Social Engineering - Part 2 - Elicitation

elicitation
socialengineering

#1

#SOCIAL ENGINEERING - PART 2 - ELICITATION#

Elicitation is a conversation where you subtely try to extract information. However, this conversation needs to look casual and innocent. It’s all about asking the right questions. The goal here is to manipulate the behaviour of your target in order to achieve your goals, which, in this case, is to gather information without compromising yourself. In this step, it is really important how you present yourself to the target and how he perceives/thinks of you (for example, would open up more to someone who looks friendly, confident and that overall seems like a nice person, or to someone that has a shady and sketchy look?). Elicitation offers a low-risk opportunity at information gathering because is something that it’s likely to occur naturally, it’s difficult to detect and it seems non-threatening (like a simple conversation between to stangers at the bar) and also because most people tend to be polite to strangers as they want to be perceived as good and rational people (Useful Note: if your target likes to brag about his achievments, it’s a great opportunnity to gather even more information).

3 Important steps to nail a conversation:

  • Be natural. I’m referring to posture, how you act and how others perceive you. If you look too uncomfortable while talking to your target, you’ll likely ruin your attempt at elicitation.

  • Educate yourself. This is a very important step. You can’t engage in a conversation with your target(s) if you don’t have enough knowledge of what you’re going to talk about (i.e, you shouldn’t go to an “World Economics” convetion if you don’t know anything about world economics. Otherwise you will make a fool of yourself). What i’m saying is you must do some previous research on the topics you’re going to talk about in order to seem natural and avoid suspicion. So, do your research and be prepared. Also, it’s really important that you don’t reach for subjects way out of your league, which leads to the next step.

  • Don’t be greedy. The whole point of elicitation is to gather information, however you must not be so objective about it, otherwise, peole will get suspicious and will end the conversation (also, if you feel that the conversation is dying out, don’t force it so that you can obtain more information, just stop there, say your goodbyes and part ways). When in a conversation, try to give something back, make the target feel reciprocation (try to make him feel that he is obliged to give you something back). It will make it much easier to obtain information since the target may feel an obligation to share information.


#METHODS AND SKILLS#

PRELOADING

To the outside world, preloading is viewed almost as a myth. It has been featured numerous times in movies and you probably asked yourself “Can you really do that? Can you manipulate the human mind that way?”. Well, short answer, yes! If you have seen the movie “Inception” (if you haven’t, what are you waiting for?) you’ll know that the main goal of the characters is to plant a seed or an idea into someone else’s mind, making the target think that that idea was originated by himself, without anyone’s or anything’s influece. This is Preloading.

Let me give you a simple example: Let’s say you want to go to an art gallery, but your partner doesn’t show much interest. So one of your first steps is to start dropping very subtle hints, stimulate his/her senses, so you say something like “Did you hear about the new art gallery that just oppened? They say it’s really beatiful and that the artist really knows how to play with colors and you can almost smell the fresh paint. Also, they say that the artist will do a live painting. Who knows? Might be interesting”.

It’s not important if this triggers an immediate response from your partner or not, what’s important is that you planted that so called “seed” in his/her mind, making him/her feel and imagine how the gallery looks like. Now let’s imagine that you’ve got a flyer or a newspaper advertising the gallery, you could leave that in a subtle place where you know your partner is going to see it.

Now if your partners asks something like “What are we doing in the weekend?” or “Got any plans for the weekend?”, using the previous delivered information, you could reply something like “Yeah, I’ve been thinking about that. Maybe it’ll be good for us to leave the house for a while… How about that new art gallery that oppened recently? I mean. we could use a change…”.

With some skill and some luck, maybe you’ll be heading to that art gallery afterall, whereas if you’d taken a more frontal approach, his/her answer might have been an “No! You know I don’t like going to those places…”. Our goal here was to make our partner more inclined to accept our offer.
(Side note: In almost every movie about the main characters pulling off a big heist or conning someone, there’s is preloading involved, i.e Ocean’s Eleven; FOCUS; etc…)

Appealing to your target’s Ego

This is a very simple, crude method, but also very effective. But beware, try not to exaggerate here as your target may think you’re some kind of stalker and get suspicious… To avoid this, try to seem natural and sincere. Try to subtly flatter your target so you can manipulate him into starting a conversation that maybe could not have existed. Also, this is a good ice-breaker if you don’t know how to approach your target.

Expressing a Mutual Interest

This is a very good method since it allows us to create a deeper connection to the target and almost guarantes additional contact with the target.

Deliberately providing false information

Initially, this may seem a very dangerous concept, but if used properly, it’s a very effective attack. Humans have a tendecy to correct any misinformation, it’s in our nature, so if you approach your target saying something like "It’s a know fact that [rival company of the target] is way more technologically advanced than [target’s company] where the target might correct you and respond “Actually, you couldn’t be more wrong, we are way ahead of [given company] and were almost launching a new technology that will blow away the competition”. If used correctly this conversation may lead the target to reveal some real facts, thus providing you with more information.

Offering information

What you’re trying to achieve with this method is to make your target feel obligated do share information with you (As previously discussed). While in a conversation, offering information makes people reply with similar information, so you could use this to lead you target to a certain topic you wish to find out more about…

And last, but not least…

Using alcohol

The oldest trick in the book, this method speaks for itself. Nothing like getting your target drunk or close enough to make him spill out some confidential information…


#Know your questions…#

There are 4 types of questions: Open-Ended, Closed-Ended, Leading Questions and Assumptive Questions

Open-Ended questions: These are questions that cannot be answered by a simple affirmative or negative term (“Yes”; “No”; “Yeah”…). These are great for when you are trying to make your target reveal details about a certain topic. Most of the times, people aren’t very fond of these questions, so a planned approach might be necessary.

Closed-Ended questions: These questions are the opposite of open-ended (Duh…) but the goal here is to lead the target to where you want, rather than obtaining information.

Leading Questions: These type tries to combine both closed and open-ended questions. These are open-ended questions that have some sort of subtle hint to the answer, allowing the target to give his opinion, but not deviating from the subject too much.

Assumptive Questions: These are maily used when you want to know if your target has the information you’re looking for. This should only be used when you have some knowledge of the subject you’re asking about. Here you must not accuse the target of anything or arouse any suspicion, otherwise you might end up losing the opportunity.


#Conclusion#

Elicititaion is a very powerful skill to have, but one that requires much practice to master. When applying these concepts, they need to be evenly balanced. Think of it as an inverted pyramid, start by asking more neutral questions and then move on to more specific, narrow ones.

https://ghostbin.com/paste/32uyy - This link covers scenarios of SE

PART 3 —> PRETEXTING

Hope you enjoyed it, and as always, feel free to add anything in the comments below.


Elicitation Guide?
(oaktree) #2

Alternate Title: Picking Up Women: For Hackers.


#3

LMAO I was thinking the same.


#4

That was going to be n3xUs’ surprise final part, now its ruined! :stuck_out_tongue:


#5

Who knows what the future might hold??


1337 of the w33k (5/16-5/20) and a Month of 0x00sec
(system) #6

This topic was automatically closed after 30 days. New replies are no longer allowed.