dslogo1.gif
Home
Tutorials
Password Crackers
Dictionary/Word Lists
Unix
Encryption
Port Scanners
Privacy/Anonymity
Trojans
Contact/About Me
The Lighter Side
Proxy Servers
Password Managers
Anti-Trojan/Virus
Personal Firewalls
Anti-Spyware
Secure File Deletion
Internet Cleanup Tools
PC Access Control
System Utilities
Email Security
Instant Messengers
Virus Creation Software
IRC
Web Development
Digital Soldier M.A.M.E
Digital Soldier Wallpaper
Digital Soldier Emulation
Digital Soldier Javascripts
Digital Soldier Games Spot

Social Engineering

Bit Maestro

BitMaestro@email.ro

"We, whoever we are at the current time, are not responsible for your actions as the result of anything, especially such things that pertain to this site. If your ignorance of local, state, and/or federal laws pertaining to anything mentioned to or hinted at by us lands you in a position you don't like (i.e prison, jail, or the liable end of a lawsuit), remember that it is not L.I.S.T., it's members, God's, Jesus's, Allah's, Jehovah's, or anybody else's responsibility but your own. We didn't make you do anything, nor would we. It is also the intention of this disclaimer that we hold to, not it's exact wording: if you think there's a legal loophole that you've found that holds us liable for you're actions, you're most likely right. However it is the spirit of this disclaimer that should be followed."


What is it?
Social Engineering is the art of acquiring information from someone without them realizing you are doing it.

The five basic Principles:

1) Do not be forthcoming with information...only answer the questions you are asked
2) keep answers short and simple...
3) keep in character at all times
4) If things go drastically wrong don't panic
5) Be flexible

There are three basic mediums which a Social Engineer can use to attempt to gain information:

1)Text
2)Phone
3)In person

Each has it's own pro's and con's: text eliminates the need to be a good actor, but limits the controllability of the situation; the phone is a safe method because it reduces the possibility that the guys with the big guns are gonna take you to the back room if you catch my meaning, but the phone also has limited functionality; In person is by far requires the most skill, meaning a 13 year old can't pass for an FBI agent (trust us), but it also presents the most hazardous situation for your freedom.

Social Engineering Via Text:

This is the easiest way, although it does require some common sense on your part. Are you going to mail it? is it an email?
if you are going to mail it via snail mail follow this guideline:

1)do you want a return mail? open a p.o. box under a false identity. (most businesses have street addresses for mailing     purposes)
2)are you impersonating a company? get or fake company letterhead, try to obtain a draft copy to find proper format. (see     how to dumpster dive).
3)mail it from the same town the company is in...impersonating Micro$lop from Denver Colorado probably won't work.
4)don;t use stamps...have the mail weighed and stamped by the post office.
5)use spell check, type everything except a signature, use number 10 business envelops(unless research dictates otherwise).
6)you're better off making up a company from scratch most times, than impersonating a major company.

mail is severely limited. they only answer the questions you ask, you need to specify the form of the reply you would like...typically a company will respond in the manner it is contacted...If you send a request for information without specifying the form of return, they will send it to the return address (which may or may not get to you[again another reason to have a fake company not a well known one]) Although it is limited...sometimes it is the only way to rat out the info you're seeking.

Social Engineering Via the Phone:

This is a safe and flexible method, but can be suspicious, and traceable. Here are some guidelines:

1)try to gain physical access to the office to ensure that no special "internal call" lights activate on internal calls if     you intend on impersonating someone in the company (bad idea...you'd be surprised how many people know who works around them).
2)write down your questions, rehearse them, rehearse the probable and possible responses, be prepared for idle chatting while     waiting (keep it vague).
3)if your rouse is up have a preplanned course of action, do you try and salvage the situation? or do you abandon ship.
4) gain specifics if you intend on impersonating inside personnel.
5)do not call from home...beige boxing is beautiful..if necessary even use the payphone near the restrooms of the company.
6)stay in character...don't start out as Emmanuel,the computer tech and finish as Joe Bob Briggs the neophyte temp worker.
7)impersonating press can be good or bad.

Social Engineering In person:

This is the most stressful and the most rewarding, however with the rewards comes the danger of being detained by the guys     with the guns who call the cops. Some guidelines:

1)impersonate only something you can pass for... if you want pass for FBI be at least 30 or so, clean shaven three piece suit, be remotely in shape, and don't drive up in a beat up 1977 Toyota corona luxury edition (not to mention specifics).
2)only get nervous if your character warrants it.
3)acting lessons are not such a bad idea
4)carry relevant props...if you work for "the phone company" as a "technician" where a tool belt (no not with a hammer and      nails..but throw in lots of wire) probably a good idea to get a shirt with your name on a patch to use for stuff     like this. If the phone company has specific jumpsuits or uniforms...go buy one...or rent it.
5)use any excuse to bring a video camera
6)don't waste time


General Tips:

As Richard Marcinko put it use the P7 rule "Proper Previous Planning Prevents Piss Poor Performance" do lots of research
If you have to bail on a situation..don't call back the next day, and try and do it gracefully..running from a building after being asked only for your name by the secretary could be quite tarnishing to your macho image. One more time just incase you didn't hear the first 20 times "DO YOUR OWN RESEARCH". As always this is just a guideline...do your own work..we could have very easily left out basic info.