Lightning Social Engineering:  When there is No time To Prep

Recently, I was discussing how social engineering skills are used in everyday life.  Yet, one of the most widely asked questions is: "how one can practice these skills?"  We have written about this very topic a number of times, most recently, Jim wrote about it in newsletter #15.

This month, the focus is on how you can develop "lightning social engineering" skills.  That is the ability to turn these skills on with lightning speed and obtain your desired results without fear or apprehension.
After the above discussion, I started to notice where I use techniques in everyday life that could be classified as social engineering, or at least, skills that could enhance my SE practice. Awhile later, I was down in DC for a conference and I thought to myself:  how can one practice and see if the skills they have will work in quick formats. 

Many times in social engineering engagements, there are circumstances that cause us to need some skills to get out of sticky situations with no time to prep for a response. How we respond to these scenarios can determine the level of success or failure we achieve. 

Let's analyze this topic in more depth so we can see clearly how these skills might mean success or failure in many situations.

Lightning SE in the Wild
Imagine you are trying to gain access to an area that is restricted to you. You have a plan clearly laid out that works and has worked for you in the past, but as you approach your target destination, rounding the corner is a security guard.....

Or maybe this scenario:  All your intel has told you that Mrs. Smith is at the receptionist desk Monday-Wednesday. Your information gathering has given you some juicy details to quickly build rapport and you know this will work. But, as you walk up to the front desk, she is not the one there.  In fact, she has been called away for a family emergency and the person replacing her is completely unknown to you.

The list can go on and on, but the point is, most of these scenarios are examples of unsuspected situations. Many times, failure can occur in these situations for no other reason then lack of confidence. Fear of failure and fear of being caught both stem from this lack of confidence, but there is a way to "practice" for these unknowns. This is something I like to call "Lightning SE".

Prepare and Practice for the Unknown Factor
If something is unknown, how can you prepare for it? If there are unknown factors that may pop up, how can you practice? These are very good questions and while the answer is that you cannot prepare or practice for every unknown, you can use everyday legal situations to try and see how far you can get.

The reason for using legit situations is that if you had to back out, there is no fear of getting caught, mainly because there are no repercussions. When the fear of being caught is reduced or removed, then we can allow ourselves the freedom both physically and mentally to test the waters.
 

To pove that when fear is reduced (or removed) humans can achieve great things, I refer to a study created by psychologists E.J. Gibson and R.D. Walk. They developed the visual cliff test to use with human infants and animals. Gibson and Walk created their visual cliff apparatus by having a table with glass on it. The glass had material pasted right under the glass on half of it and on the other half, the material was placed inches or feet under the glass. This gave the impression of a cliff.
Babies were placed on the surface and coaxed to try and make them crawl across the glass. Joseph Campos, a professor of Psychology at Berkley University did a study that really shows how well this works. In a video, he placed children on this "visual cliff apparatus" then he tried to coax them across the "cliff" with prizes, toys, and treats. It didn't work. The toy was not worth the "risk" to the baby.

So he stepped up the method by having an adult on the other side of the cliff. This is where things got interesting. If the adult showed a facial expression of fear the baby would not go anywhere near the cliff, but if the adult showed nonverbal communication that indicated happiness the baby felt comfortable and took the risk.

To me, this is groundbreaking research that can help us better understand the importance of non-verbals. A video of this research can be found here:
 

Now, what does this have to do with Lightning SE? To me, everything. The same thing that made the baby cross the visual cliff can work for us... Remove the fear of being caught! Remove the fear of doing something illegal! and you can practice your SE skills and perfect them. Doing so in a natural environment can also help you to recognize and then duplicate your non-verbals that you portray when you are comfortable, relaxed, and not in fear mode. The only way you will know is to try and take notice. But, if the first time is during the actual engagement ,you will not know what is normal. Setting up that baseline is essential so you know what it feels like and looks like when you are under pressure.

The best way to do this is to pick out a few things you might ask for that would be normally rejected and see if you can get the person you are asking to give in. For example, here are a few you can try:

- Try to get your hotel room key rekeyed without giving ID.
- Try to get the cleaning personnel or security person to let you into your room with no ID.
- Gain access to a restricted area simply by asking.
- Call your cell phone provider and try to get information on yourself without providing proper ID.
- Try to obtain personal information from a stranger.

This is by no means a comprehensive list, but it can help you to spark a few thoughts or avenues you can try. This should not be long and drawn out, but something you can do quickly.  Maybe 30, 60 or 90 seconds worth of SE.

The questions you want to ask yourself are:
- What facial expression do you want them to see?
- What other non-verbal queues do you want to portray?
- What information are you trying to obtain; what is the goal?

Give this some quick thought then pick out a scenario and giveit a try. I wanted to try this in the real world and capture it on video so I had something to show you. I chose to try the scenario of getting a security guard to unlock my hotel room with no proof of ID. My quick pretext was that I was running late on my check out and in my already full hands was a key that didn't work. With non-verbal expressions that would show open and warmth, I would simply ask the security guard for his help and allow him to fill in the blanks as to my problem. Doing this, I would hope that he would make an assumption and allow me access.

Of course, the fear was removed because it was my room and if I was "caught", I could prove it, but still, it - all happened under 30 seconds. The set up was easy,now all I had to do was remove any nervousness and openly talk to the security guard asking for his help. I thought I would throw a pause in there that would allow him to fill in my blank and within 35 seconds, I was given access to my room with no proof of ID.

Want to see it in action? Well, the video is shaky, but I captured  the events.  I made a small video with explanation for your viewing pleasure: 

Social-Engineer.Org Lightning SE Video

Hopefully, this will be one of a few in a series that will demonstrate Lightning SE skills.  Learning to adapt, change, and move quickly when it comes to social engineering skills can make you more comfortable.  It can also you master the skills to make you a great social engineer.  How do you practice lightning SE skills? 

Send us how, where, and when you perform Lightning SE to [email protected].


Written by Christopher Hadnagy


The World's Most Important Social Engineering Tip - REVEALED!

After much toil, we at social-engineer.org, are proud and happy to announce that we have discovered, and are now in possession of, the world's most powerful social engineering technique ever! We came into possession of this time tested and proven technique after much personal risk, but let me tell you, it was worth it. With this technique, even the most unskilled social engineer will find that previously insurmountable obstacles will drop with such ease, you will soon question if you, yourself, have become the world's #1 social engineer.

What are we going to do with this technique? Are we going to write it in blood on the scrolls of SE that are stored at a secret location at that top of the Himalayan Mountains? Are we going to encode it in backward-speak in the next podcast? Are we going to sell it to the highest bidder on a black market website that Krebs will just find anyhow? No, dear reader, no.  As for the low, low price of free, we will be placing this secret here, in this very newsletter. All we ask of you is to read to the very end and meditate on the deep meaning that this secret will hold for you until the end of your days.

But wait! Don't read too fast. Before you consume this secret of the ages, take a moment to prepare yourself. Take stock of your life as it currently is, as after the next few moments, it will never be the same again. Steady your nerves by consuming some cool refreshing water. Prepare yourself...

THE SECRET of SE!

After much study, effort, and simple common sense, we have revealed that the secret to SE is: Be Polite to People!

Yes, it is as simple as that. The power of endearment put to your use. This simple, yet devastatingly effective tactic, will do more than anything else to put your target at ease, lower their guard, and get you what you need, when you need it!

Let's make this as simple as possible: 1+ nx/1!+(n(n-1) x^2)/2!+P/R=SE!

Clear enough? Let's explain it another way. From childhood, we are taught that it is important to be polite to others. That this is what separates civilized society from beast. It is ingrained in us to respond to this basic stimulus of polite behavior. For instance, consider the example of reciprocation:

There are two sets of doors. You open the first set and stand to the side to let someone else through before you. What are the odds that they will hold open the 2nd set of doors for you?

Is that magic? No, that's SE!

 Etiquette of SE

What ever you do, do not come on too strong. You don't have to tell someone you are polite, show them.

For instance, don't let someone know what a polite person you are all at once, lead up to it. When you first engage in a conversation, ask for something small that there is no way they will reject. When they give you what you requested be sure to be very grateful, but not too grateful.

Wrong:
You: Hi, I am sort of overwhelmed here. Me and my terrible sense of direction, the restrooms are where on this floor?
Them: Yeah, it is a maze here. Just go down the hall and to the left. It's on the right.
You: Thank you. Now can I also get a company directory?

Right:
You: Hi, I am sort of overwhelmed here. Me and my terrible sense of direction, the restrooms are where on this floor?
Them: Yeah, it is a maze here. Just go down the hall and to the left. It's on the right.
You: Ahh, perfect. Thank you so much. I have no idea how long I would have wandered around this place. I guess I left my dousing rod at home today. As you know your way around here so well, could you help me with one more thing? I was supposed to deliver some paperwork to a few people's offices and I left my directory behind. Do you have a company directory I can photocopy real quick?

Study this example closely. The underlying principal is simply you reward someone for the basic help that they provided you. This positive reinforcement is something we call, "a doggie treat", and encourages them to continue to help you. You are taking advantage of a social exchange that has been engrained in all of us since birth – being polite leads to rewards.

A Powerful "Please"

The magic word is not abracadabra, but more simply:  "Please". But, it's not just the single word, 'please', it's the attitude that surrounds it.

Ensure that when you first engage a target using this secret technique, you present yourself correctly. For instance, a bashful smile and the line "I am really sorry to bother you, but can you please help me out?"  or "I really need your help, I don't want to take up a lot of your time, but ..." instantly puts the target into a mode where they are pre-disposed to assist you.

Seem too simple? But that is the trick of security all along. Complex systems are more likely to break than simple ones. Is this social engineering at all? Or is it simply doing as your grandmother insisted? Does it really matter either way if it gets the results you are looking for?

Yes. I know. Your life is changed. As always, feel free to submit your praise to us at social-engineer.org. Please.

Oh yeah, and "Thank you".
 

Written by James O'Gorman