Social Engineering - Breaking the Brain

Everybody knows that our brain is one of the most essential  organs in our bodies, capable of a wide range of mental dexterity, but what most people do not know is that baked into the brains processes are clear cut vulnerabilities. Now these vulnerabilities didn't just come out of nowhere, in this installment, we're going to take a look at the core psychological principles which underpin social engineering.

Micro-Expressions

Imagine you're on a mission and need to get past security on the 3rd floor to reach your target. You put on your confident outlook and begin to walk straight up to the guard, intending to sweet talk your way past. You envision in your head a stellar poker face, with no signs whatsoever of 'I know I'm not supposed to be here'.

All this was for nothing though, just like your mother used to say "the look on your face says it all" and the guard has been trained to spot it those looks.

Everyone knows what facial expressions are, they're the vital component in non-verbal communication. However, to a trained eye, there's a lot more going on with facial expression than you might expect. Micro-expressions are involuntary movements made by the muscles controlling your facial expressions when when under fear or stress. As the name tends to suggest, these expressions are tiny, and thanks to their rapid nature, only last for a fraction of a second (somewhere between 1/15 and 1/25 to be exact) .These micro-expressions play a normal role in normal expressions and are a factor towards the difficulty in replicating the associated non-verbal communication that tends to particular emotions.

Sadness is a particularly hard one to replicate.

Micro-expressions are a double-edged sword when it comes to Social Engineering: as it can make reading the emotions of targets a lot easier, but by the same token it also makes replication the very same emotions a lot more difficult.

Rapport

So, the first engagement didn't go so well, did it? Well, armed with your new knowledge, you embark on the second, this time having mastered micro-expressions. You need to figure out where the main server room is located, so you strike up a conversation with one of the employees. Your plan is soon foiled though as your attempt to gain a bond with this employee, backfires and you have made them dislike you (maybe complaining about start-up tech companies was a bad idea whilst talking to the employee of a start-up tech company?).

When trying to obtain information out of a target, a mutual relationship has to be present. They're not just going to hand out their company secrets to anyone (or if they did, they should probably be replaced very quickly). This is where rapport comes in. Rapport is a way of quickly building a relationship with someone, mimicking one of a genuine friend in only a fraction of the time by playing into the targets personality. Let me explain. To quickly build up a relationship with someone, you have to be the person that they like - it's no good trying to build a relationship with a vegan if you're a hunter. By playing to the targets personality, the timescale for building said relationship is decreased.

An amazing way to tailor your outward looking appearance to the target is to tend to their VAK learning style. VAK, which stands for Visual, Auditory and Kinesthetic, is the way in which the brain best takes in information: Visual thinkers learn best by seeing things; Auditory by hearing them; and Kinesthetic by doing them, or interacting with them. By determining this learning style and then altering your communicative methods to suite it, you can further create a bond with the person.

However, just asking the target what style of thinking they possess can be quite off-putting, and I have an even better method.When first engaging with the target, hold an object that possesses trait from all 3 learning styles - my choice is a silver retractable ballpoint pen - and then use this object to target the learning styles. Using my pen as the example, use it to shine a reflection of light, click it a couple of times, fiddle around with it. By gauging which action they respond the most with, it is possible to determine the learning style and adapt from there.

Real World (ish) Examples

For an example of micro-expressions, look no further than a mirror.

...

No takers? Okay then. For a serious example, the FOX series 'Lie to Me' is a great starting point. 'Lie to Me' is  a TV show based on the research of Dr. Paul Ekman, the leading researcher of emotions and expressions. Dr. Ekman proof-read the script of every episode to ensure that the contents were as accurate to the real world as possible. The actors also ensured that every expression, even down to the micro, was fully replicated. Here's the opening scene from the pilot episode, if you don't want to watch the full series:

For rapport, the best real world example where you'd be interacting that I can give is just to wait for your next spam call. Seriously, listen to what they're saying to you, how they're saying it and how easily their 'personality' changes. They might be reading off of a script, but boy does that script go out of the window on a regular basis.

Summary

• Micro-expressions - Perfect for reading someone, key to changing your personality.
• Rapport - Building a relationship. Play to the personality of the target.

And that's it. I'll be working on the next installment already by the time you read this, and hopefully there should be some fun things like transcripts in there as well. We'll be going over a lot more real life examples and analyzing what makes them tick. Till next time. ^C