Neuro-Lingustic Hacking:  The New Age of Social Engineering

Social engineering is nothing new.  From some of the oldest stories recorded in mankind’s history till today, social engineering has been used.  The interesting part about social engineering is that the methods used have not changed much.  Sure there is new technology and a deeper understanding of humans and psychology, but the underlining principles of social engineering are the same as they were 6000 years ago.

In the last 70-100 years there has been massive leaps in understanding the human psyche.  What makes a person tick? Bandler and Grinder took understanding neuro-linguistic programming to a whole new plain.  Dr. Paul Ekman took understanding microexpressions to a new science.  Then many experts who spent decades studying influence, persuasion and manipulation began to work hard to understand what makes a person act a certain way.

As an ardent student of the sciences and arts that make up social engineering, I am always trying to learn how to adapt certain studies from other professionals into social engineering as a whole.  We have interviewed radio hosts, psychologist, law enforcement, NLP gurus, dating experts and others to try and understand what each of those fields has to offer a social engineer.

After studying a lot of the practices and what makes them successful we have blended a few together and are going to start a new study called Neuro-Lingusitic Hacking (NLH). 

What is NLH
NLH is a combination of the use of key parts of neuro-lingusitic programming, the functionality of microexpressions, body language, gestures and blend it all together to understand how to “hack” the human infrastructure. Let’s take a closer at each to see how it applies.

Neuro-Lingusitic Programming (NLP):  NLP is a controversial approach to psychotherapy and organizational change based on "a model of interpersonal communication chiefly concerned with the relationship between successful patterns of behavior and the subjective experiences underlying them" and "a system of alternative therapy based on this which seeks to educate people in self-awareness and effective communication, and to change their patterns of mental and emotional behavior"

Neuro: This points to our nervous system which we process our five senses:
• Visual
• Auditory
• Kinesthetic
• Smell
• Taste

Linguistic: This points to how we use language and other nonverbal communication systems through which our neural representations are coded, ordered and given meaning. This can include things like:
• Pictures
• Sounds
• Feelings
• Tastes
• Smells
• Words

Programming:  This is our ability to discover and utilize the programs that we run in our neurological systems to achieve our specific and desired outcomes.

In short, NLP is how to use the language of the mind to consistently achieve, modify and alter our specific and desired outcomes (or that of a target).

Microexpressions are the involuntary muscular reactions to emotions we feel.  As the brain processes emotions it causes nerves to constrict certain muscle groups in the face.  Those reactions can last from 1/25th of a second to 1 second and reveal a person’s true emotions.

Combine this with the reading of body language, gestures and posture and what you are left with is a human reading machine.  That is the core of neuro-linguistic hacking.

The New Age Of Social Engineering
As I already mentioned, from the dawn of time social engineering has been used and the talents, skills and methods haven’t changed much.  Neuro- linguistic Hacking will not be a brand new science, but it will combine much of the sciences that we haven’t discussed in the terms of social engineering and now applying them to social engineering.

The Team at Social-Engineer.org has been developing and working on training. I don’t want to reveal too much, because much more will be coming.  What I can tell you is that there is no training in the market today that is like this.  Let me give you an example.

Social engineering is much about influencing a target to take an action.  Many actions are taken due to an emotion that is felt.  Instead of talking just about how to manipulate, I suggest we talk about how to cause a target to feel the emotion.  Once we can trigger that emotion we can trigger an action to follow it up.

Here is a scenario a normal social engineer might encounter.  The social engineer needs to gain access to the server room and to do it he needs to get past the secretary.  Of course, he can “lie”  his way past and that may work.  But to give a better chance at success he knows that if he can engage his targets emotions she may do what she is asked more easily.
He determines to use a pretext that he was called by a frantic CFO who had left earlier that Friday morning for a weekend vacation.  He tried to issue the month end’s reports but there was a server issue.  On his way out he called the support company and told them if they wanted to keep the contract that they must come now and fix it.  Our social engineer had found all these details with a few well placed calls before and the story is not only believable but it is a viable truth. 

To really sell it though, the social engineer should understand anxiety and how to display it in proper degrees.  Psychologist World states that anxiety is fear + vanity. Along with that it talks about the effects of anxiety and how it is displayed.

Medical News Today had printed some research that can literally change the way we understand how to use microexpressions in social engineering.  Much of the talk about using microexpressions is reading them on our targets to give us a clue how the target is feeling.  That is a very powerful use for microexpressions.  Yet what about using microexpressions to influence our targets and manipulate them? The study done by some top researchers proved that even though we might not consciously pick up on a microexpression our subconscious minds do and not only do we pick them up but they alter our perceptions and the way we treat others or are treated by others.

That is a powerful statement. Notice what Ken Paller, professor of psychology in the Weinberg College of Arts and Science at Northwestern has to say on this, “Even though our study subjects were not aware that they were viewing subliminal emotional expressions, their brain activity was altered within 200 milliseconds. As a result, the ratings of facial expressions they did see were biased."

This means they were able to see that feeding a subject images of certain microexpressions at 200 milliseconds they can alter the way the subject reacted. The study went on to say that our brains are designed to pick up on subtle hints that can warn us of danger, help us detect truth and even help us to determine true intentions.

With this in mind and reflecting to our previous scenario, it would be powerful to be able to display true anxiety, even in such small ways that it would affect the emotions of the target and manipulate them to feel what we wanted, would it not?

Displaying Fear
Fear being so closely linked with the feelings of anxiety or creating anxiety would important for our above social engineer to understand.  Fear is displayed with these points:
• The Eyebrows are raised and pulled together, causing a wrinkling between them
• The lower eyelids are tensed
• The corner of the lips stretch out Horizontally
 

 Extreme Display of Fear Microexpression

Dave Matthews is showing a very broad fear expression.  Notice the eyebrows raised and drawn in, the kips pulled back and his eyes wide.  Of course if the social engineer walked into the office looking like this it would probably not have the effect he would want.

Trying to hide fear

Yet in the above picture we can see a very subtle fear expression.  Notice the wide open eyes, the brows being pulled up and together and the lips slightly pulled back.  This is fear.

Can you mimic this expression?  Get a mirror and try.  When you do, notice the feelings it pulls up in you, notice how it will cause you to feel...fear.
This is the key to our account above.  If the social engineer can master this subtle method of displaying fear the target’s emotions can be altered and subconsciously it can cause the target to feel and then react.

This is a small sample of what NLH is and how this new method of analyzing, dissecting and training social engineers will be approached.  Neuro-linguistic hacking will help social engineer develop the skills they need to combat the malicious attacks, learn how to educate their customers and continue to bring awareness to the threats of malicious social engineering.

Stay tuned as we will be releasing more information on our training and more tips into the world of neuro-linguistic hacking.

Written by:  Chris "loganWHD" Hadnagy