The Art of Social Engineering (re-visited) Carbon Storm Well social engineering is an art. A real art. Before I start telling you all about it I think you all deserve to know one thing. If your timid and find it awkward to talk to answer machines or people you don't know on the fone, then stop here and save yourself the embarrassment. Social engineering is for the more up front kind of people. The kind that used to go in and try to get served fags at the age of nine. Because as far as I've learnt as with most things, it's trial and error. Stunts you pull off will go wrong. Its not the most comfortable of situations if they do but if you don't keep a level head then things could go seriously twisted. A brief background; It's an old skill, a kinda blagg taken to the absolute limit. It's definitely progressed over the years. In most texts things called engineers are covered, *ill get to these later* these are the different scenarios you can set up hence "engineer" to gain knowledge. This by the way is usually the aim of engineering, however if you didn't know that then well...now you do. Over the years more and more engineers have come around and have been invented. Not always by bad ass phreakers either. Oh no, a regular joe bloggs can also invent his own engineer. That's the beauty of it, you create the engineer that will do the right job for you. How it works; Ok this is simply how it works in stages. 1.gathering the information :~ this is when you make sure your clear on the scope of your activities. 2.fone or physical contact with the target :~ this is possibly the final part of the engineer, the main part. 3.loose ends, further contact :~ this is optional, if you plan to use the same attack plan again you may wish to tie up loose ends to prevent them getting wise to the fact that they've been had! ;-) At least that's how I split my ops up. Further description; 1. Now you must *obviously* have a need to engineer a target. So gather information. For my first time I made a small plan, almost like a "how to take over the world" plan. Basically map everything from the name of the people your going to ring, to the underwear your going to have on. Everything. Of course as time goes on this won't be necessary but the first couple of times its a good idea. This way you can probably have it in front of you when you make your calls or whatever so if things go shitty you've got something to recap with. It's important to make sure you take control of a conversation while engineering. It is useful, when talking to staff lower down the pay list, to have knowledge of higher members of staff such as the bloke that pays the checks!:-> Armed with these you can fluster them with the fact that they are not pleasing you and want to speak to *the man upstairs* or whatever. If they think your an irate customer and they might be going to get in trouble then they'll usually give you what you want. Unless its BT! ;-> They're just cunts period! The main thing you need to pilfer is information regarding your attack, be it pretending to be a local admin asking an office runner what the dial up number is, along with user name and password, to a respective business man arranging the exchange of something or other. You get the drift. N e thing else is good, be armed to the teeth with names, numbers and if all else fails, reasons for blackmail! 2.This is where all you info comes in handy. Either go to the target physically (slightly more daunting) or by fone and engineer what you can. It may take more than one fone call/visit. Maybe your doing the transactions between two companies without them knowing. The key element in the actual attack is speed and smoothness. In other words how well you do it and how fast. I don't mean rush it, if you do, the person your talking to might get suss. Just don't hang around like a wet fart. If you do it well then there will probably be no need in some cases for step three. However even if everything goes well, people often ask superiors if the information they've been fed is correct. If word gets around then people are gonna start asking questions then it might all fall apart. *NOTE* Section 2 varies widely on which engineer you are carrying out. Its not that hard to adjust everything to what suits you. 3.Tidying up the loose ends. There may be no need for this, there may be however its pretty self explanatory. Maybe you did the school student engineer, a fone call from the careers advisor or the subject teacher might not go amiss>>>? A tip that I would give is keep an eye on their mobiles. If they've got Bt cellnet or Vodafone fones brake in to the answer machine and make sure there's no messages they shouldn't be hearing. If you don't know how to do this then check some of the back issues of anti-social or swat magazine. Different engineers; There are many engineers but as far as I know these are some of the most common. Both in very basic format but then they are easily twisted to your needs. THE SCHOOL/COLLEGE SURVEY. One for the less aged among us. Not less skilled. This can involve going into an office and asking the front desk if you can carry out your survey of blah, blah, blah. Take a clipboard with one multichoice survey on top and a load of blank pages underneath. Then walk around and try to note down anything that looks interesting. Listen in on fone conversations, take notes from comp screens and notice boards, stuff like that. Variations :~ Drama student: using a camcorder spew sum bull shit about a music video or something. Photography: Take a camera saying your taking pics for a local mag or newspaper. However be warned this could attract a lot of unwanted attention. Make sure you look for the notice boards though. They're often prime places for information. Suggestions :~ Try taking a load of mates with you, make it the sweet ones preferably girls in short skirts, business men are usually happy to let you wander around looking at things then. Try sucking up to the receptionist, if your spotty and ugly then get your mate/girlfriend to do it. THE REPAIR MAN. You have to be quite old for this one. Not much preparation required, just walk into an office, find the most stupid looking receptionist there and tell them that your there to fix stuff! Of course you can't just walk in clothed normally, you'll have to rent/steal a pair of overalls and carry a tool box. Your basic phreakers kit should do the trick! Then find fone lines, and pretend they're broken. Also look for all the things in the above engineer, dial up lists, password lists all that rollox. Don't just look at fone lines. If you can they're useful but usually only if you've got a BT overall and you can beige off them. Otherwise It's not very believable. However if you can get hold of some BT overalls. Try beiging off the fone lines that are used to connect to the internet. Do a line test and find out which number you are calling from. Then note the numbers and try to dial back in later. You get the idea. Even better would be to steal the kit outa the back of a bt van. If any of you have actually managed this yet id appreciate an email to tell me what you found. I've wanted to do it for years. However be warned. I've heard that Variations :~ There are loads of different repair men in the world. Try and choose one that's both believable and that will gain you access to the information that you want. Suggestions :~ Try dressing in the exact uniform that the workman of your choice would do. Carry tools that imply your actually gonna do sum work! :-) Well like I said there are a lot of different types of engineers, now bare in mind what I said earlier, some of these may not work for you so be imaginative, doctor them. Twist them and alter them to work for you. Most engineers consist of both fone calls and physical presence. However I understand that some people are to young, small, whatever to be physically present in some cases. This is because it would be unbelievable for you to be a photocopy re-pair man or whatever. Now some might say that carrying out a whole operation over the fone is not an engineer. However I consider this wrong. For Phreakers fones are the main focus, the phone system all ways has and always will be one of the biggest attractions to us. We are driven by all things electronic and a lust for learning. Hackers and phreakers alike though we branch off and some lose the plot, most of us are in it for the same reason. A compassion to learn about what everyone else doesn't know. Its a separate learning curve that only a few get to the top of. However far you get take it seriously, but have fun. Engineering over the fone is engineering in my book. Anyway, I always gather a certain amount of info before proceeding with an op. Knowing certain things about your target can provide you with information you might need while lulling your victim into a sense of reassurance. Of course it could also provide you with back doors and escape routes from awkward conversations. Always have an escape plan, even if its putting down the fone. Just a small note ---- When it comes down to it, this is a txt written for those who are new to the underground, written by someone who remembers what it was like to be the underground. A load of texts that are outdated and hard to understand. Its not technical and I don't intend to pretend it is but if anyone has questions or comments, then feel free to mail me. No flames please. Carbon_storm@yahoo.com