Beruflich Dokumente
Kultur Dokumente
The act of influencing someones behaviour through manipulating their emotions, or gaining and
betraying their trust to gain access to their system
Achieved in person, - over the phone, - via email, - through social media
The attack achieved through the person the wetware
Goal
To create a relationship and gain the targets trust. Get them to take an action or provide some
information that is a violation of their organizations policies or personal basic security practices
Types of SE Approaches
Observe Conversation Interview Interrogation Torture
Types of SE Methodologies
Physical techniques
Electronic techniques
Physical techniques
Dumpster diving (digging through targets trash)
Shoulder surfing (looking at a targets screen or keyboard while she/he works)
Electronic techniques
Open Web search
Pay for Service sites like Intelius or U.S. Search
Credit Information Requests
Social networking site searches
Professional networking site searches
Geolocation sites (e.g. Google Street View)
Additional Tactics
Camouflage fake business cards, disguises (facial or uniforms), and fake or cloned badges
Tailgating
Cameras/hacking into video system
GPS tracker
Approaches
Direct approach: simple and straightforward. Telling the person what they want and using
interview/interrogation skills to convince them to cooperate and share the information
World War II: Direct approach was effective 90%
Vietnam, Grenada, Panama, Kuwait and Iraq: Direct approach was 95% effective
Afghanistan and Iraq: Direct approach has been dramatically less successful
Indirect approach (elicitation): Combines Information gathering from normal conversations with targets
of interest without them knowing they are being interrogated. The interviewer must now information
about the other person. For example, share information so the target assumes they know all about it
and will openly discuss the details
Incentive: offering the target something they want or need
Bribing
An email offering to increase their speed or access to the Internet
Effective when ted to the right emotions
Scareware: A pop-up announces a problem on the system that can be fixed by installing a free update. In
reality this is a Trojan horse that aims to compromise the users system. Based on fear
we know all or file/dossier: The interrogator acts as he knows everything. Comes n and lays a folder
labeled witness statements or a DVD labelled surveillance footage on the desk
Rapid-fire method: interrupting the target so to get frustrated. Making the target to tell a lie. Once they
tell a lie they are committed to it. Make the target to admit they lied.
Good cop/bad cop: the good cop helps the target rationalize their actions so they can talk openly
Social engineering: present a Fakebook personality created for the attack as a cyber bully and a
second as someone defending the target
False flag: A new interrogator comes in and pretends to be from a friendly country or a nongovernment
organisation like the Red Cross