Don't use the above mentioned sort of ploy around lunch time or early in the morning. It'll be harder to work effectively. Let the ressures of the work day start to pile up before you call.
If the system you're breaking into is a place you have access to, such as a library, dentist's office, bank or school, you should do a little re-search and figure out when the best time is to make your call.
At one of the libraries I belong to, the com-puter system has a "3 o'clock slow down." At around 3 o'clock every afternoon, the computers suddenly slow down to half their usual speed. This leads to various other computer problems and, ultimately, very frustrated library workers. I don't know why the computers slow
down; maybe the system gets the most use at 3 o'clock, or maybe at that time information is forced to travel through an alternate route to get from the library's terminals to the mainframe located at a college on the other side of town. If I were to try some social engineering on the library, I would do it during the 3 o'clock slow
down, when most problems occur.
I've noticed another thing: The library pa-trons who don't realize that there's nothing wrong with computers (who don't know that they always slow down around that time) call up the "computer roomit at the college and ask why their computers are down. Don't you think it would be a pleasant surprise, if one day they got a call from the "computer room" (i.e., me or you), asking if there's anything we could do to help? Surely they'd be more than willing to tell you the logon procedures they use, if only you'd speed up the system for them!
Computers tend to be at their slowest to-ward the middle to end of the day, when the most people are on the network. Especially in university settings, this is true. Frequently stu-dents and faculty will log on in the morning, then stay connected throughout the day, regard-less of whether they're using the system. On the other hand, some systems will actually getfaster as the day proceeds, so research is always a must. For example, the Prodigy service is proud of the fact that toward the end of the day and into the night, as usage increases, system speed also increases. This is because data is stored on a dual-tier basis. There are the
mainframes situ-ated in Prodigy headquarters somewhere on the globe, and various minicomputers scattered about the country. Users connect to the semi-local minicomputers, called Local Site Con-trollers, and as they use the system, data is cop-ied from the far away mainframes, to the local minis. By the end of the day, most of the data a user would request to view will have already been transferred to the closer computer, making for less waiting time.
It's good to be aware of pace trends in the places you intend to social engineer. If you can find a noticeable difference in pace (like a 3 o'clock slow down) naturally you will want to work your magic around that time. Good times don't have to just be when the computer changes pace; if the workload, noise-level, number of
customers, or some other aggravating condition worsens during a particular time, that is gener-ally a nice time to social engineer. To find these times, try to visit your target's office at various times throughout the day. Find out when the office is busiest. If it's something like a library or travel agency, go visit the building or make some phone calls. Ask a question about some-thing, and if they seem to be having trouble when they look it up in the computer, call back as the guy from the computer department. Re-member, offices will be at their most hectic after being closed one or two days, so Monday morning is always a good shot. Just make sure
they're not so busy that they don't have time to schmooze on the phone with you. Social engineering will work with any com-puter system, of course, but you will naturally find it a lot more difficult to fool a system ad-ministrator at the community college, than a teenage bank teller. Social engineering has been successfully used to gain access to corporate networks, schools, government offices, and other systems. Social engineering is a powerful tool, but you have to be a good actor to use it prop-erly.
