The Long Con: The Evolution of Social Engineering

Human hacking (in the cyber sense) isn’t a new phenomena.

Con Artists, Fraudsters and Scammers are all exceptionally good at one thing: the art of adaptation.

With the evolution of social media to such a pervasive mainstream level of acceptance; what used to be achieved through click-jacking and email phising, has evolved into complicated long cons.

And it’s not just con artists playing the social-game.

The art of persuasion and influence is, in a civilian environment, most likely geared for profit. I’ve written before about Socialveillance and Social Propaganda in Marketing. The distinguishing factor between socialveillance, social propaganda and overt scamming is the level of deceit involved in the con.

Advertising, for example, has an implicitly accepted level of deceit. As consumers we often buy the hustle, more than the product – the hope or the dream it sells – rather than it’s useful application. The cosmetics industry is a prime example of this. We all know that we won’t look like Miranda Kerr by buying Kora Organics – but we like the brand experience and the eco-dream-of-green it sells. We can’t look like her – but we can be like her.

Television, by it’s nature, has an implied level of deceit. It’s about selling entertainment and the advertising that pays for that entertainment. We all know that our favourite television dramas and comedies are far more fiction than truth. We know it’s no coincidence the that Raj on Big Bang Theory tested out Siri the moment he got his new iPhone; or that James Bond just happens drive around in an Aston Martin Vanquish. Product placement is a very profitable long-con. It sells to the individual by leveraging the collective: even if you can’t afford an Aston Martin Vanquish – it’s a brand experience that is desirable.

Even reality television (hat-tip to @RouletteLeader) is a long con aimed to hook you into watching each episode to sell carefully placed products and have you pay for the privilege of voting contestants in or out. You’ll tweet about it, buy their cookbook or album … and then tweet about that too. You are conditioned – over the long game – into patterns of behaviour that profit someone else. Social media simply leverages the collective hive mentality of reality television to create an addictive, ongoing hype infused brand experience.

Cha-ching !

It’s not all Aston Martins …

The dark side of social engineering is more insidious than the brand of cookware used on My Kitchen Rules. If there is profit in your data; or an advantage to be gained by eliciting your information – you or your employer are a long-con social media target. Ten years ago it was called white collar espionage; but today it’s simply a LinkedIn connection you don’t really know or a Facebook friend request you’ve accepted from a stranger.

How much information do you give away to your friends on Facebook?

What do your pictures say about you, your work, your lifestyle?

How many of your Facebook ‘Friends’ do you actually know in real life?

What does your LinkedIn profile say about you – or more to the social engineering point – doesn’t say about you?

What groups do you belong to?

How many of your connections have you actually met in real life?

Social media networks house a goldmine of information – both personal and professional – about YOU. From what you share, to the data game being played behind the scenes – the story that is left untold is often either pre-Social Media, deeply personal or deeply embarrassing. And in the Corporate, Government, Military and Law Enforcement environments – this is the exactly the information a social engineer is after: the kind that compromises you.

Target Acquired

From identity theft to espionage, social engineers using social media as their weapon of choice have plenty of content to work with. Whether their motivation is money or information; the amount of data available  is astounding. With privacy a long held concern about social networking; going socially silent is no longer an option – for not having a digital footprint tells a story in itself; and realistically you’d have to be living off the grid to completely be un-Googlable.

Traditionally we have seen financial reward as a motivator behind social engineering; but the wikileaks phenomena and more recently Edward Snowden’s leaking of US state secrets (in a spectacular case of reverse social engineering) proves that motivators for betrayal can be fundamentally personal, with no expectation of reward.

There is a distinct strategy in strictly controlling your digital footprint to mitigate social engineering and identity theft risks.

If you think you’re too savvy to fall for a social engineering grab for your information; think again.

Your privacy online is actually in the hands of those you are networked to – as they could at any time provide your information to a third party – which makes knowing your online network offline more important that ever.

Anyone on social media can be the target of a Social Engineer.

The long con… could be you.

Hat-tip to Steve Baker aka @RouletteLeader for flying a very clever angle on social engineering across my radar; and inspiring the preamble to this blog.