Neuro-Lingustic Hacking:  The difference between NLP and NLH - part II

Last month I began a series that was focusing on the differences between NLH and NLP. I covered the basics on how NLP is all about you, it is personal, internal and meant to make some major break through or changes to your mental outlook. In many ways it is like social engineering yourself. You are using your own emotions and thoughts to manipulate yourself to take some action to make a change.

Then I shared with you the core of NLH and how it uses the same principles of NLP but its major difference is to use those skills to manipulate others. Last month I focused on body language and the power it has over manipulating others. This month we will talk about something that can truly change your life – the use of Microexpressions.

A Brief History
As early as 1960, scientists where looking into microexpressions trying to understand how facial movements relayed emotions. It has its roots deep in psychology, as therapists studied these muscular movements to understand what people where not saying but expressing with their emotions.

Dr. Paul Ekman took the research to a new level in the 60’s and 70’s by studying how microexpressions were not affected by gender, race or even cultural boundaries. His researched pioneered a new breed of research that allowed many scientists, including Ekman himself, to understand human emotions on a much deeper level that previously believed possible.

Ekman found that these microexpressions are involuntary displays of emotions that are controlled by muscular movements triggered by emotions. These muscular movements are not controllable as they are involuntary and caused by muscular movements due to emotion.

What does this mean for neuro-linguistic hacking?
Understanding the above science in its entirety is not necessary as a social engineer, but it is important to understand the basic emotions and what muscular movements are represented by each. I cover this extensively in my upcoming book, Social Engineering: The Art of Human Hacking but I will cover some of it here in this newsletter.

Dr. Ekman identified and catagorized human emotions into basic categories:

• Anger
• Disgust
• Fear
• Happiness
• Sadness
• Surprise
• Contempt

A good social engineer needs to know how each emotion is shown on ones face, which muscles are used and how to produce these emotions. 

As an example try this as you read this paragraph. Squeeze your eyebrows together as if you were trying to bring the corners together to touch together. Also bring your eyebrows down as if you are tensing your whole forehead. Tighten your lips together and now glare ahead. What emotion do you feel? Practice and try it a few times.

If you are doing it properly, you will start to feel anger. Now this is an important point to keep in mind. By making your muscles on your face move to a certain direction you can manipulate your feelings to feel an emotion. That is a very important point. I have tested this theory with many people and in over 98% of the people I have tried this with, they felt the emotion and were able to identify what they were feeling.

Applying to NLH
Now to take this to the next level, and to really understand how this can be used to manipulate others we need to look deep into the science. Fortunately for us, there are people who have devoted their lives to this work. A group of amazing researchers, Wen Li, Richard E. Zinbarg, Stephan G. Boehm, and Ken A. Paller, performed a study that I feel changes the face of microexpression usage in modern science.

The basic gist of the study was that they took subjects and connected dozens of mini-ekg’s to muscle points on their face. The devices would register any muscular movements in their face and head. They then played videos for them that had 1/25th of second flashes of microexpressions in frames. They found that in almost every case the subject’s muscular movement would begin to mirror that which was embedded in the video. If it was fear or sadness, the subject’s facial muscles would register showing those emotions. When interviewed about the emotion the subject was feeling it was the emotion embedded in the video.

If this doesn’t make you stand up on your seat and scream go back and re-read that:  Quick flashes of emotions altered the subject’s emotional state. As a social engineer this is mind-blowing research. Imagine how you can use this. If as a social engineer, you can learn to control your emotional displays and muscular movements and you want to alter your target to be in state of mind that is more pliable then you can create that environment using your microexpressions.

Let me paint a picture to help tie this in. Let’s say I found out that my target’s HR Manager, Mrs. Smith, is out for vacation. I schedule to come to the facility as if I had an interview. I have two vectors I want to try, USB Key in the receptionist computer and “secret” USB’s dropped in employee bathrooms. These vectors will require believable story lines. 

First, my resume was ruined by spilled coffee and second, when I find out my interview is really not this week, dejected, I ask if I can use their bathroom to wash off my tie and then I will go to my next appointment.

Now in both instances when I am asking for her to insert my USB key into her computer and when I am asking to be allowed into an employee bathroom my facial expressions can hurt or help my cause. Most likely, nerves, fear of failure and fear of getting caught can easily cause my facial expression to emit fear. If I am emitting fear I will cause the target to feel fear, which will NOT be conducive to success.  What emotion do you think will help you achieve your goal?

As in last month’s newsletter, compassion will really help you. Also a person in this situation would be showing more sadness than fear. How can you emit an emotion that will help her feel compassion? Sadness. Now this is something you need to be very careful about. You don’t want to show extreme grief, as that sends the wrong message. Too much sadness can be off-putting and too little will not trigger the emotion.

Sadness is shown by the corner of the lips pulling downward, the eyelids being partially closed and then other factors like the rate and speed of speech all being softer and lower. All of this emits sadness and that sadness can cause the target to feel sad, which is an open gate to compassion. When you make you two requests you are more likely to receive a positive outcome with compassion on your side.

As you can probably tell this is just touching a very deep topic that will take many more newsletters to cover.  What aspect of NLH do you want to see next?  Send me a note to logan -@- and let me know.

Till next month.

Written by Christopher Hadnagy



 As a special treat for those of you who subscribe to our newsletter we are including a small section of the report of the Social Engineering CTF that will be released in the next week or two.  In the meantime enjoy the little tidbit below:

Employee Resistance
The concept of employee push-back or resistance to information gathering based elicitation is a direct indication of how well the existing awareness programs are working within organizations. These challenges to questions the callers are making force the social engineer to justify why they should be allowed answers.

Unfortunately throughout the course of the contest, the number of times contestants encountered any degree of resistance was rather minimal. In tallying these results we took a very liberal approach on classification of resistance. According to our analysis, the results show that in the calls that were made, awareness training was not effective within the targeted organizations.

As disturbing as these results are, the full picture is even worse. For instance when some degree of resistance would be encountered, bypassing this was in every case simply a matter of calling back and reaching a different employee. In only one organization there were multiple instances of resistance in consecutive calls. However, after three calls the next employee encountered was willing and able to provide the flags the caller was requesting.

Indeed, more so than resistance to questions, the biggest obstacle once a contestant had an employee on the phone was simple ignorance of the answers to questions. It was far more likely for an employee to want to answer a question but simply not have the information that was being requested. At one point when calling a target and asking about browser type and Adobe software in use, the employee was so willing to help she said, "Let me just go to the manager’s computer and give you the answers to this question." To some extent, this does speak to segregation of information as being a more effective defense than most organizations’ security awareness programs.

In the instances that resistance was encountered, it was often driven not by suspicion on the part of the employee but rather by impatience at the time being taken out of the employee’s day by having to answer these questions. In part, this was driven by the prevalence of the survey pretext, due to the fact that as a society people do not have much tolerance for what they see as “annoyance calls”. The other primary driver was the employee having other, more pressing, duties in which to attend to.

In the cases that resistance was attributable to awareness, the calls were ended very fast by the target. They would simply state, "These questions sound fishy. Have a good day." Then hang up. In one instance, the target questioned the contestant about his pretext, then even went as far as to question him about his calling number and became very combative. This was encouraging to us as it showed a glimmer of hope that some employees are taking these matters seriously.