16 may 2014 goals – primary: • explore the non-anonymous social engineering psychology,...
TRANSCRIPT
16 May 2014
Becoming the MindNinja
Real-‐world social engineering for the geek/introvert (or anyone)
3
Agenda
– Upfront stuff – The simple social engineering equation – Tour of some psychology to explain motivation – Understanding the attack vectors – Survey of SE Technologies – Outline 5 functional strategies – Jedi Mind Tricks – Questions
4
Goals
– Primary: • Explore the non-anonymous social engineering psychology,
technologies, and strategies. • Demonstrate 5 easy techniques that can be used “today” to
improve non-anonymous social engineering (not to mention amplify anonymous SE).
• Show it does not take charisma to be a good non-anonymous social engineer – this is technology too!
– Secondary: • Understand some basic but functional psychology behind why
social engineering is hard to stop/defend. • Demonstrate through the offensive scope how social engineering
can be minimized. • Classify better the social engineering “technology” domain.
5
Why Me?
– Lifelong observer of really difficult people and behavior.
– Nearly 20 years intelligence, spec ops, leo work – Certified hypnotist and skilled in NLP, Hypnotic
Language, Body Language… – Actual Ninja (go figure)
Note: Just because I am, doesn’t mean I always am!!
6
Disclaimer/Warning/Moral Clause
– This IS powerful stuff. Yes you can manipulate very covertly! – “With great power comes great responsibility” (not used with
permission of Marvel Comics). – Use at your own risk
• Personally • Professionally • Daily
– You have to do/try these things to learn them. Find some willing participants for your screw ups!
– Remember an old demolition man saying… Always hold the blasting cap with your pinkie finger… You will loose it one day!
– Finally don’t expect “magic” today… You are the worst audience!! J
7
Extrovert/Introvert
– Technical Definitions: • Extroverts get energy from social discourse • Introverts lose energy to social discourse
– My take: • Introverts are actually more socially in tune with even
minutia, extroverts are far less so. • As a result, introverts senses are in overdrive and it is taxing. • Actually a gift • Introverts actually may have the basis for being far better
social engineers given this, once trained.
8
Social Engineering Equation
(Motivation + Attack Vectors + Technologies)Strategy = Successful & Lethal Social Engineering
Acronym MATS
9
Background Psych – Motivations
– Lots of reasons: • Freud – Id & Ego • Jung - Archtypes • Maslow – Hierarchy of needs • Pavlov – Behavioral
– Motivation is the thread which the fabric of a good social engineering attack is woven.
– Must learn to identify and recognize motivations quickly and effectively.
10
Psychology – Freud & Jung
– Main principles of Freud: Id, Ego, Super ego • Id – immediate gratification • Ego – command and control, values • Super ego – “meta”… spiritual, beliefs, dreams
Freud is the “who am I” of psychology
– Main contribution of Jung: Archetypes • Originated the concept of groupings of personalities and
archetypes • Introvert and extrovert definitions • Ultimately lead to Myers/Briggs differentiations
Jung is the “what am I” of psychology
11
Psychology - Maslow
– Hierarchy of needs
Maslow is the “what state am I in” of psychology
12
Psychology - Pavlov
– Classical Conditioning • Big one for Social Engineering • Association of stimulus to effect(s) (anchoring) • Does not have to be a direct association (chained anchors)
– Will explore pragmatic concepts more in the technologies discussion. Pavlov just scratched the tip of the iceberg.
PTSD is the most dramatic example of Classical Conditioning.
Pavlov is the “how do I become” of psychology
13
Why?
– So why all this psycho-babble? Consider these the Nmap and Metasploit of your Social Engineering ToolKit • Freud/Jung/Maslow are your nmap (Reconnaissance/
Motivation) – Tell you what operating system you are dealing with (id/ego/super) – Tell you what ports are open (Maslow) – Tell you want services are available on those states (Jung)
• Pavlov your Metasploit (Exploitation) – All exploitation is some form of or includes some form of Classical
Conditioning.
14
Attack Vectors
– What is often overlooked are the basic attack vectors. There are really only 3. Most social engineers only see and work with 1 (human).
– 3 P’s: • People – The human(s) in the equation. • Processes – Can be laws, regulations, standards,
organizational processes. • Perspectives – Hating the boss. Disregard for societal norms.
Attraction.
15
People Attack Vectors “FLAGS”
– Fear • Meta fears: failure, being loved… • Real fears: exposed, bankrupcy…
– Lust • Sex, sex and more sex • Envy (grass is greener)
– Anger • Anger felt • Anger received
– Greed • $$ • $$
– Sympathy • Affiliation to cause • Love, empathy, etc • Moral virtues
16
Process Attack Vectors “FIRE”
– Flow • Steps • Chain of command/custody
– Identity • Ownership of process • Leadership of execution • Role of person involved
– Rules & law • Locale & jurisdictional regulations • Internal complimentary processes
– Environment • Time of day • Organization character • Situation
17
Perspective Attack Vectors “FRAC”
– Feelings • Emotional context • Persuasion
– Rationalization • PC (political correctness for you geeks) • Logic
– Authority • Real or perceived limits of authority • Real or perceived sense of responsibility
– Character • Moral background • Negativity/positivity of environment • Sense of “community”
18
Social Engineering Technologies
– Most of these technologies are multi-functional (recon & exploitation)
– Best Set: • Observation & Intuition • Body Language • Language • Hypnosis • Neuro-linguistic programming • Con-estry • Cold Reading
19
SE Tech: Observation & Intuition
– Observation • Observe, observe, observe • Learn to observe nuances, but not react to them… This enables intuition
to evolve • What to observe:
– Macro body positions – Micro body positions – Language – Eye movement – Breathing
– Intuition • Too many people repress true intuition • Listen to all intuition, avoid reacting to it • Intuition IS the “quiet thunder” of social engineering
Observation and intuition are the core of all other SE technologies
20
SE Tech: Body Language
– Most people learn body language as an interpreting (or defensive) technique… Totally Wrong
– Body language is a offensive and defensive technique – Defensive:
• Learn what body language MIGHT be saying… • Don’t depend on body language interpretations • Culture/Region/Situation/Locale play a huge role • Body language major clues…
– Offensive: • Way more powerful • Doesn’t have to “speak”, can:
– Position – Anchor – Generate rapport…
Remember you can’t determine the intent of their body language (defensive), but you fully control the intent of yours (offensive).
21
SE Tech: Language
– Language is an art unto itself – Modalities of language:
• Competence • VKA(D) dominance/predominance • Tone/Intention • Content
– Each of these produces clues to what is going on in the person’s psychology (archetype, id/ego/super)
– Hypnotic language Language is the underpinning to most of the technologies, learn
to become more aware of language used and that you use.
22
SE Tech: Hypnosis & NLP
– Hypnosis: • Basics – Focus, Rhythm, Relaxation, Visualization/Metaphor • Traditional falling asleep hypnosis is very rare, people can
be hypnotized and not even change their “state” • Can use any of these basics to achieve partial states that
are still effective.
– Neuro-linguistic Programming: • A set of technologies based on… Rapport, Hypnosis,
Classical Conditioning, State Language • Waking hypnosis on steroids • The stuff legends are made of…
23
SE Tech: Con & Cold Reading
– Meta Tech – The art of the con
• A language and set of scenarios used for meta-scripting social engineering in solo or teams. – Basic “project plan” for all Social Engineering: 1) putting the mark up 2)
playing the con 3) roping the mark 4) telling the tale 5) creating the confidence 6) giving the breakdown 7) putting the send 8) taking off the touch 9) Blowing him off (or not) 10) putting in the fix
– Cold Reading • A organized way to interact with someone to create an ability to
“read” that person. • “Reading” elicits information, engenders rapport, creates
assimilation, and covertly programs the context of the dialog towards goals.
24
Strategy “PAD-IT”
– 5 basic strategies (to achieve end-goals) • People (asset identification, recruitment and management)
– Con’estry (knowing the plan and recruiting) – Cold Reading (how to talk to reveal) – NLP (rapport & anchoring)
• Actions (get anything you want) – NLP (rapport and anchoring) – Cold Reading – Con’estry
• Defense (MindNinja Fu) – Language/Body Language – NLP (disassociation and anchoring)
• Information (overt and covert interrogation) – Cold Reading – NLP (eye reading & anchoring) – Hypnotic Language
• Truth (human lie detection) or discerning validity – NLP (rapport and eye reading)
25
5 Jedi Mind Tricks
– Basics: Un-biasing, Tense, Silence, DuChenne Smile – Rapport: Breath, Body (subtle), Language – Eye Reading: VKAd – Disassociation: Kinesthetic, Emotional, Language – Anchoring: Covert/Overt
26
JMT - Basics
– Social engineers must learn the gestalt technique of “un-biasing”. Best way is to visualize and take in all scenarios from an unbiased observer context.
– Using language context and tense to match the situation • VKAd context • Use abstract “you would want” vs “will you” or “you will”. (e.g., “You
would want to have that bigger room if you had travelled 15 hours straight, wouldn’t you?” vs. “Will you give me that bigger room?”)
– Ask for what you want – Silence is the Ginzu knife of conversation.
• Use it versus negatives. • Use it to cause the other party to be uncertain • Use it… A lot
– Learn to detect and deliver the DuChenne Smile.
27
DuChenne Smile
Photo compliments of: sciencebuddies.org (h@p://www.sciencebuddies.org/science-‐fair-‐projects/project_ideas/HumBeh_p043.shtml#background)
28
JMT - Rapport
– Breath • Fast (Visual/digital), Medium (Auditory), Slow (Kinesthetic) • Match closely but do NOT parrot. If you are a fast talker talking slowly
will both seem “fake”, as well as mess up your “spitting your game”. • If you are on opposite ends (Fast/Slow) – move to medium and enhance
your opposite (V/K) language. • DO NOT overdo the trying to breath at the same pace – but get some
synch – Body position matching
• Roughly mirror… I stress roughly… • Direct your body with theirs identically (mirror wise) • Don’t try to parrot, move subtly and smoothly
– Language • Fill in the gaps with language and language transitions of their Modality
– Pace vs. Transition vs. Integrate
29
JMT – Eye Reading
– This and anchoring are the secret sauce!! Learn well – A lie detector, mind reader, and behavior measure all
rolled up into one. – Basics: • Eyes give you the way and modes the mind thinks and is
thinking in. • Position and transition are important • Remember for a RH person (looking them)
Check out this link: http://www.nlp-practitioners.com/interactive/nlp-eye-access-cues-game.php
30
Eye Accessing Cues
Photo compliments of: nlp-‐pracIIoners.com (h@p://www.nlp-‐pracIIoners.com/interacIve/nlp-‐eye-‐access-‐cues-‐game.php)
31
JMT – Disassociation
– I had a pizza with my shoe last November when I was born.
– Remember when you can’t beat em, grab the brush and put silly putty on it.
– Never stomp on a bird in a branch of a tree when you can’t eat drama well with broccoli.
– 3 Types: • Kinesthetic – touch their buttocks as you swipe their badge
from their jacket • Emotional – sob like a loved one died when you are about
to get what you want. • Language – see above
32
JMT – Anchoring
– Magic… Pure conditioning. – Just like you train a dog. – Match anchors to dominant modalities – Start simple, migrate to complex – Can chain A-> B-> C-> D, so if you want a person to
cough every time you tap your fork you may not start with tap fork -> cough
– Can be done entirely covertly, person doesn’t (and most often shouldn’t know).
– Collapsing anchors – to produce 2nd order (chains) or reduce existing (dissolution)
– Takes A LOT of practice and work. Start simple.
33
Questions?
There are lots of them I know. This is JUST to get you started.
Lots to learn. Pick one and learn through application
If you want to know more: [email protected]
Thank you!