Tuesday 2 December 2008

Social engineering

Social engineering;
Psychology, sociology and intelligence gathering

In this article, we think and take a good look at ourselves and others around us…

Human nature is a very complex subject, but social engineering is a fundamental building block from which good intelligence can be gathered, if managed correctly.

The history of social engineering goes way back in time when man started to lie to woman, each day we say something engineered to get a desired response, “of course your bum does not look big in that dress”.

Social engineering within intelligence gathering was refined as we know it today during World War II and later in the Cold War when all parties started looking for the upper hand and made use of psychology for the first time in its more “advanced” form, although the use of psychology and sociology in intelligence gathering and warfare is documented in the ancient Chinese text, “The art of War”.

Today many intelligence agencies employ fulltime psychologists and sociologists not only in an analogy role, but also part of the fundamental training programme, each potential intelligence officer is looked at for possible weakness and “suggestiveness”, that is, can the agent be manipulated, to be turned or weaken, to divulge sensitive information.

The very art of social engineering is to gather intelligence through conversation, electronic of physical, one party unwittingly divulging information without even being aware that they are doing so or in thinking that the information being given is to an official body, company or organisation. It is an art form that rarely receives the praise that is justified, an agent lulling a target individual in to a false sense of security, making that person give over information freely.

Whilst there are many techniques such as “Pretexting”; the art of making a telephone call with the view of fooling the person on the other end in to giving you personal or sensitive information. If for instance you knew that a target banked with “the bank of mars”, you could telephone that individual and state that you were from the bank, wishing to discuss account activity – first asking direct probing security questions; mother maiden name, social or national security number; passport number etc.

This information then could be used for fraudulent activity; this technique is also it has to be said employed by companies carrying out corporate investigations. Pretexting is an important tool in intelligence gathering, often making use of female “soft/sweet speaking” operatives for best effect. A well trained operative could get any information with ease from the right target at the right moment, a moment of weakness when trust can be misplaced.

Many government agencies and all specialist intelligence firms employ psychological methods to gain vital intelligence. While the use of these methods may be more long term, they more often than not produce the best results, be it over a period of time.

Social engineering is one of the most widely known methods deployed today, this can easily be described as building up a relationship and or false confidence with an individual in order to get that person to divulge information, sometimes without them even knowing that they have done so or the value of the said information.

Top experts in espionage will pin point key personnel within an organisation or company to target, this member of personnel will have access to sensitive often and confidential data, the individual will be targeted with a number of things in mind; generally a weakness that can be exploited in order to gain intelligence.
Often we will see more than one social engineering technique being used; for example; “Pretexting” used in combination with “Phishing”; not relying on only one method of intelligence gathering; spreading the odds of gathering usefull intelligence.

“Phishing” is a relitivily new technique, first appearing on our computer screens in the mid to late 1990’s; with the expansion and growth of the internet and “email” usage. Phishing involves either an email supposedly from your bank or, for example “eBay”, asking for you to logon via a given link or webpage. The idea being that the link what is given is a page or set of pages controlled by the individual sending the said email.

The web page would be an exact copy or your banks own login page; you enter your login details – if they are pushing there luck they will ask you additional security questions too! Before you know it, you have a login error and give up – by now your bank login details are being used in Nigeria and money is being withdrawn.

While the banking community is always striving to improve its security policy’s, both for telephone and internet banking, the criminal will always try to stay one step ahead – social engineering techniques are one of the best weapons available; free of charge.

The Russian intelligence services were expert in selecting a target who could be exploited to the maximum, often taking great time and effort in cultivating a relationship long before any information would change hands. The system used by the Russians was referred to by the acronym MICE, standing for Money, Ideology, Coercion, and Ego. Money is self-explanatory; individuals who have a poor financial situation and face debt will often pass over sensitive documentation for the right price.

Of course other intelligence organisations and firms have there own version of MICE, some even employing personnel with degree’s or PhD’s in psychology who can easily spot a good victim.

A good example of Social Engineering and use of MICE was in 2005, a British accountant at KPMG Financial Advisory Services in Bermuda was telephoned by a man identifying himself as Mr Nick Hamilton. Hamilton said he needed to meet to talk about matters of utmost importance.

Nick Hamilton was not an agent of Her Majesty's secret service and the documents never found their way to the British government. Nick Hamilton was in fact a former British agent Nick Day and co-founder of a private intelligence company Diligence LLC, the client of which was Barbour Griffith & Rogers, a lobbying firm from Washington DC. Barbour Griffith represented a Russian conglomerate whose archrival, IPOC International Growth Fund Ltd., was being audited by KPMG's Bermuda office.

Within Day’s company Diligence the KPMG campaign was codenamed Project
Yucca, at lunch, Day, who is a typical English Gentleman, said the assignment he had in mind for Enright was top secret and involved Britain's national security. Day it is alleged kept the conversation vague, not mentioning IPOC or the audit. Day told the accountant he would have to carryout a British government background check to ensure that he was up to the task. Day it is alleged produced an official-looking but fake British government questionnaire, complete with government seal at the top and asked for information about Enright's parents, his professional background, any criminal history, and political activities etc.

Over the course of two meetings, it is alleged that Hamilton led the KPMG accountant to believe he was a British intelligence officer. He told the accountant he wanted information about a KPMG project that Hamilton said had national security implications for Great Britain.

Posing as Nick Hamilton, Day it is alleged agent built up a trustworthy relationship with the accountant in question and obtained much documentation and advance information regarding the audit.

KPMG were hired by Russian conglomerate Alfa Group Consortium hired Barbour Griffith & Rogers through a subsidiary and the lobbying firm in turn hired the firm co-founded by the former British Agent. Alfa was duelling with IPOC for a large stake in the Russian telecom company MegaFon. Soon, after another meeting Enright was handing over confidential audit documents, including transcripts of interviews KPMG had conducted in the IPOC investigation. It is said that Diligence was paid handsomely for its work. An invoice produced in a federal court proceeding in Washington involving IPOC and Diligence shows that Barbour Griffith was billed by Diligence "For Bermuda report and Germany work--A Telecom."

The bubble on this operation burst on October 18th 2005 after an unidentified individual dropped off a pile of paperwork which included Diligence business records and e-mails with details of Project Yucca.

On November 10th, 2005, KPMG Financial Advisory Services sued Diligence for fraud and unjust enrichment in U.S. District Court in Washington. On June 20, 2006, the case settled. Diligence paid KPMG $1.7 million, according to a person familiar with the settlement.

On November 10th, 2005, KPMG Financial Advisory Services sued Diligence for fraud and unjust enrichment in U.S. District Court in Washington.
On June 15th, 2006, IPOC sued both Diligence and Barbour Griffith & Rogers in the same District Court, alleging civil conspiracy, unjust enrichment, and other misdeeds. That case is pending.

On June 20th, 2006, the case settled. Diligence LLC paid KPMG $1.7 million.
The manipulation of others is human nature – one technique that has come to light in recent years is using the psychology of human weakness in our inquisitiveness; for example you send an email to a victim with an attachment, you clearly mark the email so that the individual knows full well that the email was sent to them in error; the attachment contains a virus in the form or a Trojan, spy-wear, monitoring software.

Individuals have even been tricked into switching off anti-virus software to be able to open an attachment that they think contains “juicy” information, for example information on what wages are being paid to who or client information. Eight out of ten people will open that attachment; the same too can be said if you left a disk around with a clear label stating that it is something to do with accounts or personnel files – it wont get handed in until people have looked at it, just like a paper file that say’s “confidential”; peoples inquisitiveness will get the better of them.

Social engineering is no exact science; there is no right and wrong way to use its many varied techniques, its all about what works and with whom, no one single person can be fooled at any given time, it is all about approach, timing, confidence and believability; these things along with the state of mind of the victim at that given moment in time.

If we use for an example the Church, while a not the most politically correct of examples; how often has the church been accused of manipulating parishioners into giving or bequeathing monies when they could be seen as being at there weakest or lowest point. We too could use as an example the beggar with the dirty child or little puppy at there side, or the loan business man duped by the blonde in the hotel bar – all social engineering, all psychology, sociology and intelligence gathering.

Finally it must be added that the very nature of human behaviour and our weakness can be easily exploited to gather intelligence by the use of basic and advanced psychological techniques; this aside; good intelligence can too be gathering via the observation and or eavesdropping on others; for sometimes those with the intelligence we require will freely give up there knowledge in boasting and bragging to there peer group, in twisted form if you can make an individual brag or boast via social engineering, that’s good, but one must question the quality of intelligence gathered in this manner, just as one would question intelligence gathered via the use of torture or physiological pressure.

Of course today these very techniques are being used not only by intelligence agencies and police forces worldwide, but by marketing agencies, fraudsters, scammers, and hackers; why? Because it’s low cost, highly effective and relatively easy to understand and practice the basic techniques.


Alex Bomberg is the founder of UK based International Intelligence Limited www.int-int.co.uk is a member of RUSI and a former aide to the British Royal family. Alex advises a number of governments, Royal families, corporations and individuals on the issues of counter espionage, TSCM sweeps, covert surveillance and intelligence, technical and physical. Alex is an expert telephone tapping and email interception.