Head Hacker | Head Hacker

Head Hacker Speaking at Excaliburcon 2010… China Security Conference

In the autumn of 2009, Excalibur Conference 1.0 won great success in Wuxi. The conference invited some of the most respected experts in the world and delivered terrific speeches, breakouts, demos and competitions. We are honored to present such a new approach which strengthens the relationship between the Chinese information security industry and the global industry.

In the coming winter of 2010, Excalibur Conference 2010 will be back as promised. Lots of experts, genius and related professionals will be invited to the conference again and address new speeches then. The conference involves the security of the internet of things, social engineering, wireless security, hardware security, computer forensics and related emerging fields. The genius from UK will present satellite hack technology then.
If you have any new idea, innovation or experience in these fields, please come and share with us in Beijing.

If you want to learn the latest development in the information security industry, master professional skills and extend social network, welcome to Excalibur Conference 2010.

I am delighted to confirm I will be giving my talk at ExcaliburCon 2010. As expected I will be talking about how we can improve our skills as a Social Engineer, by mastering the art and tech of manipulation. I will talk about my journey of understanding how our powerful mind, and the knowledge of NLP, Hypnosis, and Mentalism can help you become a master manipulator.

Head Hacker Speaking at Hash Days 2010… Switzerland Security Conference

Hashdays – the premier technical security conference in the center of Switzerland organized by DEFCON Switzerland.

During 4 days the center of Switzerland will become also the center of IT security knowledge transfer. On November 3rd and 4th you will be able to learn a lot in the workshops. The following 2 days (November 5th and 6th) will be full of highly technical IT security talks.

Be sure to reserve your seat early – the space is limited.

I am delighted to confirm that I will be speaking at the Hash Days Security Conference in November. As expected I will be talking about Social Engineering, and my work and research on exploiting the ways humans act and behave, and how we can use the most powerful tool available to us…. Our Minds. The talk will cover my journey of discovery of the skills we can utilise to improve our SE Manipulation with the use of NLP, Hypnosis, and Mentalism.

I hope to see you there

Phenomena Activity… Hypno on Camera

So this post is abit late in the week, but I have been busy with work, as well as continual tweaking of the presentation I am working, and helping people to experience hypnosis.

So due to the time constraints I have opted to point you in the direction of the Video section of the site, where you can see 7 new videos of me hypnotising Olly.

Olly works at one of the customer sites I visit on a regular basis. I have hypnotised him before in a pub when we went out for someone’s birthday. He was happy to be hypnotised again, and gave me permission to make the recordings and put them online. The videos give a mixture of what I refer to as conventional (sleep) hypnosis and non trance (eyes open) hypnosis, and various hypnotic phenomena.

There is no fancy filming or flashy effects. As I was on my own I used a tripod with my mini Kodak HD camera to capture the footage. Filming also helps me (still need to be alot more confident on camera) spot where I make mistakes, and tune my approach.

The sample below shows Olly forgetting his name and the number 4 using conventional hypnosis methods. For more check out the videos section.

I would be interested to hear if you find these videos interesting and worth sharing with you? I always look to get some footage when out and about. However for obvious reasons permission is required, and not everyone wants to be a YouTube sensation

Feel free to subscribe to the YouTube Channel by clicking on the logo on the right hand side of the site.

Social Engineering… Is It Ethical??

When I speak to people (non Infosec passionate types) about the work and research I do around the content I post on Head Hacker, I normally get a few responses. Shock, Disgust and Intrigue. People are shocked because they are not aware of some of these skills and process, they are disgusted because it’s not right, it’s not ethical, and a breach of human rights, and then we have the intrigue as I start to really explain what it’s all about, and what I am doing. People are curious of how this knowledge can help and protect them.

So this got me thinking, perhaps I should write a post on why I think people think social engineering is unethical, and why I consider the majority to be ethical, I do think in some circumstances there is a grey area. I have asked quite a few people about their ethical standpoint when it comes to social engineering, as I have on a couple of occasions had semi heated discussions with organisations about techniques that can and can’t be used on an engagement. I personally find most professionals ethical in their approach, but some comments from some do make me shudder. I am confident in the fact that I only operate in areas where I feel comfortable that I will be operating in an ethical manner, other areas I have not quite figured out continue to be researched and debated both internally and externally.

In the research I have done on ethics of social engineering, I have really not found there to be anything about, perhaps people don’t care? I think it is a real issue that all professionals should consider, and take time to reflect upon.

Why people think Social Engineering is unethical….

In my experience most people say social engineering is unethical because you are tricking, or conning someone, stealing data about them, using the information to access sensitive information, get free stuff, gain entry and generally manipulate people to do things, or disclose information. I totally understand this thought process, and in a way I think they are correct, there are people out there doing this, and they are both good and very effective with the skills they have, they have become life time criminals.

The key issue here is the perception and it’s a negative one. Not everyone uses their knowledge and skills for breaking the law, they use their skills and knowledge to better the populous, inform and educate to make people less likely to become a victim. The truth of the matter is, you don’t really stand a chance of beating the bad guys unless you are exposing yourself to the same skills, tools and environments.

In an effort to draw an example, medicine can be used to cure and relieve pain in the right hands. The same medicine in the wrong hands and with the wrong intent can be used to inflict pain, and even kill. Knowledge, process, tools, etc can all be used for positive and negative, it’s the individual who is responsible for the actions and result.

Why and how I think Social Engineering can be ethical….

The first reason I think social engineering is ethical is due to the intent. Now I am not saying that the outcome of the exercise may enable someone to do something malicious, but I don’t think this is a justifiable reason not to gain knowledge, research, test and experiment. If we never did this, the human race wouldn’t evolve. So I feel that any social engineering engagement or activity I undertake or become involved in is for a positive outcome and where appropriate I always seek permission at a high level, and understand any specific areas that are no go, as well as using my own common sense and experiences to guide me. People intentionally manipulate people every day; we have all been doing this since birth. We all have different reasons for manipulation; perhaps we feel it would be best for the person, or best for us. When we negotiate to get a reduction on an item we are buying, this is a form of manipulation, but as we feel we are not harming anyone, it’s considered ethically and morally ok.

So I feel that if you are researching, carrying out SE with permission, and using the information to benefit people, and educate and bring awareness it can be ethical, and this is certainly how I believe I go about things.

It’s a little grey….

So there are some grey areas. Can an organisation give you permission to manipulate and extract information from the staff they employ? Should people who are subject to social engineering activities be punished for being the weak link in the chain? If you gain generic permission, let’s say to hypnotise, then you use this permission to extract sensitive data, is that ok? I am sure we can all think of many more situations that are not so clear.

To be honest, when it comes to these grey areas I am not sure on all the answers. However I try to limit these grey areas by defining up front in an appropriate level of detail what could happen as part of the assessment, types of scenarios and ways to extract data, and that individuals will not be named in reports. Obviously the company may use other techniques to help identify how this information was gained, but that is outside my scope of responsibility. So to that end I would say that I am operating in an ethical manner, and so would anyone else that has considered the above issues. When in doubt don’t do it, if your internal ethical and moral compass is unable to guide you, get additional information and input from others who are in an informed and experienced position.

I certainly don’t think the grey areas are reasons not to carry out social engineering engagements, the criminals are not concerned about ethics, and to test we need to adopt this mindset to a certain degree. It is also important to share our thoughts and research, and we have to let the individuals dig further and use this information as they feel is most appropriate.

So to conclude, if you are interested in social engineering, and you want to work with, investigate and research the skills associated, do so in a professional and ethical manner, be mindful of what you’re planning, put yourself in the subject’s position, how would you feel if someone did to you, what you are planning on doing to them. If you’re happy, then its most like a good sign you will be operating in an ethical manner.

No one has all the answers, but it’s a conversation worth having, and to continually question is a good thing. I hope people reading this will want to share their thoughts and experiences, so I welcome and look forward to reading your comments.

Messing with your mind.. Optical Illusions

I have been trouble the last couple of weeks to make the time to come up with some content on a weekly basis (I am still trying though), so if you have suggestions, or things you would like to read about please let me know (suggestion[at]headhacker.net).

For this week I thought I would just share something for amusement. So here are some pictures that might not quite be what they seem. See how your brain first interprets them, they try and see what they really are.

Its not actually a lake. Its a wall, take a close look.

Can you see the invisible man?

Can you see the face?

I forget where I originally found these images, so thanks to those who created them or who had them on their site originally, its much appreciated.

Its Hypnosis Jim, but not as we know it.. Hypnosis without trance

Once again I am going to be jabbering on about Hypnosis again. So if you have not noticed by now hypnosis is something that is of great interest to me, and I think having at minimum an understanding of hypnotic language is a valuable addition to your social engineering toolset.

So just a quick history to bring us upto date. I had read a couple of books on hypnosis pre 2009, but things had never really hit home. Then I think it was March 2009 I stumbled across Anthony Jacquin‘s “Reality is Plastic” on a magic forum, and read about the success this guy was having with hypnosis since following the concepts discussed. Well it had me sold so I bought it, and thanks to this book I became The Hypnotist. I also studied other writings, online information and DVDs from Anthony, as well as speaking with him and his business partner Kev Sheldrake helped me develop my skills. I call the method of Hypnosis I learnt from Anthony “conventional” hypnosis, in the sense that it involves the concept of trance, inducing sleep and deepening. I have, and continue to get great success with this approach, and I love it to bits. The only negatives I have found is that if you don’t set up the context right, success issues occur, but that’s a hypnotist issue, and the other is using it from a social engineering perspective, you have to be more creative, and that’s no good if your lazy.

So as mentioned before when I was at the Blackpool Magic convention with Anthony and Kev, I was introduced to James Tripp, and he told me about his Hypnosis Without Trance method of Hypnosis. We spoke about what I do, and the social engineering aspects and we agreed that there is some possible clear benefits. Since Blackpool I have had various online interactions with James, and studied some of his online material, and then began utilising his approach in combination with “conventional” Hypnosis with great results. I didn’t feel as confident with the non trance approach to some extent, I think in a way because I had not officially read, or studied the approach, as a result there was some internal doubt. This was part of the reason for attending the No Fail Protocol Special, and looking to attend James’s Hypnosis Without Trance Workshop.

So fast forward to the 15th May 2010 and I am sat in Regents College in London on the Hypnosis Without Trance Workshop, ready for a weekend of educating my grey matter as well as hacking some

What can I say, it was an excellent two days. I really enjoy James’s teaching approach, its very casual, he gives lots of background, explanation, has no issues with interruption and questioning or challenging. Obviously as you would hope for there is also the actual doing of hypnosis and learning as you go with your fellow class mates. The class had a great selection of people, and everyone got on well. I would say about 50% had the ability to hypnotise to some degree already using “conventional” methods, so this made for good discussion and education for everyone involved.

The main objectives of the course for me were to take steps to mastering this approach and building on what I had observed and practised to date, and I would say I achieved this as I had great successes all weekend. I wanted to discuss and examine possible limitations for my work from a social engineering perspective, and how I could utilise the conventional skills I have already, and as always to meet new people, and willing subjects to practice some head hacking with, and share my thoughts and opinions. I met, and possibly exceeded these objectives. So where from here for me? Well my approach to education and developing my skills is to expose myself to information and knowledgeable people on topics I think will be of benefit me, I then take all the various information and form my own opinions and approach. So moving forward I can see myself really utilising the Hypnosis Without Trance approach, and replacing alot of the “conventional” hypnosis methods I use as I think the non trance is more covert for the lack of a better word. It will also make me become a better hypnotist, and utilise both skills sets I have at my disposal. I would certainly like to work with James again, as I have got to know him even better over the weekend, he’s not only a great guy, he has lots of good insight, and NLP knowledge (in a good way, I have NLP hang ups), and I enjoy the discussions we have.

So if you want more information on Hypnosis Without Trance visit James’s website, you can sign up for his free paper on his approach, and no need to worry he isnt a spam king. Also check out Jame’s blog for more tit bits of information and videos. If you cant make a training, its worth considering the study at home Hypnosis Mastery Programme. I have not looked at all the material myself at this stage as I attended the workshop, but the content I have seen looks excellent.

Finally I will just share a final experience from the weekend, that for me showed the benefit. I know someone who in the past I have tried to Hypnotise with “conventional” hypnosis and I never had any success. In his own words, his brain is just to powerful. First time I tried it with the Hypnosis Without Trance approach, I had multiple phenomena. Hand stuck, feet stuck, arms locked, and name amnesia. Its a powerful approach, and it works. Just imagine what can be achieved with the knowledge of both. The mind is a power tool, make sure you keep it with you, and don’t walk around in a mindless state.

After the last class on Sunday, one of the attendees was kind enough to be videoed as I carried out some grey matter hacking. This was my first time being recorded, and it wasn’t really planned, so the nerves kicked in a little, and my cold didn’t help. However, great successes, and just gives an example of what this looks like. I was unsure if I would share this, but I think it shows me where I need to develop further, and will force me to get some decent planned non amateur footage, and help measure progression.

These three video clips are all using the Hypnosis Without Trance method, no sleep, no deepening, just direct, powerful hypnosis.

If you are also interested in the courses and DVD’s offered by Anthony Jacquin in addition to the RIP booked I mentioned already, please check out his Head Hacking site, for more information on his Manchurian Approach and Trilby Connection. Please let Anthony know how you found about about his products.

Head Hacker Speaking at BruCon 2010.. Belgium Security Conference

BruCON is an annual security and hacker(*) conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Brussels, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker(*) community.

The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers(*), security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies, etc…..

I have had confirmation that my talk has been accepted (Head Hacking – The Magic of Suggestion and Perception), and I will be speaking at BruCon 2010 in September. The focus of my talking is going to be about social engineering, and how better understanding of how the human brain works, and how it can be manipulated can both make you a better social engineer, but also create awareness to help patch human stupidity. I will talk about the use of mentalism, hypnosis and NLP can be put to good use, as well as how I went about learning these skills to good use, and using them in my engagements.

Easter Competition.. Win a Sha LoN Basic Pick Set

COMPETITION NOW CLOSED !!!

As a special treat for Easter I am going to give away a Sha LoN Basic Pick Set to one of the Head Hacker Readers.

Of course there is a catch, and you need to be in it to win it, and I will pick the winner on Friday the 9th April 2010. Send your answers eastercomp[at]headhacker.net . I am looking for a concise and interesting answer, that I think best answers this question. My decision is final, good luck.

Question -In your own opinion what skills do you think are essential to make you a good social engineer, and what item is essential to have when carrying out a social engineering assessment.

These ShaLoN Picks are great for getting your start in lock picking, and to build up confidence and splash out on a more comprehensive set in the future if you feel the need. The set contains a variety of hook picks, rake, dimple rake and a couple of different tension wrenches.

Happy Easter

Welcome to Head Hacker

Welcome and thanks for visiting the Head Hacker website.

The goal of this site is to discuss the benefits, process, theories and qualities associated with social engineering, and what I consider to be linked skills, products and theories.

So obviously we are going are going to discuss social engineer and the spy and tech tools that we can use once we are in, but we are also going to discuss other skills that you should be aware of, and you can add to your brain toolkit to increase chances of success and take tests further. We will look at Neuro Linguistic Programming, Hypnosis, Influencing and Manipulation skills, methods of Misdirection, Mentalism, Cold Reading and more. I will also mention some possible Magic that may come in handy as part of recon, and relationship building.

The content is going to be based on my experiances, research, thoughts, theories and discussions with other practioners in the various industries.

Feel free to add comments to topics, ask questions and make requests.

I hope you enjoy the content as it develops and grows over time.

Thanks

Dale