Social Engineering and Trust as a Human Factor
This is my first publication on Habré and it is still difficult to predict the reaction of the local public to my actions. Here's the thing.
The reasons why email addresses or social network accounts are "taken away" are completely different. But, when close people found out my reason, I received condemnation. To some extent, I always understood that the goal of gaining access to the victim’s social networks in order to receive certain correspondence is very immoral. On the other hand, I consoled myself with the thought that if the comrades were caught on such a hook, it means that they need it.
These were two victims who possessed the information I needed. Both are men. I could only find out this information from them, but with one I was almost unfamiliar, and the second was my sworn enemy. Their frequent activity on social networks gave hope that they would discuss with someone in correspondence what I needed.
It was so important to me that for a couple of days I was just thinking how to get the information. The thought came of "hacking." But how? Especially recently, everyone has become more or less literate (good passwords set). In addition, today's applications have achieved a high level of protection. Therefore, the technical hack disappeared almost immediately in my thoughts. I decided to use social engineering. However, the method should not be too complicated.
Different ideas and thoughts came to mind. I went over the different weaknesses of each of them in my head. And suddenly it dawned on - these are women. Immediately wrote a friend, asking if she wants to take part in one extravagant affair. We considered different scenarios, but in the end I abandoned this idea, since everything turned out to be too complicated.
As a result, another idea came up.
I registered a fake account. In the same social networks I found a pretty girl in a Ukrainian small town. The main thing is that she does not intersect with the fake. After which he began to fill out a questionnaire on facebook, uploaded several photos. For the sake of truth, I needed “friends”. I went through various people who are very active (those who, as a rule, add friends indiscriminately), filled the base of about 10 people, and then many began to ask for friends themselves. Since my fake girl turned out to be very sympathetic, in the evening I already had more than 50 friends.
The next day, a fiasco awaited me. Facebook suspected something and offered some photos of my friends, where he asked to sign these photos with the question “Who is in the photo”. Of course, I didn’t know a single person and could not restore the account. And everything started anew, but gradually.
Friends have already been added selectively. Often these were those whom I knew at least as a keepsake and could circumvent this test. He joined the same groups in which the same victims participated. I found some articles thematically suitable for these groups and began to publish. It all took about five days. I had a lie, which, if opened once, could not be repeated, therefore I acted very carefully and without rushing.
One day he waited and began to receive comments on publications in the group from the victim. I intentionally published the most interesting topics for a particular person. It was not difficult to find out his interests; it was enough to look at what publications he actively reflects. At first there were just some kind of unsubscribing, but I was waiting for the interactive and it happened, some kind of conversation started. From the usual comments on publications, we gradually switched to personal correspondence. After that I watched his “likes” in “his” photographs. After some time, he was offered a long-awaited friendship, which flowed into an acquaintance.
- Girl Nastya. Very nice. I work in an IT company as the most ordinary employee and try to become a programmer. If I can cope with one task, then I will certainly be raised up the career ladder and make a good salary.
The information is the simplest and most common, non-binding, non-suspicious. While in correspondence I answer questions, come up with a story of a lifetime, promise dates in some future. And in parallel, register an account on a free hoster. I quickly draw up a couple of static pages of “Lorem ipsum”, create comments there, supposedly left by someone, and an authorization button leading to a one-on-one form resembling the facebook login form.
Yes, primitive, but this comrade was not related to IT, so I took this into account and simply asked for a test to leave a comment on my “test project”.
“My task is to leave a comment through a social network,” I write to him.
He runs to the site in the heat of feelings, tries to log in and writes in response that he cannot leave a comment, because after authorization the previous page appears again and there is no form for entering a comment.
“Oh, I found a mistake, I need to fix it,” Nastena answers him.
Of course, then Nastya became less active, and then completely stopped going online. The fact that he tried to somehow contact her, ask for a phone, etc., I already read from his account. Also lucky. He used the same password everywhere, which easily allowed me to get to VK and Mail.ru.
For the second victim, I had to work hard to create login forms for other social networks and mail, because he used different passwords everywhere. But with joy, for the sake of a beautiful lady, he tried all the methods, in fact, kindly providing me with an input.
Everything is just crazy and does not even seem like a kind of allowance. But nevertheless this is not a manual, but a moral: you cannot trust anyone, especially strangers on the Internet, especially beautiful strangers. Well, double authorization, which is already almost everywhere, would save both.
The reasons why email addresses or social network accounts are "taken away" are completely different. But, when close people found out my reason, I received condemnation. To some extent, I always understood that the goal of gaining access to the victim’s social networks in order to receive certain correspondence is very immoral. On the other hand, I consoled myself with the thought that if the comrades were caught on such a hook, it means that they need it.
These were two victims who possessed the information I needed. Both are men. I could only find out this information from them, but with one I was almost unfamiliar, and the second was my sworn enemy. Their frequent activity on social networks gave hope that they would discuss with someone in correspondence what I needed.
It was so important to me that for a couple of days I was just thinking how to get the information. The thought came of "hacking." But how? Especially recently, everyone has become more or less literate (good passwords set). In addition, today's applications have achieved a high level of protection. Therefore, the technical hack disappeared almost immediately in my thoughts. I decided to use social engineering. However, the method should not be too complicated.
Different ideas and thoughts came to mind. I went over the different weaknesses of each of them in my head. And suddenly it dawned on - these are women. Immediately wrote a friend, asking if she wants to take part in one extravagant affair. We considered different scenarios, but in the end I abandoned this idea, since everything turned out to be too complicated.
As a result, another idea came up.
I registered a fake account. In the same social networks I found a pretty girl in a Ukrainian small town. The main thing is that she does not intersect with the fake. After which he began to fill out a questionnaire on facebook, uploaded several photos. For the sake of truth, I needed “friends”. I went through various people who are very active (those who, as a rule, add friends indiscriminately), filled the base of about 10 people, and then many began to ask for friends themselves. Since my fake girl turned out to be very sympathetic, in the evening I already had more than 50 friends.
The next day, a fiasco awaited me. Facebook suspected something and offered some photos of my friends, where he asked to sign these photos with the question “Who is in the photo”. Of course, I didn’t know a single person and could not restore the account. And everything started anew, but gradually.
Friends have already been added selectively. Often these were those whom I knew at least as a keepsake and could circumvent this test. He joined the same groups in which the same victims participated. I found some articles thematically suitable for these groups and began to publish. It all took about five days. I had a lie, which, if opened once, could not be repeated, therefore I acted very carefully and without rushing.
One day he waited and began to receive comments on publications in the group from the victim. I intentionally published the most interesting topics for a particular person. It was not difficult to find out his interests; it was enough to look at what publications he actively reflects. At first there were just some kind of unsubscribing, but I was waiting for the interactive and it happened, some kind of conversation started. From the usual comments on publications, we gradually switched to personal correspondence. After that I watched his “likes” in “his” photographs. After some time, he was offered a long-awaited friendship, which flowed into an acquaintance.
- Girl Nastya. Very nice. I work in an IT company as the most ordinary employee and try to become a programmer. If I can cope with one task, then I will certainly be raised up the career ladder and make a good salary.
The information is the simplest and most common, non-binding, non-suspicious. While in correspondence I answer questions, come up with a story of a lifetime, promise dates in some future. And in parallel, register an account on a free hoster. I quickly draw up a couple of static pages of “Lorem ipsum”, create comments there, supposedly left by someone, and an authorization button leading to a one-on-one form resembling the facebook login form.
Yes, primitive, but this comrade was not related to IT, so I took this into account and simply asked for a test to leave a comment on my “test project”.
“My task is to leave a comment through a social network,” I write to him.
He runs to the site in the heat of feelings, tries to log in and writes in response that he cannot leave a comment, because after authorization the previous page appears again and there is no form for entering a comment.
“Oh, I found a mistake, I need to fix it,” Nastena answers him.
Of course, then Nastya became less active, and then completely stopped going online. The fact that he tried to somehow contact her, ask for a phone, etc., I already read from his account. Also lucky. He used the same password everywhere, which easily allowed me to get to VK and Mail.ru.
For the second victim, I had to work hard to create login forms for other social networks and mail, because he used different passwords everywhere. But with joy, for the sake of a beautiful lady, he tried all the methods, in fact, kindly providing me with an input.
Afterword
Everything is just crazy and does not even seem like a kind of allowance. But nevertheless this is not a manual, but a moral: you cannot trust anyone, especially strangers on the Internet, especially beautiful strangers. Well, double authorization, which is already almost everywhere, would save both.