Social Engineering

It's all in your head

Moderators: bert_the_turtle, DTNC Vicious, jelco

User avatar
tllotpfkamvpe
level5
level5
Posts: 1768
Joined: Fri Aug 31, 2007 12:04 am
Contact:

Postby tllotpfkamvpe » Thu Feb 25, 2010 10:53 pm

Does going through a company's trash bins count as social engineering? I did see a film called track down (or is it takedown?) that shows some great social engineering at work.
User avatar
xander
level5
level5
Posts: 16869
Joined: Thu Oct 21, 2004 11:41 pm
Location: Highland, CA, USA
Contact:

Postby xander » Fri Feb 26, 2010 3:46 pm

tllotpfkamvpe wrote:Does going through a company's trash bins count as social engineering? I did see a film called track down (or is it takedown?) that shows some great social engineering at work.

Social engineering is about exploiting human weaknesses, rather than weaknesses in hardware or software. If someone is putting sensitive material into the trash, and someone else takes advantage of that, I would think that would count as social engineering (though a stronger case could be made if the social engineer actually convinced that person to throw away that sensitive material without destroying it).

xander
Darksun
level5
level5
Posts: 6461
Joined: Sat Dec 07, 2002 7:08 pm
Location: 127.0.0.1

Postby Darksun » Mon Mar 01, 2010 4:28 pm

I've recently been rewatching the BBC program Hustle, if they could implement some of the schemes used in that it'd be very cool

And I hope there are alarm systems and BEM systems to play around with, but that's just because I'm a saddo who can't get away from work :P
User avatar
NeatNit
level5
level5
Posts: 2929
Joined: Mon Jan 28, 2008 2:41 pm
Location: Israel
Contact:

Postby NeatNit » Mon Mar 01, 2010 5:07 pm

lol, the hustles in that show won't really fit I think. Subversion is more about location and infiltration, and that show is much more about the people and actions.
User avatar
shinygerbil
level5
level5
Posts: 4667
Joined: Wed Dec 22, 2004 10:14 pm
Location: Out, finding my own food. Also, doing the shinyBonsai Manoeuvre(tm)
Contact:

Postby shinygerbil » Mon Mar 01, 2010 10:16 pm

Just because the show is more about the people and their interaction, that doesn't mean that the ideas represented in the show aren't valid. The long cons definitely have their roots in interpersonal relations and personal foibles which may not be so easily represented within Subversion, but I think some of the short cons in Hustle could really fit the style of the game, as they are simply a 'means to an end' - e.g. "we need a van" -> "let's con some guy out of his van using this old uniform, a bit of cardboard and a traffic cone". The reason for needing the van is not the important part; it's still the same kind of on-your-feet improvisation to deal with the situation at hand - but more physical than simply sitting at a screen hacking into a digital world. I would even go as far as to say that this is what Subversion is going for as a "spiritual successor" to Uplink; to represent the physical side of the world in the same stylized manner that Uplink represented the digital world.

As we've clearly seen there can be two sides to every mission; the "quiet sneaky elegant" side and the "gung-ho brute force" side. For example, in a purely hypothetical situation it may be necessary to hack a bank to secure emergency funds for the tools required to gain access to a facility. The "gung-ho" option could be to physically tamper with a cash machine in order to get the money together to bribe a guard.

It could totally work! (I love that show!)
User avatar
DeepQantas
level1
level1
Posts: 13
Joined: Fri Aug 11, 2006 9:40 am

Postby DeepQantas » Tue May 18, 2010 10:19 pm

Disguises.

Getting a uniform is pretty cheap but only fools people in the passing.
Getting an ID card is a bit trickier put gets you past security.
But if you really want to do it right you have to hire an expert to teach your guys the professional jargon.

"We applied the cortical stimulators but the patient was non-responsive."

And then if someone looks at you just smile. :)



Or you could just roll in and claim you're from the telephone company. Whatever.
User avatar
xander
level5
level5
Posts: 16869
Joined: Thu Oct 21, 2004 11:41 pm
Location: Highland, CA, USA
Contact:

Postby xander » Wed May 19, 2010 4:22 am

DeepQantas wrote:Or you could just roll in and claim you're from the telephone company. Whatever.

That's what most people do. It works pretty well, too.

xander
Harle
level1
level1
Posts: 11
Joined: Wed May 19, 2010 10:17 am

Postby Harle » Wed May 19, 2010 10:46 am

I imagine that the social engineering part will be pretty tough to do any justice to. Anything less than really simplistic would be tough.

The minimal approach would be having characters with a social skill that gives them options like 'distract' and 'mislead,' and the reactions (amount of time distracted, how far they move in the direction you mislead before returning) would depend on the stat. And maybe a disguise skill so that you can steal outfits or ID cards and get away with it.

But where's the fun in dreaming about minimalistic approaches. =P

A more in-depth approach that might be interesting is if the game kept track of useful information you've learned about the building and the people in it. Like, for example, if you recon an area and find out where the security room is, hack their network and get information on their head of security, and learn what company handles their IT stuff, then while sending someone to speak with the front desk about getting access to the security room(posing as their IT guy), you could choose those three pieces of information from a list of things you know about the building and its operations. Whether or not the engineering succeeds would depend on a value determined by the combined relevence of each piece of information used in the social engineering, and how tight security is for that area of the building.

The game would have to keep track of information that's relevent to different areas, objects, and people. Some information might have a high value, some might have a low value.

To use the example above, the security room would have a variety of objects and people linked to it. Being familiar with the head of security would be a high value, while knowing where the room is located might have a low value, and knowing the building's IT company might only be worth a middling amount.

Obviously the game would have to limit the pieces of information you could use, making you choose the best 3 or 4 pieces of information you have. It might not give you specific numbers, just indicating whether it's relevent(1-3), semi-relevent(4-6), and irrelevent(7-9), so that it's not simply a numbers game of picking the best three or four numbers. Security level for areas might be anywhere from 3-25, presuming only three pieces of information could be chosen. The idea would be to pick three things that you hope surpass the security level, and then you would be allowed access in that area so long as you don't do anything suspicious.

Disguises or ID cards relevent to the area you're getting access to might give a static bonus that gets added to your attempt. Like a uniform for the IT company you're pretending to be from might add a static 6 to the attempt, added to your three choices. While a forged ID card might only be worth 3. Both together might be worth 9.

Normally I wouldn't dare to suggest something so complex, but geez. If anyone would go through the trouble to implement something that in-depth it'd be Introversion. Uplink was ridiculously in-depth.
User avatar
Lucky13
level1
level1
Posts: 38
Joined: Tue Jun 22, 2010 7:36 am

Postby Lucky13 » Thu Jun 24, 2010 9:22 am

xander wrote:WOMAN: You know, there's this one word that really turns me on.
CLUELESS DUPE: Really? What's that?
W (sexily): Passport.
CD: !?

xander


LOL!!!
thanks i needed that..


most likely it could only involve looking the part with the right credentials. which is all you need IRL anyway. well, that and a knack for bs'n. and technical jargon only applies when the person your telling might know what your talking about. which can be subdued with good looks.. :P

Return to “Subversion”

Who is online

Users browsing this forum: No registered users and 3 guests