Social Engineering

The act of influencing someones behaviour through manipulating their emotions, or gaining and
betraying their trust to gain access to their system
Achieved in person, - over the phone, - via email, - through social media
The attack achieved through the person the wetware
Goal
To create a relationship and gain the targets trust. Get them to take an action or provide some
information that is a violation of their organizations policies or personal basic security practices

SE Tactics, Techniques and Procedures

General access attack: phishing attack, virus, malware, worms
Specific targeted access attack
Learn as much information about the person
Personal info on Facebook (relationships, activities, volunteering, religious practices, political beliefs)
Professional information on LinkedIn
Geolocation info
Financial information (tax records)
Membership info (academic alumni, hobbies)

Types of SE Approaches
Observe Conversation Interview Interrogation Torture

Types of SE Methodologies
Physical techniques
Electronic techniques

Physical techniques
Dumpster diving (digging through targets trash)
Shoulder surfing (looking at a targets screen or keyboard while she/he works)

Observation (tracking a targets activities)

Spy gear (like directional microphones/hidden cameras)
Impersonation (posing as utility worker)

Electronic techniques
Open Web search
Pay for Service sites like Intelius or U.S. Search
Credit Information Requests
Social networking site searches
Professional networking site searches
Geolocation sites (e.g. Google Street View)

Tools for Research

SE Toolkit
Registries for Internet Numbers (IP and phone no)
Social media
Maltego and Maltego Mesh (link mapping)
BeEF (webpage redirection)
TwitScoop and Tweepz (Twitter searches)
Sites like Spokeo (people search) and Telespoof.com (caller ID spoofing)

Additional Tactics
Camouflage fake business cards, disguises (facial or uniforms), and fake or cloned badges
Tailgating
Cameras/hacking into video system
GPS tracker

HOW THE MILITARY APPROACHES SOCIAL ENGINEERING

Overview
The military spying interrogation to get access to information in an immediate situation
Used peacetime operations and combat situations
Performed in a controlled environment
The basic principles are similar to SE and the foundational principles and many of the techniques apply
well to SE attacks

Approaches
Direct approach: simple and straightforward. Telling the person what they want and using
interview/interrogation skills to convince them to cooperate and share the information
World War II: Direct approach was effective 90%
Vietnam, Grenada, Panama, Kuwait and Iraq: Direct approach was 95% effective
Afghanistan and Iraq: Direct approach has been dramatically less successful
Indirect approach (elicitation): Combines Information gathering from normal conversations with targets
of interest without them knowing they are being interrogated. The interviewer must now information
about the other person. For example, share information so the target assumes they know all about it
and will openly discuss the details
Incentive: offering the target something they want or need
Bribing
An email offering to increase their speed or access to the Internet
Effective when ted to the right emotions
Scareware: A pop-up announces a problem on the system that can be fixed by installing a free update. In
reality this is a Trojan horse that aims to compromise the users system. Based on fear
we know all or file/dossier: The interrogator acts as he knows everything. Comes n and lays a folder
labeled witness statements or a DVD labelled surveillance footage on the desk
Rapid-fire method: interrupting the target so to get frustrated. Making the target to tell a lie. Once they
tell a lie they are committed to it. Make the target to admit they lied.
Good cop/bad cop: the good cop helps the target rationalize their actions so they can talk openly
Social engineering: present a Fakebook personality created for the attack as a cyber bully and a
second as someone defending the target

False flag: A new interrogator comes in and pretends to be from a friendly country or a nongovernment
organisation like the Red Cross

HOW THE MILITARY DEFENDS AGAINST SOCIAL ENGINEERING

Counter Intelligence
Information gathered and activities conducted to protect against espionage, other intelligence activities,
sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof,
foreign organisations, or foreign persons, or international terrorist activities
How the Army does CI
Army regulation (AR 381-12 Threat Awareness and Reporting Program (4 October 2010))
Encourages every member of the staff to become a security officer and help police both themselves and
their coworkers
Key principles
Situational awareness
Behavior monitoring
Covers counter the whole spectrum of crime, internal threats, external threats, social engineers