In our 5-day Course, Social Engineering For Penetration Testers, we speak about the value of information and some of the methods it has been obtained by malicious social engineers. In that section, we speak about Alcohol and how powerful it is to loosen lips and cause serious information leakage.
Enter the Canadian Border Service Agency, an agency devoted to helping control immigration over its borders. The Chinese embassy wanted to meet with them to discuss helping them deport Chinese citizens who fled due to economic or other reasons and are being sought by the government.
Where do these meetings get held do you think? In the embassy? In a closed room where no one can hear? In a private office? Normally, but not this one. This particular meeting was held in the Bashu Sichuan Chinese Restaurant in Ottawa Canada. With the group at about 15, the Chinese Embassy delegates began to use one of the oldest tricks in the book, lots and lots and lots of libations.
What was the result? Some of the workers there remember the CBSA Employees being so drunk one vomited in a government car and from what was reported the conversation was not lacking. An investigation has been launched into what type of information was exactly released, but nothing definite has been determined yet.
One police report states that Chinese spies have been openly approaching government officials looking for information on a project in the Alberta Oilsands, involving oil and energy.
Although we don’t have details on how much information was shared and what type of information is shared, there is a lesson for us as social engineering enthusiasts and researchers – If loose lips sink ships then alcohol is a missile.
When people consume alcohol their inhibitions are lowered, and when they lower their inhibitions they tend to say and do things that may never have done with a right mind. As a social engineer there is a dual lesson here. First, this can be used against a target in a social setting. Recall the account in Social Engineer: The Art of Human Hacking where alcohol was used to loosen the lips of the CFO on the security system they use. The secondary lesson is that as social engineers if we drink during engagements it can cost us dearly as we may say or do something that will cost us the job.
Another tactic involving alcohol that are implied by nation states is to only gather small amounts of info, feed that back to a team and then the next person approaches with this information. As they are already in the “know” and there is alcohol involved, the target talks more. This “tag team” approached was used by Chinese Spies in regards to obtaining information on a nuclear project being worked on in the states some years back, but goes down in history as it was so effective the targets never knew they gave up too much.
Just another example of why we need to constantly educate and enhance our own abilities as these attacks are becoming more prevalent.
Till next time…