Social Engineering - Christopher Hadnagy [81]
Especially be sure to pay attention to the words a target uses. During the interview or interrogation process, pay particular attention to the subject’s voice and how she answers questions. When you ask a question, how long does it take for her to answer? Blurting out answers quickly is believed to be a sign of practicing the answer. If she takes too long, maybe she was thinking up the answer. Response time depends on each person, though, because you have to determine what is “natural” for each person.
Determining what is natural in a target (that is, the baseline) is not a small matter in a social engineering gig and must be done very fast. Being very observant is the key to success with this skill. One method of creating a baseline involves asking questions that cause the suspect to access different parts of his brain. The interrogator asks nonthreatening questions that require simple memory and questions that require creative thinking. Then look for outward manifestation of his brain activating the memory center, such as microexpressions or body language cues.
Another area to listen for is changes in verb tense and pronoun use. These shifts from past tense to future tense show areas you might want to investigate further. Switching tense can indicate deception. When a target switches tense they may be fabricating an answer or thinking of a past statement to fabricate an answer. Further questioning can reveal the truth here also. Other areas of change you should listen to are the pitch of the voice (is it going up with stress?) and the speed of speaking.
You don’t have to learn how to do all this at the same time. The more practice you get actively listening and observing people the easier it becomes for you to do it without thinking.
Professional interrogation is comprised of a number of parts. The following sections discuss each one, in the context of how it pertains to a social engineer.
Positive Confrontation
In law enforcement positive confrontation doesn’t mean anything positive and good; on the contrary, it means the officer is telling the suspect he is the one who committed the crime; in other words, the officer is making a strong accusation. In a social engineering audit, though, you already have identified the “target” you want and now you are going to tell (maybe using the NLP tactics previously mentioned) that target that he will do what you are asking of him.
You confront the target with the objective of starting him on the path to doing what you want. For example, a social engineer may approach the receptionist and ask, “Is Mr. CEO in? I have a meeting with him.” Or, to use a positive-confrontation angle, “I am here for my meeting with Mr. CEO at 11 am.” Notice the second example positively states the meeting as being set, expected, and in such a way that you are sure it is happening.
Theme Development
Theme development in police interrogations is when the interrogator develops a story to postulate why the suspect may have committed a crime. Many times that story is relayed to the suspect during the interrogation. “So he insulted you and you got so mad, you grabbed the pipe and began hitting his windshield with it.” While the officer is telling the story, he or his partner is watching the body language and microexpressions of the suspect to see if there are any clues that would constitute agreement.
Although social engineers can use this method, I also like to state that from a social engineering viewpoint, theme development needs to be seeing your pretext from the eyes of the target. What would a “tech support rep,” “manager,” or “fellow employee” look like, say, and do? How would he act?
Theme development for social engineers is when your supporting evidence that is displayed feeds directly into the theme of who you are portraying. Your approach to a target,