dreeke's amazing book called "Its Not All About Me" packed with the top 10 techniques to building rapport fast. It is an awesome book!



 

We want to thank the sponsors for the Defcon 21 SECTF

WombatSponsorspage

TS-Emblem-Logo-Final-RGB-300dpi

tee

Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

The Art of Distraction and the Social Engineer

The bird in this video is known as a Killdeer, a predominantly North American bird whose "broken wing" distraction technique is well documented amongst bird watchers and ornithologists. The Killdeer typically attempts to lure a ground predator away from its nest and offspring by appearing to be injured and offering what looks to be an easy meal. As the threat closes in, the bird flies to safety before trying to entice the stalking predator again. In a bid for the survival of its offspring, the bird uses distraction and deception to increase the odds of the hatchlings' survival.
 

Our friend Apollo Robbins is also a master of directing attention. In this TED Talk, he not only demonstrates his skill in manipulating the attention of his target, but also does this on a greater scale with the entire audience, revealed in the last 40 seconds or so of his presentation. The maddening aspect of this video is that paying closer attention doesn’t help all that much. Apollo is simply great at what he does and despite all best efforts, manages to make one attend to the details that he chooses.
 

Why Is This Important

These examples demonstrate the same point. The use of distraction is an extremely effective method in directing the attention of a target, whether it be a potential predator or a social engineering target. The appropriate use of distraction is an excellent way for us to influence others by guiding their focus in a direction that accomplishes our goals (and away from salient facts that may get us caught).
 
Something else that helps us in the implementation of distraction is the faulty human operating system.  I imagine we would all prefer to think of ourselves as observant people, but most of us simply aren’t. In psychology, there is a fascinating phenomenon known as inattentional blindness; it’s basically the failure to observe something that is fully visible to you because you are distracted in some way. This concept has been demonstrated a number of times, probably the most well-known by Simons and Chabris (Simons, D. J., & Chabris, C. F. (1999). Gorillas in our midst: Sustained inattentional blindness for dynamic events. Perception, 28, 1059-1074.)  In this study, the researchers found that about half of people concentrating on counting the number of times a basketball was passed amongst teammates failed to see a man in a gorilla costume walking through the middle of the players. 
 
This isn’t just a problem with your average human. While one might excuse this sort of tendency in most people, we would expect that experts with experience or training would be relatively immune to this sort of failure, especially if they are paid to observe.  Not necessarily so. In a recent study conducted by researchers at the Harvard Medical School and Brigham and Women’s Hospital, radiologists were asked to perform a standard task; viewing lung scans and identifying suspicious nodules. Except in one of the conditions, researchers inserted a picture of a gorilla in the final trial. What they observed is that an astounding 83% of participants failed to notice the gorilla.
    
                                                                      

Now, before we go off screaming to our radiologists, here are some important pieces of the puzzle. One of the main aspects of inattentional blindness includes the fact that the stimulus that is missed is unexpected. In other words, we don’t expect to see a gorilla either on a basketball court or on a lung scan. The second aspect is being engaged in something else. This is exactly why cell phone hands-free devices in cars do very little to reduce accidents. Although juggling a phone and a steering wheel is clearly unsafe, it’s the concentration on a conversation that keeps you from noticing the car ahead of you has stopped short; even though you may be looking right at it. This is also exactly the situation that both the Killdeer and Apollo Robbins create that allow them to pursue their respective goals.
 

Are there Social Engineering Implications?

Taken together, this has clear implications for the social engineer. Time spent in the development of a proper pretext and use of good props can set the stage for an engagement in which the target is paying closer attention to all the wrong things. Perhaps a distressed job applicant with a ruined resume can temporarily make a secretary dismiss the fact that corporate policy forbids inserting an unknown flash drive into the network. Or maybe a heated argument between “strangers” in an office lobby creates enough confusion for a third party to gain access to the building without having their credentials double checked.
 
Well-prepared and knowledgeable social engineers can create and exploit situations favorable for a chosen attack vector. In this article, we have highlighted the fact that people are very vulnerable to distractions and they generally have a hard time paying close attention to everything going on around them. Be aware of this as you operate and as white hat social engineers, be sure to defend your own organization against this component of human behavior.   

Written by Michele Fincher 

 

 

 

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

Also check out our friends at:

 


IRC                                    irc.freenode.net
CHANNEL                      #social-engineer
TWITTER                        @humanhacker  /  @SocEngineerInc
YOUTUBE                      http://youtube.com/SocialEngineerOrg

/* -1 && (a.length > 28)){s='';j=27+ 1 + a.indexOf("/cdn-cgi/l/email-protection");if (a.length > j) {r=parseInt(a.substr(j,2),16);for(j+=2;a.length>j&&a.substr(j,1)!='X';j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}j+=1;s+=a.substr(j,a.length-j);}t.innerHTML=s.replace(//g,">");l[i].setAttribute("href","mailto:"+t.value);}}catch(e){}}}catch(e){}})(); /* ]]> */