Sign in to follow this  
Followers 0
Anti_defiant

social engineering

15 posts in this topic

hey all, heres an article i wrote somewhat recently that i would like some reviews on, then if it looks good and i fix it up well enough, i might try to submit it to a e-zine or something. Keep in mind this is a very rough draft, just something to give you guys the idea, so tell me what you think, and be brutal

Telemarketing and its grasp on Social Engineering

By 4N71-D3F14N7

One may think that the Work of a social engineer is to simply gain information from the weakest link of any security system- The human element. Social engineering is one of the most used techniques and is somehow often overlooked. This is the downfall of many security programs. I actually get paid to social engineer. I work as one of the most hated positions of all. I am a telemarketer. I am writing this article because throughout my training, they were giving us steps to handle reluctance and basically talk people into buying something that most of them don?t need. I began to realize that this is actually a form of social engineering. The steps of handling reluctance are three-fold.

Step one- Acknowledge reluctance

Step two- Make a statement

Step three- Ask an assumptive question

I?ll outline how these would work in a sales situation. Here is a scenario I face everyday.

(Sales Rep) Hi, this is (insert name here) calling from your new local phone company, the neighborhood built by MCI. I?m actually calling today because you?re still currently with (company name) for your local and long distance correct?

(Customer) I?m not interested!

(Sales Rep) Well I understand that you?re not interested, You?re probably happy with your current company, but I just want to ask you one or two really quick questions and if they don?t help you I promise we wont call you anymore, now that sounds fair right?

(Customer) Ok, make it quick!

If you think that wouldn?t work that often, then here is a little piece of information for you, almost all of my sales start with an ?I?m not interested!? So as one can see, these steps really do work. Now I?m going to break down the three steps in that scenario.

Step one: (Acknowledge Reluctance) Well I understand that you?re not interested,

Step two: (Make a Statement) you?re probably happy with your current company,

Step three: (Ask an assumptive question) but I just want to ask you one or two really quick questions and if they don?t help you I promise we wont call you anymore, now that sounds fair right?

I?m sure you can see where I?m going with this. These steps could be directly applied to the social engineer. Take this lame scenario for example:

(Hacker) Hi, this is (insert name) down in accounting, I?m in Denver on business for a week, and I forgot to bring my TSR reports, so could you please look up my dialup number and password, I?ve never used it before and I really need to get those reports today.

(Victim) I can?t actually give you that information over the phone.

(Hacker) Well I understand you?re not supposed to give that info over the phone, But I?m sure that you?ve been in a situation something like this and I?m sure someone helped you out right?

(Victim) Well ya, I suppose, let me get those for you.

Now this may seem a little easy and simplistic but you could implement this process into a more complex situation I?m sure, after all, you?re a hacker. Also, in my everyday job, in order to make sales I throw my personality in as much as possible, that?s what makes the sale. Out of 6-7 sales a day, I probably only save 2 people money. The reason they buy my service is because I use my personality and they like me. The same thing could apply to Social Engineering. When I make a call, once I get past the opening, I automatically start talking about them, where they live, how I used to live there, or how I have always wanted to go there . If social engineering in person, you could quickly look around their workspace for pictures, letters, anything and then bring it up to get a nice conversation and build rapport with the victim. Though possibly a little bit more difficult, you could apply the same things on the phone. My job also helps me sound clear, be confident, and be able to think on my feet more.

Overall, you can see the direct correlation between the telemarketer and the social engineer. Maybe next time you get a telemarketing call, you will listen, and even perhaps respect the social engineer on the other side of the line, after all, it could be me.

0

Share this post


Link to post
Share on other sites

telemarketers are the spawn of the devil..........just kiddin man, i don't wanna offend anybody. good article, you might wanna elaborate a bit and make some more complex examples. and if i were you, i would drope some of the "1337" from the handle on the article, it just gives a "cheap" sort of kiddie atmosphere to the article, but then again thats just my opinion and its your article, so do as you like ^_^

0

Share this post


Link to post
Share on other sites

Welcome to the board Anti-Defiant.

To those that attend the az2600 meetings. Anti-Defiant will probably be attending the next one.

0

Share this post


Link to post
Share on other sites

Other then a few grammar/capitalization mistakes, I think it sounds very good. Maybe elaborate more on your experience as a telemarketer. I, myself, am interested in statistics. You mentioned that all your sales start with "I'm not interested." Maybe elaborate more. How do you pursuade them to go with MCI?

Other then that, great article.

0

Share this post


Link to post
Share on other sites

You wrote this in word and pasted it, don't, Word uses a different character mapping, so therefore all "'"s' are ?s' and other things.... Nice article too and plese do go into more detail as fanatic asked, I too am intersted...

0

Share this post


Link to post
Share on other sites

:voteyes: Good article. Just clean it up a bit and add some more experiences from your soul sucking job and you'll have something that most any ezine would take.

0

Share this post


Link to post
Share on other sites

That's a really good article. And that's why the Master (Kevin Mitnick) was so successful - he was so likeable.

0

Share this post


Link to post
Share on other sites

I find while socialing if you're super nice and throw in some other questions while they're looking for the info you're in search of always helps.

"so, nice day we're having."

"I still have to mow the lawn after I get off work"

just subtle lines that will make them think you're a common working man.

all depending on what it is you're doing.. maybe pretending to be a lineman or something.

0

Share this post


Link to post
Share on other sites

if i add some more points and clean it up, im even thinking about submititng to 2600... its a long shot but itd be worth it if it gets published... thanks guys

0

Share this post


Link to post
Share on other sites

I hope you didnt post this article anywhere else...

2600 Magazine has a policy, they ask that your article as never been publish or seen anywhere because they do not wish on giving readers old articles

0

Share this post


Link to post
Share on other sites
I hope you didnt post this article anywhere else...

2600 Magazine has a policy, they ask that your article as never been publish or seen anywhere because they do not wish on giving readers old articles

so does BinRev. :( But requesting feedback and stuff helps create a better writing style. Maybe the next article you can submit directly to us at articles@binrev.com or to 2600, if you prefer (not both). Even if you think it may need work, I would be glad to work with you on the editing process.

0

Share this post


Link to post
Share on other sites

Stank, theres nothing wrong with that Policy = ) I wouldnt want to pay 6.75 (CND) for articles that are posted somewhere else or that i have read all ready

0

Share this post


Link to post
Share on other sites

Interestingly, I've been exchanging SE tips with my new chix0r "friend". She works for a local TV station and is in the field on a daily basis. She's very good at getting information by asking periphery questions that don't directly relate to what she wants to know and gaining the target's confidence. Then she goes in for the kill. Of course, her incredible looks help a lot too. ;)

One thing I learned from her is that people are (in certain situations) willing to divulge information to someone from the media. Granted, the kind of info that most of us would want to get isn't something that a target would tell media person, but other useful info (like names, addresses, etc.) that can be helpful in obtaining the final goal can be obtained by posing as a media representative. And it has come on useful for getting into places that I might not normally have gone. For example, when we went to an airshow last weekend, we got in for free simply by her asking the people at the gate where the media tent was. No questions asked, nobody asked for press credentials....nothing. They told what we wanted to know and we just walked in cuz they thought we were with the media.

I've found that if you look the part, act like you belong someplace, and know the lingo, people won't question you. That's something that Mitnick stresses in his book, and is something that is all too true.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0