Unless you are starring in the next “Planet of the Apes” this Holiday season, you will undoubtedly find yourself surrounded by humans. Many situations may arise from company parties, family get-togethers, to year end celebrations. These events provide you with a perfect test bench to try out your social engineering skills. Take advantage of the fact you will be submerged into groups of people, some familiar, some not.
Sadly, your family will insist you not be on IRC during the holiday festivities. I know, crazy, right? It is what it is, so make the best of it. In this blog we will recap some previously explained techniques and give you handy suggestions on how you can put these skills and knowledge to the test. You can even make a game out of it!
Holiday Season Social Engineer Game #1
In October 2011 we taught you about the power of nonsexual touch and how impactful it can be in increasing compliance up to 70%!! Research shows that just a simple, nonsexual touch to the upper arm of your target increases compliance, increases helping behavior, increases the level of attraction your target has to you, and signals to your target that you are powerful. These effects are compounded, meaning subjects that were touched twice showed increased compliance over those subjects only touched once.
While the rest of the group is sipping Eggnog and talking about what diet they are going to start after the new year, pick two groups of individuals from the pool of people at the event. Pick 3 to 4 people to represent Group A and 3 to 4 people for Group B. Just make sure both groups contain the same amount of people. Now pick a task, say retrieving something from your car, or have some pre-determined quiz ready. Maybe take a subset of the IQ exam, just a few questions will do. Now ask both groups of people to do your bidding. When asking Group A, make sure to touch each individual on the arm briefly and gently. Then, for Group B, issue the request with no physical touch. See which group complies more.
The trickiest part of this game will be to pick a task that the groups won’t just automatically do because you are who you are (as well as not making it sexual touch). For instance, don’t ask subordinates to go make a copy of something for you because they will all do it, you’re their boss. Instead, try to devise something they feel comfortable opting out of.
Holiday Season Social Engineer Game #2
For a lot of families, cards is a long time holiday tradition. We all know that family card games are mostly just for fun. We also know how fun it is to manipulate people and situations to your advantage, especially if it means beating Uncle Dick in a game of 5 card. In November 2011 we taught you how to bluff like a pro in Vegas. There is no reason you can’t use these skills in a warm and cozy home in Barrington, IL instead of Las Vegas. (And you have a greater chance of leaving with both knee caps too!)
Try to really trick and confuse the table. Know your opponents. If you are playing Hold’Em with a bunch of statisticians or mathematicians, chances are, they know a little about the game and you should employ some advanced social engineering here. Layer your scams and really try to obfuscate your position. Perhaps try to fabricate microexpressions to confuse your opponents. If you’re just playing a friendly game with your cousins, you can lower your game a little bit and enjoy yourself. Reverse your tells, or even better, double reverse your tells. Try to make people think you’re a great card player, then act excited when you have a good hand and sad when you have a bad hand. Because your opponents think you’re a good player, they expect you to seem sad when you have a good hand.
Holiday Season Social Engineer Game #3
In March of 2011 we launched what proved to be one of our most popular and widely read blog posts to date, on a real life example of reading microexpressions.
In this post we analyzed how microexpressions will show what a person is really feeling. This game will take a little skill but can be really rewarding in the end. First pick a topic that you know some will not like, don’t make it too offensive, but something that should elicit either anger or disgust. For example, something like “On the way here tonight I saw this poor deer get smeared by a car. Dang its guts where everywhere…” That should elicit the proper level of disgust in your listeners.
Watch the faces of those you are talking to and see if you can pick out disgust. Once you get your “juice” on and you are ready to start reading some faces, now sit back and see if you can pick out what people are feeling in conversations across the room. Then get with in earshot and see if what you thought was right.
Holiday Season Social Engineer Game #4
Back in December of 2009 we launched a blog post all about using the language of the hands to detect honesty or untruth in a person.
This can be a really great time when it comes to large rooms of family all trying to be happy and make the time together enjoyable. There are 8 tips in that blog post on how you can see if someone is lying or not. This game can be a little uncomfortable but it can also really help you practice some valuable SE skills.
Ask a family member for their version of a story and then try to pick out these 8 tips and see if you can catch someone in a lie. You don’t have to call them on it, just play along and see if you can get them to further the story and see if the body language tips become even more evident.
Final Tip for the Social Engineering Games
Remember, the holidays are all about having fun and relaxing with family and friends. Take this time, away from the IRC channel and SEORG, to practice on real people in an unassuming setting. Hone the skills that will make you a professional social engineer.
We hope we have given you some ideas to have some fun this holiday season. Stay tuned to Social-Engineer.org in 2012, there will be a lot of changes and some exciting new developments around the corner. We’re coming strong in 2012 (we want to get as much info out there as possible before the world ends) with more blogs, more newsletter content, epic podcasts, worldwide training, and much, much more!