Social Engineering
Moderators: jelco, bert_the_turtle, DTNC Vicious
-
tllotpfkamvpe
- level5
- Posts: 1698
- Joined: Fri Aug 31, 2007 12:04 am
tllotpfkamvpe wrote:Does going through a company's trash bins count as social engineering? I did see a film called track down (or is it takedown?) that shows some great social engineering at work.
Social engineering is about exploiting human weaknesses, rather than weaknesses in hardware or software. If someone is putting sensitive material into the trash, and someone else takes advantage of that, I would think that would count as social engineering (though a stronger case could be made if the social engineer actually convinced that person to throw away that sensitive material without destroying it).
xander
-
shinygerbil
- level5
- Posts: 4667
- Joined: Wed Dec 22, 2004 10:14 pm
- Location: Out, finding my own food. Also, doing the shinyBonsai Manoeuvre(tm)
- Contact:
Just because the show is more about the people and their interaction, that doesn't mean that the ideas represented in the show aren't valid. The long cons definitely have their roots in interpersonal relations and personal foibles which may not be so easily represented within Subversion, but I think some of the short cons in Hustle could really fit the style of the game, as they are simply a 'means to an end' - e.g. "we need a van" -> "let's con some guy out of his van using this old uniform, a bit of cardboard and a traffic cone". The reason for needing the van is not the important part; it's still the same kind of on-your-feet improvisation to deal with the situation at hand - but more physical than simply sitting at a screen hacking into a digital world. I would even go as far as to say that this is what Subversion is going for as a "spiritual successor" to Uplink; to represent the physical side of the world in the same stylized manner that Uplink represented the digital world.
As we've clearly seen there can be two sides to every mission; the "quiet sneaky elegant" side and the "gung-ho brute force" side. For example, in a purely hypothetical situation it may be necessary to hack a bank to secure emergency funds for the tools required to gain access to a facility. The "gung-ho" option could be to physically tamper with a cash machine in order to get the money together to bribe a guard.
It could totally work! (I love that show!)
As we've clearly seen there can be two sides to every mission; the "quiet sneaky elegant" side and the "gung-ho brute force" side. For example, in a purely hypothetical situation it may be necessary to hack a bank to secure emergency funds for the tools required to gain access to a facility. The "gung-ho" option could be to physically tamper with a cash machine in order to get the money together to bribe a guard.
It could totally work! (I love that show!)
-
DeepQantas
- level1
- Posts: 13
- Joined: Fri Aug 11, 2006 9:40 am
Disguises.
Getting a uniform is pretty cheap but only fools people in the passing.
Getting an ID card is a bit trickier put gets you past security.
But if you really want to do it right you have to hire an expert to teach your guys the professional jargon.
"We applied the cortical stimulators but the patient was non-responsive."
And then if someone looks at you just smile.
Or you could just roll in and claim you're from the telephone company. Whatever.
Getting a uniform is pretty cheap but only fools people in the passing.
Getting an ID card is a bit trickier put gets you past security.
But if you really want to do it right you have to hire an expert to teach your guys the professional jargon.
"We applied the cortical stimulators but the patient was non-responsive."
And then if someone looks at you just smile.
Or you could just roll in and claim you're from the telephone company. Whatever.
I imagine that the social engineering part will be pretty tough to do any justice to. Anything less than really simplistic would be tough.
The minimal approach would be having characters with a social skill that gives them options like 'distract' and 'mislead,' and the reactions (amount of time distracted, how far they move in the direction you mislead before returning) would depend on the stat. And maybe a disguise skill so that you can steal outfits or ID cards and get away with it.
But where's the fun in dreaming about minimalistic approaches. =P
A more in-depth approach that might be interesting is if the game kept track of useful information you've learned about the building and the people in it. Like, for example, if you recon an area and find out where the security room is, hack their network and get information on their head of security, and learn what company handles their IT stuff, then while sending someone to speak with the front desk about getting access to the security room(posing as their IT guy), you could choose those three pieces of information from a list of things you know about the building and its operations. Whether or not the engineering succeeds would depend on a value determined by the combined relevence of each piece of information used in the social engineering, and how tight security is for that area of the building.
The game would have to keep track of information that's relevent to different areas, objects, and people. Some information might have a high value, some might have a low value.
To use the example above, the security room would have a variety of objects and people linked to it. Being familiar with the head of security would be a high value, while knowing where the room is located might have a low value, and knowing the building's IT company might only be worth a middling amount.
Obviously the game would have to limit the pieces of information you could use, making you choose the best 3 or 4 pieces of information you have. It might not give you specific numbers, just indicating whether it's relevent(1-3), semi-relevent(4-6), and irrelevent(7-9), so that it's not simply a numbers game of picking the best three or four numbers. Security level for areas might be anywhere from 3-25, presuming only three pieces of information could be chosen. The idea would be to pick three things that you hope surpass the security level, and then you would be allowed access in that area so long as you don't do anything suspicious.
Disguises or ID cards relevent to the area you're getting access to might give a static bonus that gets added to your attempt. Like a uniform for the IT company you're pretending to be from might add a static 6 to the attempt, added to your three choices. While a forged ID card might only be worth 3. Both together might be worth 9.
Normally I wouldn't dare to suggest something so complex, but geez. If anyone would go through the trouble to implement something that in-depth it'd be Introversion. Uplink was ridiculously in-depth.
The minimal approach would be having characters with a social skill that gives them options like 'distract' and 'mislead,' and the reactions (amount of time distracted, how far they move in the direction you mislead before returning) would depend on the stat. And maybe a disguise skill so that you can steal outfits or ID cards and get away with it.
But where's the fun in dreaming about minimalistic approaches. =P
A more in-depth approach that might be interesting is if the game kept track of useful information you've learned about the building and the people in it. Like, for example, if you recon an area and find out where the security room is, hack their network and get information on their head of security, and learn what company handles their IT stuff, then while sending someone to speak with the front desk about getting access to the security room(posing as their IT guy), you could choose those three pieces of information from a list of things you know about the building and its operations. Whether or not the engineering succeeds would depend on a value determined by the combined relevence of each piece of information used in the social engineering, and how tight security is for that area of the building.
The game would have to keep track of information that's relevent to different areas, objects, and people. Some information might have a high value, some might have a low value.
To use the example above, the security room would have a variety of objects and people linked to it. Being familiar with the head of security would be a high value, while knowing where the room is located might have a low value, and knowing the building's IT company might only be worth a middling amount.
Obviously the game would have to limit the pieces of information you could use, making you choose the best 3 or 4 pieces of information you have. It might not give you specific numbers, just indicating whether it's relevent(1-3), semi-relevent(4-6), and irrelevent(7-9), so that it's not simply a numbers game of picking the best three or four numbers. Security level for areas might be anywhere from 3-25, presuming only three pieces of information could be chosen. The idea would be to pick three things that you hope surpass the security level, and then you would be allowed access in that area so long as you don't do anything suspicious.
Disguises or ID cards relevent to the area you're getting access to might give a static bonus that gets added to your attempt. Like a uniform for the IT company you're pretending to be from might add a static 6 to the attempt, added to your three choices. While a forged ID card might only be worth 3. Both together might be worth 9.
Normally I wouldn't dare to suggest something so complex, but geez. If anyone would go through the trouble to implement something that in-depth it'd be Introversion. Uplink was ridiculously in-depth.
xander wrote:WOMAN: You know, there's this one word that really turns me on.
CLUELESS DUPE: Really? What's that?
W (sexily): Passport.
CD: !?
xander
LOL!!!
thanks i needed that..
most likely it could only involve looking the part with the right credentials. which is all you need IRL anyway. well, that and a knack for bs'n. and technical jargon only applies when the person your telling might know what your talking about. which can be subdued with good looks..
Who is online
Users browsing this forum: No registered users and 15 guests