- 21 Eki 2015
- 477
- 1
The Different Types Of Social Engineers
When you navigate on the net and lookup the definition of the term "social engineering", It's predominantly defined as "tricking someone Into giving up confidential Information", or some variant of similar meaning. Whilst this Is certainly true and correct, by no means does It entail this alone, but rather extends a lot further Into the art of human hacking. The way It should be written as part of every online resource Is: "Manipulating a person Into performing an action that they're not supposed to do". This Is my very own wording, that's simple, straight to the point and pretty much speaks for Itself.
Although It sounds like an easy task and sometimes Is (when there's very little to no complexity Involved), for the most part, social engineering requires a high degree of skills to begin the SE, persevere with It during Its execution and to finally make sure the objective at hand Is achieved without fail. Have you ever wondered why a given SE succeeds by one SE'er, and the very same one fails when performed by another social engineer- even though the same method and execution was used In both circumstances? That's because not every SE'er Is on the same level, Irrespective of how well they've been trained, and the number of years they've been actively SEing.
For Instance, I can create a social engineering challenge by asking ex-amount of SE'ers to grab the password from a representative working In the account's department of Logitech, and some will do It with Incredible ease, others with a little help here and there and the rest not even coming close to fulfill my request. Even though the exact same tools and environment was used to complete the challenge, It produced mixed results. How so? Well, the equation Is pretty simple and self-explanatory. Every, and I mean "every" social engineer differs to some extent and as such, It's Impossible to expect a duplicate outcome based on Identical scenarios.
The reason for this, Is due to the fact that "there are three types of social engineers" and when you've finished reading the rest of this article, I have no doubt that you'll place yourself In one of the three categories. Of course, that's provided you are an SE'er and not just reading this for Informative or educational purposes. That's what this guide Is all about- to give you an In depth understanding on the three different types of SE'ers, how they operate and why they're separate from each other. So without further delay, let's check It out.
Elite Social Engineers:
During your educational years at school or college, I'd say It's very safe to assume that you've excelled at one particular subject and completed every task with minimal effort and thought, whilst other students struggled to keep up- no matter how hard they tried to get the job done right. There's a perfectly good explanation for this, and that Is you were simply gifted In the topic and could accomplish just about anything your teacher handed to you. The same analogy applies to "elite social engineers" when SEing a representative to refund an Item they don't have, or gaining physical access to a restricted building by pretending to be an employee at the company, and tricking another employee Into letting him In.
These type of (elite) social engineers, function as though they were born to SE any company on every level, Inclusive of every person they plan to manipulate, regardless of the complexities Involved. In fact, there Is nothing too difficult nor anything they're not capable of doing successfully. "Elite SE'ers never seek help from others", but rather provide assistance to anyone who requests It, and they keep doing so beyond expectations.
They see the warning signs before they begin (so to speak), and circumvent every obstacle with Incredible ease, as well as complete any problematic Issue at their disposal. Put simply, "SEing Is second nature to elite social engineers"- seldom do they sit around and contemplate how to perform a particular SE, It all comes natural right from the get-go.
SE'ers Who Seek Help From Others:
These type of SE'ers also have the knowledge to research their target effectively, gather Information of relevance and formulate & execute their method accordingly. When the process begins at the claims department of the company and on the grounds It's not approved as yet, the rep will (obviously) reply with the details they require from the social engineer to move forward with the claim. Now Instead of responding to the company's request, the SE'er will ask for help from fellow SE'ers, as to what should be done next.
For the most part, "this Is repeated with every reply the SE'er gets from the company". For example, the company may ask to send the Item back, and the SE'er will post a thread on the board/forum on how to get around this. A little later on, a POP (Proof of Purchase) Is required by the company and once again, the SE'er will need assistance on how to circumvent this. All this will keep happening until a successful outcome Is achieved.
Now It's not that the SE'er doesn't know what's going on, but Instead needs extra guidance along the way. He Is still "the one who's doing all the hard work to SE the representative", there's no question about It and knows "how to apply and execute every bit of assistance that's given to him In a very effective manner". The only difference between this type of social engineer and an elite SE'er, Is the "request for help". His attacks are equally effective, and so too Is getting the job done right.
SE'ers Who Ask For Help But Lack Common Sense:
If you haven't figured It out already, these types of social engineers are at the bottom of the table In the SEing sector, not because they don't have the knowledge to SE, but (for the most part) they simply lack common sense and good judgement. As with the category right above this, they will not only request assistance from other SE'ers, but "they'll keep asking questions over and over again, often repeating themselves In an annoying fashion". Why do they do this? It's pretty simple- the Information given to them doesn't register straight away and when It does, only then can they move forward with preparing and executing their social engineering attack vector. However, It doesn't end here.
It's all well and good when they work with details given to them by other social engineers (and a lot of times they do In fact SE on their own successfully), however there are many occasions when they're confused with the most simplistic of tasks. For Instance, I came across one SE'er who wanted to "box a company using dry Ice with a chair measuring a collapsed size of 86 x 28 x 35 cm and weighing 30 Kg". After he was repeatedly told that the box method for an Item of this nature Is not possible, he failed to see reason and continued to try and justify otherwise. And all this was due to a lack of common sense.
I'd like you to think about It for a minute. How on earth Is It possible to use the box method on the above Item without the carrier noticing signs of tampering at the collection point? Also, who In his right mind would box an Item weighing 30 Kg? Moreover, can you Imagine trying to calculate the time It'll take for 30 Kg of dry Ice to sublimate? I can tell you that there would be no where near enough time, regardless of how well atmospheric conditions are In the SE'ers favor. This Is just one of many scenarios I've come across and to this day, still do. As you've realized, this Is just a matter of common sense and lacking It, "Is one of the main reasons why SEs fail".
In Conclusion:
The purpose of this article, Is to simply make you aware of the different types of social engineers, so as an SE'er yourself, you'll know exactly what you're dealing with when providing assistance on a given board/forum or via chat such as Discord. Do remember that there are only three types- without any In between. That Is, you're either born to be an SE'er ("elite"), get the job done by requesting assistance ("help from others"), or cannot see a situation for what It Is ("lack common sense"). Without question, you will experience all three types during your travels and of course, you are one of them, hence you're now well-Informed of the exact nature of all three social engineers.
Excerpted
