Okay, granted the initial setup and planning and sabotage is an exciting, amusing kind of thing to do. But is it worth the effort? Why not just stick with the easier social engineering and not worry about the remote possibility that the guy on the other end will be wise to you?
Well, first of all, that's foolish. Especially considering that many of the people and places you will want to hack most will be very security-aware. You must, in many circumstances, assume that they know what you're up to when you're bullshitting them. And if they know what you're doing, you shouldn't be doing it.
Another factor, one related to both this and a remark I made earlier: when you reverse engineer a situation, you create a friend on the inside. Once you start hacking big-time you'll never know if somebody's on your tail unless you have an inside connection. If you've proven yourself to some user by solving their computing problem, you can then call back a short time after breaking in and ask questions like, "Hi, remember me? I helped you with that problem... I was wondering if you heard about anyone else having that problem, or any other weird stuff going on with the system?" If they've heard about attempted break-ins or system failures, you will be the first to know. You might want to tell them to call you if they ever hear about "hackers" or whatever. This way if you are discovered and, let's say a memo is distributed telling everyone to change their passwords
because a hacker is on the loose, your contact will innocently call and let you know about it.
The continuing loyalty and assistance you will receive from the inside is well worth the beginning trouble you may have in setting up the sabotage.
Showing posts with label Chapter 6. Show all posts
Showing posts with label Chapter 6. Show all posts
Thursday, 1 December 2011
RSE Advertising Methods
Here are five general advertising techniques that can be used to get them to call you:
Switch notes. If you see a slip of paper taped to or nearby the computer, with the phone number of the computing department, get rid of it and slip a note with your own phone number in its place (or some number at which you can wait for a call from them). Elite hackers will simply dial into their local telco computers and
change the number of a local pay phone to the listed computer help desk number.
Also look for business cards and Rolodex numbers to either hide or switch. Post a public message. On a bulletin board (thumbtack style, not electronic!) put up a huge, brightly colored, professional-looking sign that says something along these lines:
COMPUTER PROBLEMS?
CALL US FREE AT
OUR NEW NUMBER:
(123) ABC-WXYZ
Be sure to put the name of the company you're hacking, and their address and logo somewhere on the poster to make it look like it's endorsed by the company. Put these signs up all over, or drop them as flyers on people's desks, especially in view of the computers you sabotaged.
Social engineering. Call up the day before - or even a few hours before - the sabotage and tell the person who answers about the computing department's new phone number helpline (your number). Ask whoever answers to Put it in the Rolodex, or to keep it otherwise close by and handy for whenever anyone needs it.
Ask if he or she is the only one who uses that terminal; if the answer is "no," tell the person to make sure others know about the new number too.
Directory tailoring. Get a company's internal phone directory and add your number to the list, either by crossing out the existing technical support line and writing in your own, or by inserting a visible printed addendum to the book. On-line advertising. When doing the initial sabotage, see if you can post a note on
the bulletin board (electronic this time!) concerning your computer helpline. Alternately, have part of the sabotage program give out the phone number. For example, rename WREXE, then create a simulated word processor which crashes to the operating system after the first few keystrokes, leaving behind garbled
characters and colors, and this message:
<Beep!>
XERROR 3 --- Consult fdox 900.2a or call Jim at technical support @ (123) ABCWXYZ
In your advertisements, make sure the user realizes it is an outside line they are calling (so they know to dial 9 or 2 or whatever to exit the company PBX). That is, do that unless you have managed to appropriate an inside office or phone (by sneaking into an office while someone's away on vacation, for example).
Switch notes. If you see a slip of paper taped to or nearby the computer, with the phone number of the computing department, get rid of it and slip a note with your own phone number in its place (or some number at which you can wait for a call from them). Elite hackers will simply dial into their local telco computers and
change the number of a local pay phone to the listed computer help desk number.
Also look for business cards and Rolodex numbers to either hide or switch. Post a public message. On a bulletin board (thumbtack style, not electronic!) put up a huge, brightly colored, professional-looking sign that says something along these lines:
Technical Helpline
COMPUTER PROBLEMS?
CALL US FREE AT
OUR NEW NUMBER:
(123) ABC-WXYZ
Technical Helpline
Be sure to put the name of the company you're hacking, and their address and logo somewhere on the poster to make it look like it's endorsed by the company. Put these signs up all over, or drop them as flyers on people's desks, especially in view of the computers you sabotaged.
Social engineering. Call up the day before - or even a few hours before - the sabotage and tell the person who answers about the computing department's new phone number helpline (your number). Ask whoever answers to Put it in the Rolodex, or to keep it otherwise close by and handy for whenever anyone needs it.
Ask if he or she is the only one who uses that terminal; if the answer is "no," tell the person to make sure others know about the new number too.
Directory tailoring. Get a company's internal phone directory and add your number to the list, either by crossing out the existing technical support line and writing in your own, or by inserting a visible printed addendum to the book. On-line advertising. When doing the initial sabotage, see if you can post a note on
the bulletin board (electronic this time!) concerning your computer helpline. Alternately, have part of the sabotage program give out the phone number. For example, rename WREXE, then create a simulated word processor which crashes to the operating system after the first few keystrokes, leaving behind garbled
characters and colors, and this message:
<Beep!>
XERROR 3 --- Consult fdox 900.2a or call Jim at technical support @ (123) ABCWXYZ
In your advertisements, make sure the user realizes it is an outside line they are calling (so they know to dial 9 or 2 or whatever to exit the company PBX). That is, do that unless you have managed to appropriate an inside office or phone (by sneaking into an office while someone's away on vacation, for example).
Solving The Sabotage
When they call you, after going through the login procedure and finding the error still there, you must tell the user what he or she can do to correct the problem. This can be done by giving explicit instructions such as: "Type 'rename WP.$A$ to WP.EXE...... But if it is a knowledgeable user who calls you, he or she will notice
something fishy going on.
So how to get around this obstacle? You have to give instructions which will soothe the wary user. If the sabotage is software-related, put a software solution on disk. For example, "Go into the word processor directory and type 'SETUP' and press Return. Now try running the program again." In this case, SETUP was a file that you put on the disk, which contained the renaming instruction, and also a command to delete itself at the end of its run.
Hardware problems may be difficult to fix or explain over the phone, but then, most RSE won't involve hardware anyway; if you had enough on-site time to physically mess up their computer, you should have had enough time to glean the information that you are trying to get.
something fishy going on.
So how to get around this obstacle? You have to give instructions which will soothe the wary user. If the sabotage is software-related, put a software solution on disk. For example, "Go into the word processor directory and type 'SETUP' and press Return. Now try running the program again." In this case, SETUP was a file that you put on the disk, which contained the renaming instruction, and also a command to delete itself at the end of its run.
Hardware problems may be difficult to fix or explain over the phone, but then, most RSE won't involve hardware anyway; if you had enough on-site time to physically mess up their computer, you should have had enough time to glean the information that you are trying to get.
RSE Case Study: The Translation Table
A hacker and phone phreak nicknamed Phlash -because of the speed with which he'd managed a number of great hacks - was once almost resigned to the fact that he couldn't get any information about the computers at a particular embassy. "They were really tight-lipped," he told me. "I tried bull-shitting them, but they wouldn't have any of it. And line connections were hard to establish. And once on, they only gave you two chances before disconnecting you. So I needed some other way of getting in."
From scavenging around in the trash bins he found evidence that at least one computer there used a particular cheapo-brand modem. Since it was his only clue, Phlash got some literature from the modem manufacturer, and found that all their modems came with a home-brew terminal emulator, which featured, among other
technical details, the ability to define character translation tables for both incoming and outgoing data.
Sometimes people want to be able to press a certain key on their keyboard, but have it come out as a different key on the computer they're connected to. For example, a lot of times editing keys such as Backspace don't work the way they should when you connect to a different computer, because when you press Backspace, the remote computer ignores it. To really send a Backspace to the remote computer, you might have to type Control-Backspace. If your terminal program allows it, you can set up a translation table to press Control-Backspace for you. A translation table is a file that contains each key you can type, and the character that is to be sent through the phone lines when you type that key. If you had this Backspace problem, you would set up your table so that any time you pressed Backspace, the computer would translate that to Control- Backspace, and send that to the computer on the other end of the line.
Translation tables also work the other way. They take incoming data from the remote computer, and translate the characters into other characters. If you want to get rid of annoying linefeeds in a file, for instance, you can set up the table so anytime it sees a Control-J, it translates it to a null, or to a tap of the spacebar.
Phlash realized that a translation table could be used to his advantage. He took a copy of the terminal program and composed both an incoming and outgoing translation table, both of which were made to jumble characters. If someone were to connect with a computer using these translation tables, nothing they typed on
the keyboard would match its on-screen output. Any data they received would be totally garbled gibberish.
He typed up a short INSTALL program and saved it to a floppy disk. His INSTALL program looked in the directory for the already-installed terminal program, moved any existing translation tables to the floppy disk, and copied his newfangled tables over.
Phlash then printed up a convincing letter from the desk of "Technology Office, Second Branch, Director" which said, To comply with new regulations governing cryptography, and the exchange of corn-munications between ourselves and others in any foreign nation, we ask that you install this new, more secure version of communications software which includes functions to ensure the confidentiality of all state matters.
He gave explicit instructions for the installation, then concluded with, "Any questions or comments should be directed toward Sr. Benjamin Marcques, at telephone number 9-212-WXY-WXYZ." And he mailed it to a top person at the embassy.
Weeks later he got his phone call. "Actually, they had tried calling before but I had been away," Phlash told me later. "That poor woman went almost a week without being able to use her modem because I did that sneaky thing to her! When she called me, I went through the whole engineering bit, asking her to try logging on like she usually did. Of course it didn't work. I asked her if there was anyplace else she usually called, and there was. So we tried that. Didn't work either. Finally I decided it was in her best interest to try going through the reinstallation again. Naturally that reversed the four translation tables, so everything was peachy
again. Of course now I also had all I needed to get into two important government accounts!"
Phlash said that he was getting so caught up in his pretend role that he almost forgot to get the passwords and phone numbers. During the course of "helping" the embassy worker, he suggested that perhaps it was a problem with the phone line: "Which phone number are you dialing in from?"
You would also want to ask if there were any alternate numbers to try. Unlike typical reverse engineering, this particular case involved no physical entry of the computer site. Normally, access is needed to set up a hardware or software problem of some sort, and to set up advertising for your unique brand of assistance.
How to gain access is touched on elsewhere in this book.
From scavenging around in the trash bins he found evidence that at least one computer there used a particular cheapo-brand modem. Since it was his only clue, Phlash got some literature from the modem manufacturer, and found that all their modems came with a home-brew terminal emulator, which featured, among other
technical details, the ability to define character translation tables for both incoming and outgoing data.
Sometimes people want to be able to press a certain key on their keyboard, but have it come out as a different key on the computer they're connected to. For example, a lot of times editing keys such as Backspace don't work the way they should when you connect to a different computer, because when you press Backspace, the remote computer ignores it. To really send a Backspace to the remote computer, you might have to type Control-Backspace. If your terminal program allows it, you can set up a translation table to press Control-Backspace for you. A translation table is a file that contains each key you can type, and the character that is to be sent through the phone lines when you type that key. If you had this Backspace problem, you would set up your table so that any time you pressed Backspace, the computer would translate that to Control- Backspace, and send that to the computer on the other end of the line.
Translation tables also work the other way. They take incoming data from the remote computer, and translate the characters into other characters. If you want to get rid of annoying linefeeds in a file, for instance, you can set up the table so anytime it sees a Control-J, it translates it to a null, or to a tap of the spacebar.
Phlash realized that a translation table could be used to his advantage. He took a copy of the terminal program and composed both an incoming and outgoing translation table, both of which were made to jumble characters. If someone were to connect with a computer using these translation tables, nothing they typed on
the keyboard would match its on-screen output. Any data they received would be totally garbled gibberish.
He typed up a short INSTALL program and saved it to a floppy disk. His INSTALL program looked in the directory for the already-installed terminal program, moved any existing translation tables to the floppy disk, and copied his newfangled tables over.
Phlash then printed up a convincing letter from the desk of "Technology Office, Second Branch, Director" which said, To comply with new regulations governing cryptography, and the exchange of corn-munications between ourselves and others in any foreign nation, we ask that you install this new, more secure version of communications software which includes functions to ensure the confidentiality of all state matters.
He gave explicit instructions for the installation, then concluded with, "Any questions or comments should be directed toward Sr. Benjamin Marcques, at telephone number 9-212-WXY-WXYZ." And he mailed it to a top person at the embassy.
Weeks later he got his phone call. "Actually, they had tried calling before but I had been away," Phlash told me later. "That poor woman went almost a week without being able to use her modem because I did that sneaky thing to her! When she called me, I went through the whole engineering bit, asking her to try logging on like she usually did. Of course it didn't work. I asked her if there was anyplace else she usually called, and there was. So we tried that. Didn't work either. Finally I decided it was in her best interest to try going through the reinstallation again. Naturally that reversed the four translation tables, so everything was peachy
again. Of course now I also had all I needed to get into two important government accounts!"
Phlash said that he was getting so caught up in his pretend role that he almost forgot to get the passwords and phone numbers. During the course of "helping" the embassy worker, he suggested that perhaps it was a problem with the phone line: "Which phone number are you dialing in from?"
You would also want to ask if there were any alternate numbers to try. Unlike typical reverse engineering, this particular case involved no physical entry of the computer site. Normally, access is needed to set up a hardware or software problem of some sort, and to set up advertising for your unique brand of assistance.
How to gain access is touched on elsewhere in this book.
Reverse Social Engineering Sabotage Methods
The first step of RSEing is to disable the target computer or the user's ability to use that computer. Generally this means you will be disabling a user's workstation, terminal or computer so that he or she can not access the system properly. You want to do something that is hard to detect yet easy to correct. Here is a list of five
general ideas, ranging in the amount of setup time and system familiarity required:
• Alter a parameter, the kind of parameter that novices don't know about or think about. Examples: default
printer port, screen colors, macros, obscure printer codes, technical peripheral settings.
• Set files to read-only, or rename them, or make them invisible in their directories.
Example: if
• WP.EXE is the word processor used, change the name to WP.$A$.
• Hardware tampering. Examples: switch a color monitor to monochrome mode; reverse disk drives;
disconnect or loosen the keyboard, or unplug the computer or surge protector.
• Install memory-clogging TSR programs. User won't know why program fails to run.
• Run a simulation program, such as an operating system simulation, which gives lots of ugly error messages.
general ideas, ranging in the amount of setup time and system familiarity required:
• Alter a parameter, the kind of parameter that novices don't know about or think about. Examples: default
printer port, screen colors, macros, obscure printer codes, technical peripheral settings.
• Set files to read-only, or rename them, or make them invisible in their directories.
Example: if
• WP.EXE is the word processor used, change the name to WP.$A$.
• Hardware tampering. Examples: switch a color monitor to monochrome mode; reverse disk drives;
disconnect or loosen the keyboard, or unplug the computer or surge protector.
• Install memory-clogging TSR programs. User won't know why program fails to run.
• Run a simulation program, such as an operating system simulation, which gives lots of ugly error messages.
WARNING!
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Sabotage should not be permanently harmful to the user or the computer! Do NOT
delete files or directories: they may become unrecoverable. Do NOT install viruses:
they can easily get out of hand. Do NOT sabotage in a way such that the operating
system refuses to boot: they may not have a bootable DOS disk handy when they
call you later!
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Sabotage should not be permanently harmful to the user or the computer! Do NOT
delete files or directories: they may become unrecoverable. Do NOT install viruses:
they can easily get out of hand. Do NOT sabotage in a way such that the operating
system refuses to boot: they may not have a bootable DOS disk handy when they
call you later!
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Might Report Your Call To A Security Manager
The trained user will know immediately when you're trying social engineering. She can then go off and tell others about your attempted pilfering of passwords. Those "others" include co-workers, bosses, computer managers, the person you tried to emulate, guards, or security officers. None of this will help you get in later on, even if it doesn't immediately get you caught or hurt your chances of penetration. Discovery is certainly not on your list of birthday wishes.
On the other hand, reverse SEing is sure to make you a friend on the inside. When you help people overcome obstacles, they will happily spread the word of your courteous, efficient manner of help to others - thus spawning more calls and more passwords.
The preceding explanations were motivated by three goals. I want you to comprehend the reasons why even such a powerful force as classic social engineering will fail on occasion, and how reverse social engineering can eliminate those failings. Yet my main concern is this: Social engineering can not remain as a mainstay of the modem hacker's bag of tricks without word getting out to ordinary computer users. Ordinary users are becoming increasingly aware of the need for discretion when it comes to such intimate topics as passwords and computer security. Ordinary users are reading more in the mainstream press about how we hackers break into systems. They are attending computer security lectures given by their companies, their community colleges, and their local law enforcement branches. The systems them-selves contain warnings not to reveal anything to anyone; their employers tell them that, their conscience tells them that. I - yes, even I - tell them that some vile people are out there trying to rifle through their computer files.
I doubt strongly there will ever come a time when all computer users know enough not to blab. Perhaps in a few years, businesses will have output from their telephones on a time delay, and have them hooked up to voice monitors. Then, if a naughty word is spoken, it can be detected and eradicated before the electrons that
compose it leave the confines of the building's wiring.
Even if such a thing does become commonplace, or even if 95% of the com-puterusing public decide not to be bullshitted any longer by social engineers, there will still be those five percent, the hundreds of other new and old hacking methods, and there will still be Reverse Social Engineering to get the hacker through his day.
On the other hand, reverse SEing is sure to make you a friend on the inside. When you help people overcome obstacles, they will happily spread the word of your courteous, efficient manner of help to others - thus spawning more calls and more passwords.
The preceding explanations were motivated by three goals. I want you to comprehend the reasons why even such a powerful force as classic social engineering will fail on occasion, and how reverse social engineering can eliminate those failings. Yet my main concern is this: Social engineering can not remain as a mainstay of the modem hacker's bag of tricks without word getting out to ordinary computer users. Ordinary users are becoming increasingly aware of the need for discretion when it comes to such intimate topics as passwords and computer security. Ordinary users are reading more in the mainstream press about how we hackers break into systems. They are attending computer security lectures given by their companies, their community colleges, and their local law enforcement branches. The systems them-selves contain warnings not to reveal anything to anyone; their employers tell them that, their conscience tells them that. I - yes, even I - tell them that some vile people are out there trying to rifle through their computer files.
I doubt strongly there will ever come a time when all computer users know enough not to blab. Perhaps in a few years, businesses will have output from their telephones on a time delay, and have them hooked up to voice monitors. Then, if a naughty word is spoken, it can be detected and eradicated before the electrons that
compose it leave the confines of the building's wiring.
Even if such a thing does become commonplace, or even if 95% of the com-puterusing public decide not to be bullshitted any longer by social engineers, there will still be those five percent, the hundreds of other new and old hacking methods, and there will still be Reverse Social Engineering to get the hacker through his day.
Misleading Information
Has No Reason To Assist You, Or Can Give You
Wrong/Misleading Information
Wrong/Misleading Information
I would probably just tell the caller anything to get rid of him. On the other hand, reverse social engineers know that the people they are speaking with require their assistance. Even the grandest guru of power users will call you if he thinks you will be able to quickly and simply pinpoint the problem and fix it, rather than wasting his time trying to do so. That power user knows he will get the solution when you reveal it to him so he can solve it himself the next time it occurs.
Verify Claimed Identity
Cannot Verify Your Claimed Identity Or Might
Know You Are Not Who You Say You Are
Know You Are Not Who You Say You Are
Social engineering suffers because to the person you call, you are an enigma - someone they do not know personally. Besides, you never know if the person on the other end of the line has been tipped off that you are lying about your identity - using cues such as Caller ID, a distinctive in-house tele-phone ring, or a knowledge
of employees and protocol. In any case, magic passwords might not be readily given to "mystery technicians" and "perplexed users" with modem troubles.
BUT in reverse SE, those who know the words of passage have no reason to suspect you of deceit: you are the one they call for advice. You are the one who is going to help them out of their misery. In fact, when they call you, you can legitimately request that they identify who they are. It is a matter of security, after all.
Overcoming Social Engineering Drawbacks
May Have Been Warned About Security Leaks
Or May Know About SE Tactics
Or May Know About SE Tactics
In RSE, the legitimate user is calling you for advice. Consequently he or she believes you are trustworthy, a member of the company or approved by the company, and one who already knows passwords and protocols anyway. There is no reason not to divulge this kind of data to you. In fact, it won't even be thought of as "divulging" since the person you speak with will just matter-of-factly spill his or her guts to you without hesitation.
it should be noted that reverse social en-gineering is not social engineering. It takes a backwards approach to the problem of getting users to talk, and so it won't be recognized by a person familiar with conventional hacker tricks. Furthermore, even if the person is so sophisticated as to understand RSE, that person will
probably be so wrapped up in his or her own problem that he or she won't notice what's going on. He or she needs your help to correct the problem; he or she realizes that if he or she doesn't cooperate, you won't be able to assist.
Reverse Social Engineering
Reverse social engineering, or simply reverse engineering (or the simpler RSE or simplest RE) is a sometimes risky endeavor that varies in its effectiveness and in its applicability. However, results from RSE are so strong - and often so humorous - that it provides a flashy alternative to other methods of breaching system security.
You see, even though social engineering is an accepted and revered method of finding out what you shouldn't know, it has its faults. No system is perfect, and clearly the list of flaws from the previous chapter shows that there are deficiencies in the usefulness of social engineering.
In many respects RSE is better than SE. However, reverse SE can only be used in specific situations and after much preparation and research. In addition, the best reverse engineering can only be done by more sophisticated (and mobile) hackers.
Don't expect this technique to be your bread and butter as you are first introduced to the world of computer-criminal culture. Reverse social engineering in its most consummate forms takes information you don't yet have, and skills you may not have acquired. Here is a comparison chart that shows some of the pros and cons of each form.
SOCIAL: You place call, are dependent upon them.
REVERSE: They place call, are dependent upon you.
SOCIAL: You feel indebted to them, or they believe and act as if you should be.
REVERSE: They appreciate your help and concern, will oblige you in the future if ever you need
assistance.
SOCIAL: You need help from them.
REVERSE: They need help from you.
SOCIAL: Questions often remain unresolved to the victim.
REVERSE: All problems are corrected; no suspicious loose ends.
SOCIAL: You have less control.
REVERSE: You retain complete control of the direction and subject of conversation.
SOCIAL: Little or no preparation required.
REVERSE: Lots of pre-planning required; previous access to the site is needed.
SOCIAL: Can work anywhere.
REVERSE: Only can be used under certain circumstances.
Much of social engineering is based on the premise that you, an impostor, pretend to have difficulties and need assistance from another computer operator to solve your problems.
The reverse to this is that a legitimate system user has difficulties, and he or she asks you the hacker for
assistance. In the process of assisting the user with his or her problem, the hacker is able to (effortlessly) find out account names, passwords -the works.
An RSE attack consists of three parts:
• Sabotage
• Advertising
• Assisting
Sabotage is an initial brief contact with an on-site computer, during which the hacker causes a malfunction of some kind that will need correcting.
Advertising is letting the user know you are available to answer computer-related questions.
Assisting is the conversation in which you solve the user's problem, and the user unknowingly solves yours.
Before I explain how this is accomplished and what good it does, you should understand why it's better to have them call you than the other way around. Let's step through that list of bad stuff about social engineering that was given previously, this time demonstrating how reverse social engineering overcomes all of those problems.
You see, even though social engineering is an accepted and revered method of finding out what you shouldn't know, it has its faults. No system is perfect, and clearly the list of flaws from the previous chapter shows that there are deficiencies in the usefulness of social engineering.
In many respects RSE is better than SE. However, reverse SE can only be used in specific situations and after much preparation and research. In addition, the best reverse engineering can only be done by more sophisticated (and mobile) hackers.
Don't expect this technique to be your bread and butter as you are first introduced to the world of computer-criminal culture. Reverse social engineering in its most consummate forms takes information you don't yet have, and skills you may not have acquired. Here is a comparison chart that shows some of the pros and cons of each form.
SOCIAL: You place call, are dependent upon them.
REVERSE: They place call, are dependent upon you.
SOCIAL: You feel indebted to them, or they believe and act as if you should be.
REVERSE: They appreciate your help and concern, will oblige you in the future if ever you need
assistance.
SOCIAL: You need help from them.
REVERSE: They need help from you.
SOCIAL: Questions often remain unresolved to the victim.
REVERSE: All problems are corrected; no suspicious loose ends.
SOCIAL: You have less control.
REVERSE: You retain complete control of the direction and subject of conversation.
SOCIAL: Little or no preparation required.
REVERSE: Lots of pre-planning required; previous access to the site is needed.
SOCIAL: Can work anywhere.
REVERSE: Only can be used under certain circumstances.
Much of social engineering is based on the premise that you, an impostor, pretend to have difficulties and need assistance from another computer operator to solve your problems.
The reverse to this is that a legitimate system user has difficulties, and he or she asks you the hacker for
assistance. In the process of assisting the user with his or her problem, the hacker is able to (effortlessly) find out account names, passwords -the works.
An RSE attack consists of three parts:
• Sabotage
• Advertising
• Assisting
Sabotage is an initial brief contact with an on-site computer, during which the hacker causes a malfunction of some kind that will need correcting.
Advertising is letting the user know you are available to answer computer-related questions.
Assisting is the conversation in which you solve the user's problem, and the user unknowingly solves yours.
Before I explain how this is accomplished and what good it does, you should understand why it's better to have them call you than the other way around. Let's step through that list of bad stuff about social engineering that was given previously, this time demonstrating how reverse social engineering overcomes all of those problems.
Subscribe to:
Posts (Atom)