society.md 5.6 KB


title: Social Engineering and Its Place in Society section: "Introduction" course: human_hacking

layout: lesson

As already discussed social engineering can be used in many areas of life, but not all of these uses are malicious or bad. Many times social engineering can be used to motivate a person to take an action that is good for them. How?

Think about this: John needs to lose weight. He knows he is unhealthy and needs to do something about it. All of John's friends are overweight, too. They even make jokes about the joys of being overweight and say things like, "I love not worrying about my figure". On one hand, this is an aspect of social engineering. It is social proof or consensus, where what you find or deem acceptable is determined by those around you. Becase John's close associations view being overweight as acceptable, it is easier for John to accept it. However, if one of those friends lost weight and did not become judgamental but was motivated to help, the possibility exists that John's mental frame about his weight might change and he might start to feel that losing weight is possible and good.

This is, in essence, social engineering. So you can clearly see how social engineering fits into society and everyday life, the following sections present a few examples of social engineering, scams, manipulation and a review of how they worked.

The 419 Scam

The 419 scam, better known as the Nigerian Scam, has grown into an epidemic.

Basically an email (or as of late, a letter) comes to the target telling him he has been singled out for a very lucrative deal and all he needs to do is to offer a little bit of help. If the victim will help the letter sender extract a large sum of money from foreign banks he can have a percentage. After the target is confident and signs "signs on", a problem arises that causes the target to pay a fee. After the fee is paid another problem comes up, along with another fee. Each problem is "the last" with "one final fee" and this can be stretched out over many months. The victim never sees any money and loses from $10,000 - $50,000 USD in the process. What makes this scam so amazing in the past, official documents, papers, letterhead and even face-to-face meetings have been reported.

Recently, a variation of this scam has popped up where victims are literally sent a real check. The scammers promise a huge sum of money and want in return only a small portion for their efforts. If the target will wire transfer a small sum (in comparison) of $10,000, when they receive the promised check they can deposit the check and keep the difference. The problem is that the check that comes is a fraud and when the victim goes to cash it she is slapped with check fraud charges and fines, in some cases after the victim has already wired money to the scammer.

This scam is successful because if plays on the victim's greed. Who wouldn't give $10,000 to make $1,000,000 or even $100,000? Most smart people would. When these people are presented with official documents, passports, receipts and even official offices with "government personnel" then their belief is set and they will go to great lengths to complete the deal. Commitment and consistency play a part in this scam as well as obligation. I discuss these attributes in later sections, you will see why this scam is so powerful.

The power of scarcity

Scarcity is when people are told something they need or want has limited availability and to get it they must comply with a certain attitude or action. Many times the desired behaviour is not even spoken, but the way it is conveyed is by showing people who are acting "properly" getting rewards.

This article talks about the use food to win elections in South Africa. When a group of person does not support the "right" leader, foodstuffs become scarce and jobs people once had are given to others who are more supportive. When people see this in action, it doesn't take long to get them in line. This is a very malicious and hurtful form of social engineering, but nonetheless, one to learn from. It is often the case that people want what is scarce and they will do anything if they are lead to believe that certain actions will cause them to lose out on those items. What makes certain cases even worse, as in the earlier example, is that a government took something necessary to life and made it "scarce" and available only to supporters - a malicious, but very effective, manipulation tactic.

DarkMarket and Master Splynter

In 2009 a story broke about an underground group called DarkMarket - the so-called eBay for criminals, a very tight group that traded stolen credit card numbers and identity theft tools, as well as the items needed to make fake credentials and more.

An FBI agent by the name of J. Keith Mularski went under deep cover and infiltrated the DarkMarket site. After a while, Agent Mularski was made an administrator of the site. Despite many trying to discredit him he hung in for more than three years as the admin of the site.

During this time, Mularski had to live as a malicious hacker, speak, act and think as one. His pretext was one of a malicious spammer and he was knowledgeable enough to pull it off. His pretext and social engineering skills paid off because Agent Mularski infiltrated DarkMarket as the infamous Master SplSplynter and after three years was essential in shutting down a massive identity theft ring.

The three-year social engineering sting operation netted 59 arrests and prevented over $70 million in bank fraud. This is just one example of how social engineering skills can be used for good.