Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
Like this article? We recommend

No Kidding: Perception IS Reality

Humans operate on survival modes that hurt as much as they help. Ever hear someone say, "Perception is reality"? The speaker of that ancient wisdom is completely right. Here's an example: If the world calls a shape a square, and you call it a rectangle, you're faced with a dilemma. Which option will you choose?

  • Agree that you're wrong.
  • Argue that they're wrong.
  • Redefine your definition of square, and try to change their opinion.

The skills that we use to create perception play heavily into our interaction with other people. For the most part, humans behave in a manner that allows them to act autonomously. However, when put into a situation that requires interaction with another human, the pair will perform basic tests in order for each to verify the intentions of the other. (Is he a square or a rectangle?) These tests normally rely on the five basic senses to help each person develop an opinion of the other. By paying close attention to this interaction, it's fairly easy to find a manner in which you can mimic the "investigator" and develop a level of comfort with him or her. Psychologists and therapists call this technique mirroring. After all, isn't it easier to like/trust someone who looks, smells, breathes, stands, talks, and dresses like your friends?

As I sit here typing on a flight, I can observe this behavior in action. The baby boy sitting next to me, yelling and flailing around, is having an absolute blast. Passengers in a three-row radius around him are franticly trying to get his attention, to share in some of the joy he's experiencing and freshen up their own mundane trip. What's the first thing that causes the child, blissfully absorbed in his own bouncing madness, to engage with an onlooker? Someone waves her hands in mimicry of the little boy. A waving match breaks out, and the little boy giggles with acceptance of his new friend. I'm not sure whether the little boy just social-engineered the onlooker or she social-engineered him, but in either case it's a wonderful example of how trust is built with a complete stranger just by creating some similarity. This same technique is used by the professional social engineer to gain trust and access by various methods.

Many times, the social engineer will pretend to be an individual who is external to the company but is expected to go into restricted areas. An example could be dressing as a technician from the phone company. The SE will wear the appropriate clothing (company logo shirt, work pants, phone system repair gear, work boots, and that big metal clipboard that we all respect and fear). This basic outfit is created to fool your sense of trust. It plays on knowing your mental checklist, "Phone guy: legitimate or fake?"

Sometimes the SE may have to go a bit further to increase the rate of success, as people become more suspicious of outsiders. No worries—just go through your own checklist and add to the outfit. Try peppering in a work order and a dangling key ring. Rent a white solid-side van and sticker it with business artwork. You might even spoof a call from the phone company, announcing to the recipient that you're coming. Voilà! The SE is now the phone guy/girl.

Make no mistake: People will see the SE as the Telco tech, and their perception is reality. Therefore, the SE will be granted access to all those interesting restricted areas—phone closets, switch rooms, even the datacenter.

  • + Share This
  • 🔖 Save To Your Account