Welcome to my social engineering blog which I plan to kick off with a series I call, "What the heck was I doing?" Specifically this blog is about when I see myself using a specific social engineering technique. When I do I'll use this blog to explain what I was doing, the context, and finally the result of my techniques.
To open this blog up I'll go over quickly the basic ideas I'm going to be using.
In this post we will be covering:
- Social Geometry
- Conversational Rhythm
- Conversation Injection
- Conversation Hijacking
First we will discuss social geometry which is the concept that you can map the physical placement of different individuals in a social setting. Doing this will allow you to infer some basic information about the participants their status and finally who currently has control over the conversation.
The majority of information that I use was sourced from watching the great ape hierarchy. Due to the lack of their theory of mind apes represent only their own self interests in these social interactions. It’s important to realize that social geometry differs based on quite a bit of factors but the most important one is cultural. The dynamics of people from the United States versus India or China for example vary quite a bit (mostly due to population vs. space differences).
In this case I want to introduce you to one very common geometry situation I like to call “isosceles triangle”. This is the geometry involving three people two of which are having a discussion and the third is ancillary to that conversation.
Most commonly it’s either two close friends and a third person who is only friends with one or peers with a subordinate. I’ll apologize in advance for my MS Paint picture but honestly it’s the tool I had at the time.
What you see here is a graphical example of the geometry that I’m discussing. In this case you can see the circle in red is the person who has conversational control at the time. This geometry has the two green circles illustrating the two associates that are related in some way. The bottom green circle is the person having the conversation while the top green circle is just slightly further away. This is the natural position of three people where two have an interest, topic, or agenda and the third isn’t included.
The goal for me in this situation was to insert myself into the conversation as a peer. Some people might think, well why don’t you just move closer? To answer that think back to when you were talking and someone just walked up to join your conversation. What you really want to do is have them invite and acknowledge you into the conversation. This not only makes them trust you more it also establishes you as a peer in the conversation.
The method I used for this particular tactic was to monitor the conversational rhythm. Then inject into it and take it over allowing me to guide the conversation. The skill set that allows you to walk into a conversation and take it over can’t be understated. I have probably hundreds of various approaches I can use to enter into established conversations. This one is fairly uncomplicated and has a fairly high success rate.
Conversational rhythm are those natural pauses that exist in communication that fosters conversation. It is the difference between a monolog and a conversation. The typical rhythm is of course, Statement, pause, response, pause, question, pause, answer, pause, etc…
I won’t go into a great deal of information on speech rhythms there is a lot of available research out there on the subject needless to say don’t start practicing on English is a second language targets. They tend to have slower and more complicated rhythms.
Once you have identified the conversational focal point (or the person in control of the conversation, or the conversational center, etc.…) and have a feel for the rhythm it’s time to execute a conversation hijack. There are many forms of conversation hijacks some are process interrupts, some are comedic tempo shifts, and in this case I used a concept closer.
To do this you listen to the conversation until you can predict what the target is talking about. Once you have an idea you again wait until they start to use an explanation or metaphor (Metaphors are the best at least for me). Then as the person is stating their concept you insert your version forcing the original person to acknowledge your presence and then your understanding. In one step you have just forced their social structure to accept you as a peer.
As an example I’ll put forth the following scenario:
Peer 1: “Do you have any idea how long it will take to fix it?”
Peer 2: “I’m not sure it’s complicated kind of like climbing a mountain.”
Peer 1: “Well we should know how long it takes shouldn’t we?”
Peer 2: “Well it’s sort of like baking a soufflé.”
Me: “What he means is that they know at least one thing to fix but there may be more wrong with it.”
I could probably think of better examples but here you see one person trying to explain something and failing. In this example we create a link between the two people as a translator. In doing so you help both of them and thus they bring you into the conversation to assist them. You will know you have succeeded at this technique when the social geometry shifts from the above isosceles triangle to an equilateral triangle.
Here you see how the elongated length has been shortened and now everyone is standing equidistant. This feels more natural when all people are peers and is a natural dynamic for 3 close friends.
So to recap by watching the distance people naturally stand from each other you can infer a great deal of information. From who dislikes who to who is sleeping with who and more importantly who holds the conversational control. With some simple interjection and proper timing you can be granted equal status to the core social members which in turn will allow you to turn the conversation.
I’m not going to indicate that just knowing these concepts will make you an effective Social Engineer. However I rarely see practical examples of techniques being used so hopefully this is useful.
If you have any questions please contact me on twitter @willsecurity.