Social Engineering - Christopher Hadnagy [148]
One device that is available uses a “pay-as-you-go” cellular card to send audio content via a cellular signal to any number programmed. Or the social engineer can call in and hear what is going on at any time. This device can save the social engineer dozens of hours in obtaining passwords or personal information that she can use in a social engineering attack.
One can spend literally dozens of hours (and I could write dozens of pages) talking about all the neat and cool cameras out there. Figures 7-11 and 7-12 show a few pictures from a popular law enforcement provider of “spy equipment” (www.spyassociates.com). All of these pictures are hidden cameras or audio recording devices, believe it or not. You can use each of these devices to covertly record a target for later inspection.
Figure 7-11: All of these devices capture audio and color video from a hidden camera except for the pen, which is an audio recorder.
Figure 7-12: These devices also capture audio and video from hidden cameras.
Using the Tools of a Social Engineer
The preceding section outlines some of the different types of recording devices out there, but the question is still how to use them. Amazing as it seems, using cameras or recording devices follows the same principles as any other tool of the social engineer, such as pretexting or elicitation.
Practice is essential. If you don’t determine the proper placement for a body-worn camera or audio recording device, you might end up capturing video of the ceiling or audio of a muffled voice. Setting up the appropriate outfit and gear you might carry and finding the right location for the camera or audio device is a good idea. Try sitting, standing, or walking and see how these movements affect the sound and video quality.
From a professional social engineer standpoint I must stress again the seriousness of getting the contract to outline your ability to record. Doing it without a contract can be a legal nightmare. Checking the local laws to make sure you cannot get in trouble for use of these devices is also a good idea.
Never would a social engineer use these devices to record people in embarrassing situations or to capture people in personal circumstances.
Discussion on this topic can go on and on, but hopefully this brief overview of the tools that are available and how to use them can open up the options out there to social engineers.
In the next section I will give a few examples of the usage of certain tools that can be very useful to a social engineer.
Using a GPS Tracker
Social engineers often want to track targets before or after they leave the office. What stops the target makes on the way to the office can tell a lot about him. Compiling and analyzing this information can help to develop a proper pretext or good questions to use to elicit the right response from the target. Knowing the start and end times for his day can also be valuable for physical red team attacks, where the goal of the team is to actually break in and recover valuable assets to show the company their physical weaknesses.
You can track people in many different ways, but one way is to use a device designed to help track a target. One such device is a GPS Tracker; for example, the notable SpyHawk SuperTrak GPS Worldwide Super TrackStick USB Data Logger available from www.spyassociates.com. One type of many, these devices can