Spinning Your Web — Deception and the Social Engineer
A tiny arachnid that is a master of deception has been discovered by naturalist Phil Torres at the Tambopata Research Center in Peru. The spider, most likely a new species, builds a larger decoy in its web using pieces of leaves and debris. It then shakes the arranged bits to possibly discourage and defend against predators. Although other spiders in the Cyclosa genus have been documented displaying less complex decoy-building behavior, this deceptive creature’s ploy is unique. This is an exotic example of animal behavior, but it is an interesting place to begin a discussion about the use of deception.
What is Deception?
Making something (a situation, a person, etc.) appear to be what it’s not is a useful and necessary tool for social engineers. From the telling of outright falsehoods to the more subtle use of omissions or even props to communicate a specific message, deception can come in many forms. It is the responsibility of the social engineer to manage that communication, keeping in mind the overall goal of influencing the target. Intent plays a major role in how and when we employ deception. At Social-Engineer, LLC, we always stress the importance of making sure your target feels better for having met you. This tends to be a wise business decision and good rule of thumb in human relationships. Clearly, the method you choose for deception can make a huge difference in how the target feels once the engagement is complete.
Deception for Sale
Paladin Deception Services is a Minnesota-based company that promotes it services to lie and deceive others for their customer’s gain. Timothy Green is the founder and a former private detective who believes that people benefit greatly from having an ally; not only to lie for them, but to corroborate falsehoods that may help others achieve some desired goal. False job references, vacations disguised as sick days, and lies about skills and aptitude are some of Green’s previous work. Although the legitimacy of such a company will always be called into question by some, Green does appear to offer these services to those willing to pay the fees.
In another example of a blatant lie, two Connecticut men claiming to have a gun, kidnapped another man demanding that he accompany them to a bank and open his safety deposit box to repay a debt. The assailant that had claimed to have a gun was caught as the robbery was underway. He did not have a weapon.
In an amusing (and less malicious illustration), young women in China are apparently advised to wear stockings that are designed to appear as if the wearer has incredibly hairy, unshaven legs. ‘Anti-pervert’ hairy stockings are apparently popular in China according to the NY Daily News. As you can imagine, this is definitely a nicer way of rejecting unwanted advances than a swift kick to the face.
Deception as a Social Engineer
Assuming one of our priorities as social engineers is to be able to continue a relationship with our target despite the use of deception, here are some things to understand about human nature: People can and do deceive themselves. A recent study concluded that people’s expectations about cause and effect are so strong it can overcome what their eyes tell them. In another fascinating study, researchers were able to get half of their participants to falsely recall a hot air balloon ride from childhood by exposing them to faked pictures (Wade, K.A., Garry, M., Read, J.D., Lindsay, D.S. (2002) A picture is worth a thousand lies: Using false photographs to create false childhood memories. Psychonomic Bulletin & Review, 9 (3), 597-603). Research has proven time and again that people often change their perception of reality based on a number of factors, often as a response to external influence.
Once people step over the behavioral barrier and commit an action however small (for example, help you pick up dropped documents or provide a small piece of information), they will be more likely to continue down that path. This was demonstrated in an interesting study in which it was discovered that people are significantly more likely to allow strangers intrusive access to their homes after they had already answered some simple questions on the phone (Freedman, J.L., Fraser, S.C., (1966) Compliance without pressure: The foot-in-the-door technique. The Journal of Personality and Social Psychology, 4 (2), 195-202).
Interesting research, but how does this translate to something you can use? Consider that knowledge about these two small aspects of human behavior can dramatically affect your choices for how you employ deceptive techniques. Understand that it rarely takes more than a nudge with a good pretext to obtain your goal; the blatant telling of falsehoods can be unnecessary. This, in turn, will affect how the target feels both during and after an engagement, and their willingness to continue a relationship with you. If you become a master of human behavior, you will become a master of deception and through time and effort the ultimate social engineer…like our friend spinning his web in the Peruvian jungle.
Written by: Michele Fincher
Sources:
http://blog.perunature.com/new-species-of-decoy-spider-likely-discovered-at-tambopata-research-center.html
https://www.social-engineer.com/
https://www.social-engineer.org/framework/general-discussion/code-of-ethics/
https://www.paladindeception.com/
https://www.nydailynews.com/life-style/fashion/hairy-stocking-rage-girls-china-article-1.1375987/
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.334.9844&rep=rep1&type=pdf
https://psycnet.apa.org/doiLanding?doi=10.1037%2Fh0023552