Social Engineering - Christopher Hadnagy [27]
A clear profile can help the social engineer not only in developing a good pretext, but can also outline what questions to use, what are good or bad days to call or come onsite as well as many other clues that can make the job so much easier.
All of the methods discussed so far are mostly physical, very personal methods of information gathering. I didn’t touch on the very technical side of information gathering like services such as SMTP, DNS, Netbios, and the almighty SNMP. I do cover some of the more technical aspects that Maltego can help with in Chapter 7 in more detail. These methods are worth looking into but are very much technical in nature as opposed to more “human” in nature.
Whatever the method you utilize to gather information logically, the question that may come up is now that you know where to gather, how to gather, and even how to catalog, store, and display this info, what do you do with it?
As a social engineer, after you have information you must start planning your attacks. To do that you need to start modeling an outline that will use this information. One of the best ways to start utilizing this data is to develop what is called a communication model.
Communication Modeling
The more elaborate our means of communication, the less we communicate.
—Joseph Priestley
Communication is a process of transferring information from one entity to another. Communication entails interactions between at least two agents, and can be perceived as a two-way process in which there is an exchange of information and a progression of thoughts, feelings, or ideas toward a mutually accepted goal or direction.
This concept is very similar to the definition of social engineering, except the assumption is that those involved in the communication already have a common goal, whereas the goal of the social engineer is to use communication to create a common goal. Communication is a process whereby information is enclosed in a package and is channeled and imparted by a sender to a receiver via some medium. The receiver then decodes the message and gives the sender feedback. All forms of communication require a sender, a message, and a receiver. Understanding how communication works is essential to developing a proper communication model as a social engineer. Modeling your communication as a social engineer will help us to decide the best method of delivery, the best method for feedback, and the best message to include.
Communication can take many different forms. There are auditory means, such as speech, song, and tone of voice, and there are nonverbal means, such as body language, sign language, paralanguage, touch, and eye contact.
Regardless of the type of communication used, the message and how it is delivered will have a definite effect on the receiver.
Understanding the basic ground rules is essential to building a model for a target. Some rules cannot be broken, such as communication always has a sender and a receiver. Also everyone has different personal realities that are built and affected by their past experiences and their perceptions.
Everyone perceives, experiences, and interprets things differently based on these personal realities. Any given event will always be perceived differently by different people because of this fact. If you have siblings, a neat exercise to prove this is to ask them their interpretation or memory of an event, especially if it is an emotional event. You will see that their interpretation of this event is very different from what you remember.
Each person has both a physical and a mental personal space. You allow or disallow people to enter that space