Head Hacker - Social Engineering, Mentalism, Hypnosis, Misdirection, Influence and More....

Body Talk… Arms out rah rah rah

Hope everyone is off to a good week, what with Defcon, Blackhat etc I am sure many of you are travelling. I personally had a weekend break in Cardiff and enjoyed doing a little grey matter manipulation, as well as talking about social engineering, mentalism, body language and more.

So with body language on my mind, its time to get into it again, this time we are going to look at the arms. Before anyone asks, yes they are my biceps…… honest.

So why bother with the arms you might be thinking? Well they are a good transmitter when someone is expressing themselves, and they are a good area to observe to pick up on signs of both confidence and discomfort as well as other emotional experiences.

We also rely a great deal on our arms, not only for the obvious things, but for the subconscious actions that occur. Our arms automatically reach out to grab a dropping item, raise to protect us from danger in swinging and blocking motions, even when it may not make sense. This is again the limbic systems carrying out basic primitive survival actions.

So onto the observational stuff. Have you noticed how when we are happy and content our arms move more freely, moving around on the wave of enjoyment, sometimes raising over our heads in excitement, exchanging high fives and cheering. When people are having a good time, content and energised you will really notice an increase in arm movement. When the opposite experiences and emotions are going on, there is a droopy sulky nature to the arms. Hanging down, more rigid and withdrawn. A key observation here is the arms forming very closely to our sides, or closing across our chest in a protective manner. This motions can be observed in relation to both physical and emotional pain or distress, its a guarded and protective reaction.

Another interesting observation, is the statue / frozen type of stance in the arms. This is common reaction that stems back to animalistic survival techniques, we freeze to attempt to remain unnoticed. If you observe someone become statue like / arms fixed to the side in the presence or approach of an individual this is usually a sign that there are bad feelings, or a history of discomfort in the relationship.

The arms also have a story to tell when you are approaching them. If you are approached arms stretched out, in a come here type of look, its pretty clear they are happy to see you. If the upper arms remain rigid in a vertical manner and just the lower arms are extended from below the elbow, then this communicates that you are kinda welcome, but the greeting is more that of a political correctness. Arms placed behind the back locked out of sight, is a clear signal of not being interested, wanting to be left alone, and not to be interacted with. This is somewhat similar to when people have their hands in their pockets, and it a world of there own. If you see these later signs when you approach someone, it is a clear signal of they do not want to interact with your, or depending on the situation have something to hide. Another common display, and I am sure many of us are familiar with the saying “keeping you at arms length”. Well this is true, we will extend an arm to keep people at a distance, that we feel keeps them out of our personal space. You often see this in crowded places, and situations of conflict.

Finally we shall quickly look at the arms language regarding dominance. We have spoken about this a little before, in how humans spread their legs to take up more room, in a sign of territorial stance. The arms can also play a similar role. People spread out there elbows, place them on there hips to take up more space, and show they are dominant in that space. The more or less territory someone takes up is a good sign of how confident they are feeling at that time, in the situation they are in. Another sign of dominance with the arms is when people put there hands behind their head, with elbows pointing out. The is a very confident, laid back approach, signifying authority and that your in charge and mean business. Similar to this is having arms spread out spanning multiple chairs, or a bench. As well as planting your hands with arm splayed out on a desk, in an authoritarian manner.

Hopefully you found this information interesting and insightful. As per usual be mindful, keep your eyes open and watch for what’s happening around you.

Share and Enjoy:

Its the little things… Micro Expressions

Many people say its the little things that count, depending on what your talking about your partner may or may not agree with you However when it comes to body language type stuff and reading people there is a little something worth paying attention to, and that’s micro expressions.

Wikipedia Definition – A microexpression is a brief, involuntary facial expression shown on the face of humans according to emotions experienced. They usually occur in high-stakes situations, where people have something to lose or gain. Unlike regular facial expressions, it is difficult to fake microexpressions. Microexpressions express the seven universal emotions: disgust, anger, fear, sadness, happiness, surprise, and contempt.They can occur as fast as 1/25 of a second.

Microexpressions where first discovered / documented back in the 60′s, however I didn’t become aware of the studies and research until reading the work of Paul Ekman in the early 90′s. Back then I didn’t look into it to much, and its only been the last 18 months or so that its really peaked my interest, again from a social engineering perspective. I will also say in the last year people have been made a lot more aware of microexpressions due to the TV show Lie To Me with Tim Roth.

There are supposedly 7 universal microexpressions, however like anything its is important to study people to define the baseline of an individual. Below are some examples (from the TV show) of what these 7 microexpressions look like.

So why should you bother looking into microexpressions. Well its simple, its provides you with a guide (educated guess) as to if someone is lying to you, as well as providing additional information as to how people are really feeling when responding to your questions and presence. I am sure you are aware of the tells and expressions of people close to you, and those who you interact with on a regular basis. No doubt it took you some time to become familiar with those expressions and the hidden meanings behind them.

So if you want to go about learning these skills there are a few things you can do. The easiest and cheapest is to study people in your everyday observations and interactions. You could even team up with friends and go through various Q&A sessions study and note the responses. Another option, and I recommend in conjunction to the previous suggestion read various materials on the subject, but also look at videos, political speeches and training sessions to improve these skills. Personally I find I learn a great deal more from videos and images, than text alone, especially with this sort of material it is essential.

The only tools I am familiar with myself are those of Paul Ekmans, both the METT (Micro Expression) and SETT (Subtle Expression) training tools. These tools feature large collections of images, showing quick demonstrations of expressions to learn and test yourself. For more information on Paul’s tools check out his website, I think he used to have some free tools, however now there is a demo option, and then the charged options ranging from $20 – $70.

All the best with honing your human lie detector skills

Share and Enjoy:

Setting your motivation… Mind Scripts

Getting into character is an important part of being successful on a social engineering engagement. You may be physically impersonating a sales guy, engineer, employee, or you may be carrying out your fiendish work remotely gathering data, and setting up meetings. Either way you should be clear in your mind who you are, who you are engaging with, and what you want out of the activity, you need to be clear on your motivation.

When I think of this, my immature side (say nothing) hears a rather camp actor shouting at the director asking, “what’s my motivation darling”. OK so I am odd, lets use the above imagery to demonstrate the motivation to run through the opposition to score

So with this in mind I wanted to quickly talk about something a little NLP’esk that I think you will find helpful, and if full embraced will really help with your attitude, approach, body language, facial expression, tonality and more when carrying out an engagement. This little something is called Mind Scripts, and is something I first heard about when studying cold reading and hypnosis, but have also heard similar approaches from an NLP context, and in sales type books on engaging and building rapport with people. (I am not 100% sure who coined this term, I think it may have been Ian Rowland, but please don’t hold me to that).

So what is a Mind Script? Well a mind script is just a simple, short,concise and positive statement about the activity or interaction you are about to engage in. This statement you repeat to yourself mentally before and during the engagement.

Don’t reject this concept just yet please, as some pointless simplistic activity. You will actually find that you make a huge difference as to how you come across to the person(s) you are interacting with when you you run an appropriate mind script. If you think about it we are unconsciously running a mind script of some kind all of the time, simply waking up and telling yourself its going to be a crappy day, then becomes a script you will be running. This then effects how you interact, attitude and the effect you have on others unknowingly.

Here are a couple of example of a mind script to give you an idea of how simple they are. I then encourage you to try running appropriate scripts before going into meeting, interacting with people one to one as a form of practice. If you think about it, it really does make sense, but I would like to hear from people with their thoughts, comments, success and failures. Obviously remember there is NO FAIL

I know you, you know me, I belong here

I like you, you like me, this will go well

I respect you, you respect me, and we will have a good discussion

I am an expert, you know I am an expert, there will be confidence in my recommendations

Hopefully you get the general idea from these brief examples, think positive, be positive. A positive mental attitude, positive things happen to positive people, that’s what I tell myself anyway

Share and Enjoy:

Messing with your mind.. Optical Illusions

I have been trouble the last couple of weeks to make the time to come up with some content on a weekly basis (I am still trying though), so if you have suggestions, or things you would like to read about please let me know (suggestion[at]headhacker.net).

For this week I thought I would just share something for amusement. So here are some pictures that might not quite be what they seem. See how your brain first interprets them, they try and see what they really are.

Its not actually a lake. Its a wall, take a close look.

Can you see the invisible man?

Can you see the face?

I forget where I originally found these images, so thanks to those who created them or who had them on their site originally, its much appreciated.

Share and Enjoy:

A Rubbish Post.. Dumpster Diving

So I am sat here thinking what to write about this week, and I kept going over things, but for one reason or another my mind is elsewhere. I kept thinking, no, that will be a rubbish post. Then it hit me…. dumpster diving

If your not sure what dumpster diving is, then its just what it says really. Your digging around in the rubbish / trash looking for that nugget of information that can help you in your information gathering stage.

So what are you going to find in the rubbish, not alot surely? Wrong. Individuals and Companies put alot of seemingly unimportant information in the bin. This rubbish can help us in many ways. We can find thrown out junk mail, that would be targeted around what an individual does, this can help build a profile. We may also find pre-approved credit card applications and alike, these of course can be used for identity theft. This is nothing new, and criminals have been doing it for years, and even though people shred alot of their bank statements and alike, this supposed junk is often overlooked.

Organisation you may think do a better job. They have confidential waste bins, that get sent of site to be shredded, to stop someone getting access to what the company considers juicy information. This is often the case, but in a few instances I have found this confidential waste bins sat unlocked near loading bays awaiting collection, perhaps a case of out of sight out of mind.

Then we have the general waste. Now this has become some what easier in recent years as companies have become more environmentally aware, because we now often see multiple bins for paper, waste, and recycling etc.This is obviously helpful to us, so we can hopefully ignore the bag of apple cores, moldy sandwiches and other untold horrors, but dont forget that humans make mistakes, so there is still sometimes gold to be found among the banana skins.

So what are we looking for when we are doing our stig of the dump impression. All sorts of valuable pretties can be found. We can find internal memos that will give us contact names, phone numbers and internal gossip. We can find business cards, and correspondence from the companies 3rd parties, this helps us to identify viable 3rd parties to impersonate. You can often come across various sensitive reports, network diagrams, IP lists, customer details, alarm codes, passwords. All the things you think would be shredded, can turn up when dumpster diving. In addition, organisation charts, company phone directories, policy and governance information, print offs of peoples calendars, letter headed documents, CDs, DVDs and even old hardware. It really can be an Aladdin’s cave.

Things to remember when you go dumpster diving, dress appropriately, wear gloves, and take a bin bag to dump stuff in. Be aware that you may be trespassing as part of this exercise, so you may come across a disgruntled security guard, or his pooch.

Dumpster diving is often a dirty, filthy, smelly job, but the rewards can often be significant. Another approach is to simply take refuse bags and go through them at a more remote location.

One mans rubbish, is another mans treasure

Share and Enjoy:

Sub Zero Mind Reading.. The Art of Cold Reading

I know what your thinking! See what I did there Seriously though this post is going to give you a little insight into cold reading, what its all about, a few facts and some ideas how you might want to put this skill to good use.

Wikipedia Definition – Cold reading is a series of techniques used by mentalists, illusionists, fortune tellers, psychics, mediums and con artists to determine or express details about another person, often in order to convince them that the reader knows much more about a subject than they actually do. Without prior knowledge of a person, a practiced cold reader can still quickly obtain a great deal of information about the subject by analyzing the person’s body language, age, clothing or fashion, hairstyle, gender, sexual orientation, religion, race or ethnicity, level of education, manner of speech, place of origin, etc

So what is cold reading all about? Essentially its the process of giving general statements (Barnum Statements) that an individual will find and believe to be very specific and meaningful to them as an individual. This can be achieved by generic statements, or using information gleamed from other sources, body language and general observation.

You may have experienced this yourself if you have been to see a psychic, palm reader or similar. Now before anyone flames me, I am not saying that some people may not have a gift, or at least believe they do, but I have not seen for myself or seen anything documented that convinces me that some sort of cold reading is not at work. Depending on your scepticism you may find the experience interesting, revealing and worth the money, you probably also like to read about your star signs in the daily newspaper also.

The reason I don’t bother trying to convince people otherwise is for two reasons. First of all we are all entitled to our own opinions, and as long as you are entering into the experience with a sound head on your shoulders, and are happy to shell out the money, I guess there is no harm. The other reason is that I have tried to explain in my opinion why its all a load of crap, and I had the opposite outcome and the individuals involved believed that I had some sort of psychic abilities. I thought it was rather humorous, so I will quickly give an overview of the story.

So I was in a pub (common theme here) and a couple of friends where talking about how they had been to see a psychic and how accurate they were, and how it would help them make some difficult decisions they are being faced with. So I said I thought it was all a load of crap, etc etc, and I could prove it as I could give them a reading using a system I had partially learnt at the time. So I went through the process with the first friend, getting them to visualise, etc etc. Then gave them what they called an amazing reading, they were amazed at the accuracy for things I couldn’t have known. The other friend was then also keen after this. Another reading, totally different and again spot on. I was sure I had proven my point. Sadly the result was that as well as being a hypnotist, I must also have some sort of psychic powers, I have the gift…… I give up

From a social engineering perspective I believe there are a few benefits. With my style of SE, where I look to use a mixture of performance, mentalism, hypnosis etc to get information in a social environment it has obviously benefits as the example above gives. You can leverage a good cold reading to then have an intensive and revealing discussion, and during this time extract specific information you may be after for an engagement. Its probably not a surprise after this type of phenomena people are either very curious and want to discuss more, or have totally bought into you, rapport is at an all time high and they could be willing to share all sorts with you.

Obviously once you become more familiar with the process, and the lingo you can simply use the methods and statements in a non psychic setup. Simply use the cold reading techniques to aid with getting buy in, manipulating a subject. You can use these skills to make people more interested in you as well as making people uncomfortable. This can be done in person, via the phone and even my mail. As the statements will appear to give you knowledge about the situation, individual and context of discussion. I really do suggest people look into cold reading at some level with the mindset of applying it in a social engineering context.

If you are interested in reading about cold reading, and how it can be used for manipulation I really do recommend The Full Facts of Cold Reading, by Ian Rowland. Its contents will help you understand the techniques of cold reading, where you take and use these techniques is up to you.

Feel free to check out the Resources section regularly for my recommended readings and products.

Examples of Barnum Statements:

You’ve gone through a lot of ups and downs over the past few years, emotionally and financially, and that has caused some stress in your life.
You have a creative streak that you aren’t always able to indulge in.
You have a fear of rejection.
You feel guilty about and worry about things that are completely out of your control.
You are often too critical of yourself.
Some of your goals seem to be a little unrealistic
You do not accept what others tell you to believe

Share and Enjoy:

Derren Brown’s Enigma… Awesome Show!!

Last night I went to see Derren Brown’s Enigma show at the Alexandra Theater in Birmingham. Its not surprise that I am a huge fan of his work, hes a great manipulator and performer. The show was excellent, I really enjoyed the control Derren has over his audience, and what I consider to be very subtle and highly effective linguistic skills. The show lasted almost 3 hours including a little break (I took the opportunity to do some card mentalism at the bar), and he really was on form throughout. Derren asked that no one speaks about the content of the show, so I will respect his wishes, but I really do recommend you go and see the show if you can, you will not be disappointed. The show has given me some other ideas and applications for my mentalism, as well as another possible SE approach, I look forward to developing these.

I will say I only had one disappointment, and that was not getting to say hello to Derren after the show. Apparently he wasnt feeling to well, which is fair enough, shame the guy on the door was a complete arse (not part of Derren’s entourage).

I am sure this will be released on DVD at some point as I believe it was filmed, and he has a new book coming out soon, so if your a fan keep on the look out.

Share and Enjoy:

Body Talk.. Its torsotastic

This week we are going to look at body language again. In a previous post we looked at how the legs and feet have a lot to tell us, in this post we are going to uncover what the upper body can reveal to us.

The torso is made up of the shoulders, chest, abdomen and hips. The torso is capable of giving us some clear limbic responses, due to what is housed inside, we subconsciously look to protect what matters most. A perfect example of this is when an individual crosses their arms, or holds an object in front of them. This is a clear sign of protection and or comfort, which will often signify discomfort with a topic of discussion, or the presence of someone who makes them uncomfortable. Its also important to be aware of the subtle forms of this which may appear in the prolonged adjustment of a tie, cuff links, breast buttons, etc.

People pivoting, leaning and moving there torso away from an individual is also an interesting tell of disgust. This may be to the individual themselves, the opinions they share, or the activities they have done. This can sometimes be coupled with arm crossing for even more impact. On the other hand, someone who is leaning in and open shows interest, admiration and a strong focus of interest. A middle ground can often be peoples stiffness and a form of rigidity. This can be an opinionated position, standing tall and snooty, as well possibly a freeze type of approach, trapped in the head lights. Another sign is when someone is bowing at the waist, leaning over a little with head looking at the floor is another gesture of shame.

We have spoken before about looking to acquire more territory, this can also be seen from how people are seated, all splayed out, torso laid back in an effort to take up more space, and be perceived as more dominant. This can also be a clear signal of lacking of interest, and disregard for an authoritative figure. They are clearly playing their game, you need to make swift adjustments to get them playing your game. Another form of being territorial is the puffing out of the chest. This is done by all animals, including humans and is an initial sign of trying to be more dominant, looking to be bigger and stronger than your opponent, this is a clear sign of challengement.

On the flip side, shrugged shoulder with someone’s head lowering is a clear sign of heavy burden and shame. These tells give a good indication when challenging in a group of someone who is ashamed or disappointed, or in regret. Shoulders can tell you more also, especially in a shrugging situation under questioning. A clear high shrugging of the shoulders is a sign of a confident response, a lower half level shrug, or perhaps only one shoulder moving should be considered dubious, and demonstrates a lack of commitment in the response being given. Something in-between where the shoulders rise and fall slowly shows signs of discomfort, they are perhaps uncomfortable and are not feeling confident.

Some people say the torso is the billboard of the human body, and this is very true. We reveal and hide alot of information in the torso area. This is where we have our badges, wear jewellery on show, may have shirts buttoned up or down. This is another example of really being what we wear, and this also sends a message in conjunction with the other tells we observe.

As before this information should be a guide, and built from a persons baseline of how they move and operate. I know you will have seen these body signals before, and perhaps have been unaware what’s going on. Have fun and watch people, and look for the other information people are dishing out in this area. Body language is relatively easy to understand as you look at it over time, and listen to the associated discussions to build up a frame, and remember to use this information to adjust what body signals you are giving off.

Share and Enjoy:

Ride the waves of sensation… Its all about anchoring

You know when you see an object, or hear a song and it instantly takes you back to a moment, and you begin to experience feelings and emotions as if you where re living it. This is essentially what anchoring is, and this is an association we can force and link with an action, sound or situation. We can use this via an NLP approach, or using Hypnosis in the form of a post hypnotic suggestion based trigger.

Wikipedia Definition – Anchoring is a neuro-linguistic programming term for the process by which memory recall, state change or other responses become associated with (anchored to) some stimulus, in such a way that perception of the stimulus (the anchor) leads by reflex to the anchored response occurring. The stimulus may be quite neutral or even out of conscious awareness, and the response may be either positive or negative. They are capable of being formed and reinforced by repeated stimuli, and thus are analogous to classical conditioning.

So its all very interesting, but what good is the knowledge of anchoring to anyone. There are many benefits from a treatment perspective, as well as being a professional in general. In both of these scenarios the subject can focus, concentrate and imagine themselves in a situation of peacefulness, happy, or situation where confident assuming this is the goal. When the subject is in this state, reliving, seeing, feeling, hearing everything associated with this experience, and as it builds this can be anchored to a touch to a specific part of the body. The result should now be that this pleasurable, confident feeling or what ever it may be can be instantly associated when the specific part of the body is touched. These anchors don’t last forever so in the case of therapy should be reinforced on a regular basis, but I am sure its clear to see how this can help when perhaps nervous about giving a presentation, or a situation that may make you nervous, triggering the anchor to give you a boost.

I know what your thinking, this is all well and good, but I am a social engineer, I am about manipulation and getting the job done, I am not interested in therapy for others, and trying to cheer people up when they are feeling down. So don’t you think there may be situations where it would be advantageous to bring someone into a cheerful state when you are trying to manipulate them? Are we not more responsive and accommodating when happy, rather than sad? How about creating a situation of confusion or doubt, where there is uncertainty in your presence somewhere.

These are all situations you can generate and then anchor for later use, alternatively if you observe a naturally occurring anchored sequence that could be used to your benefit, you can simply steal that anchor. As with other methods I have described, my standard approach to these techniques is to carry out the work in a non work environment, so in a bar, cafe etc. A simple effect for confusion could be making someone think green was yellow, and then anchoring that confused state to an arm tap. If you decided to go the hypnosis route, its really more a post hypnotic trigger. So you will give someone instruction under hypnosis that at a later date when you show them something, say something or touch them somewhere they will act in a certain way. Under hypnosis the trigger can be alot more detailed, and seems to last for a longer period of time.

Obviously creating the opportunity is the really difficult part, so that will all be dependant on people styles and how touchy feely, both you are your subject are, as obviously for anchoring some physical contact is usually required.

So this is pretty easy for you to practice with a friend or partner, if you look on YouTube you can see various videos of people doing this. Essentially get your friend or partner to close their eyes and remember a time when they felt a great sense of well being, get them to develop that thought, so they are back there now, seeing what they say, hearing what they heard. As you see the smile, grin or laughter give a firm touch to the right knee (as an example), I normally add the comment of “Thats Right” as you re-experience those emotions now.

Now have them relax and become kinda neutral in feeling, then touch the knee again, this should bring a smile to the face, having them once again experience those positive, enjoyable thoughts, putting them into a happy state. It sounds simple, and it is. Get permission from those you practice with, remember to be responsible and ethical. You can practice anchoring on yourself, however I find trying to focus more difficult as you try and remember what your doing, so leave this until after you are familiar with the process.

Share and Enjoy:

Pack up your troubles.. in your social engineering kit bag

Just a simple post this week, but you know what they say the best things come in the simplest of packages.

Like any good boy scout, you should always be prepared. So lets have a quick look at what we should have in our pockets and social engineering kit bag. The aim of this list is to provide a growing resource that can provide a reference point to many (in no particular order). If you feel something is missing, please feel free to drop me a mail with the details of the item, and the reason behind it.

Your Brain – Its the most powerful tool you have. Planning and manoeuvrability.
Lock Picks – You never know when you need to get past a lock.
Pick Gun – When time is an issue.
Super Mica Cards – When you don’t have a starbucks reward card handy.
Cigarettes & Lighter- A smoker can be your best friend.
Business Cards – Fake and Legit cards, they can be a real convincer.
Metal coat hanger – Always handy to have some metal wire you can bend into handy shapes.
Camera – Always handy to record video and take some photo’s.
Pack of Cards – Everyone loves magic.
Get out of Jail Letter – Real and Fake, for when things get tight.
Mobile Phones – Its good to call, even better to drop and record.
Access Point – Always handy to make a network drop for easy external access.
Network Cables – Connecting the the network, and other creative things.
Chewing Gum – For when you have to wait a while, and for sticking stuff.
Gaffa Tape – Erm for sticking stuff.
Computer – Handy to have your laptop, netbook, tablet handy for hacking and looking stuff up.
String – You never know when you might need some string.
ID Cards – An ID card helps you look official.
Outfits – Its always a good idea to look the part and fit in.
Condoms – You might need something inflatable, and who knows what else
Mobile Jammer – Blocking phones, alarms, and anything else using mobile tech.
Tools – Screwdrivers, spanners, grips, pliers etc. Oh and security torx bits.
Dictaphone – Something for discreet recordings.
Rubber Gloves – You never know when you need to put your hands somewhere nasty.
Bags – For collecting and putting stuff in. Dumpster diving, etc.
RFID Cloner – Cloning access badges and alike.
USB Storage – Leave behinds, OS on a stick, Payloads, etc.
Live CDs – Never know when you need to use a client machine and no USB support.
Torch – Its dark sometimes.
Pocket Knife – Handy for cutting stuff.
Tripod – Mounting Cameras, antennas, lasers, etc.
Paper and Pen – Making notes, leaving messages, paper aeroplanes.
Sweets – Sweets are good if your bored, but also make a good bribe and rapport builder.
Watch – Always handy to keep track of time on an engagement.
Laser Pointer – Handy for point out something to a colleague, also for CCTV bypassing.
Money – Buying stuff, bribes, etc
Elastic Bands – Hold stuff together.
Velcro – Stick stuff together.
Earphones – Discreet listening.
Scope / Binoculars – Remote viewing.
Keylogger – USB and PS2 variety for logging those key strokes.
Jasager (Hak5 Pineapple) – For getting all those clients talking to you.

Share and Enjoy: