Subliminal Hacking
The Art and Science of Social Engineering



Categories

December 1, 2011

Confirmation Bias … The Manipulation Assistant

I think most people would accept, that when it comes to building rapport and getting to a stage of some form of manipulation is normally always possible with anyone give a decent amount of time. This is great for making REAL friends, but in the social engineering context we normally don’t have or want this lucky, we like it quick and dirty so to speak. We have discussed many ways to have this happen, but I think we have a little discussed manipulation assistant that we can utilise. This is something known as confirmation bias, also known as Tolstoy Syndrome.

So what is confirmation bias? Essentially this is something that we all suffer from to some degree, and depending on your opinion more than others. Confirmation bias is the human tendency to favour information that is associated with their beliefs or preconceptions, regardless of if this information is true or factual. So when we communicate people will be selective in their memory selections and interpret what we say in a biased way.  Some consider this bias as being the internal yes man, also willing to agree even in an ambiguous context if what they hear matches their beliefs, and filters out the unwelcome information.

Bias

Probably all sounds obvious right, and why do we care about this. Well I have to be careful how I describe this as to not get your backs up regarding your confirmation bias.

Lets consider this scenario. As part of your intelligence gathering exercises on your mark / victim you identify that they support Man United Football club, they love dogs, recently got a new car, seen on forums they are not to happy with their job, and a recent tarot reading said good fortune is coming their way soon.
Now in my experience using any of the obvious stuff, like animals, football clubs will yeild good rapport building results, as we like people who like us, and are like us, it sets up a common ground. However I think the stronger and faster rapport builder, that will lead to a quicker manipulation frame would be the tarot route. The reason for this (in my opinion) is that this sort of thing is treated with a large amount of scepticism, and myself personally don’t believe it to be valid and have not seen any solid research to prove it. However many people have a confirmation bias to this, and I would imagine feel a minority in that aspect and would really feel a close bond to someone who shared this same interests.

The reason I raise this point is that when we are acting out our pre-text as a social engineer, we should no longer be ourselves. We should leave behind our personal baggage and be 100% committed and open to the situation we find ourselves. If we fail to do this we may end up in a situation that builds distance not rapport. So for example when not working and if someone started speaking to me about tarot readings I would quickly lose interest and be looking for an exit plan, this could present a missed opportunity. Since my transition from hypnosis sceptic to hypnotist I have a large appreciation for this sort of thing.

Now you might be thinking, OK sounds great in principle, but there is no way I could just blurt out I was into tarot reading as it would be just so odd. My first point is your thinking out of context. Blurting that sort of thing out to a random person could be considered crazy, but we know this is a person of interest.

Lets go through a super quick conversation example.

Victim : Hello Acme Systems, how can I help?
Me : Good morning. I hope you can help me as I am on a tight deadline to gather some information for my project.
Victim : Sure I can certainly try, what do you need?
Me : I work for the local government security council and we are carrying out a study of how companies securely dispose of their confidential waste.
Victim : Oh, I am not really to sure if we can give out that information.
Me : I totally understand your concerns, and I dont want to get anyone in any trouble, but this is for a government report. We sent out official requests in the post but so many companies didnt response, I guess everyone is just so busy.
Me : Could you possibly find out who could confirm if you can give this email. Perhaps there is some information on your Intranet, or someone you can call.
Victim : OK I will have a look, please bare with me.
Me : No problem
Few seconds pause….
Me : Whilst your looking, did you have a good weekend? The weather was pretty bad again wasnt it.
Victim : My weekend was to bad thank you, how about yourself?
Me : It actually turned out really well. I went to see a tarot reader, and I had a really good reading. I know some people think its  all phooey but it was just amazing.
Victim : Really. I have had a few tarot readings myself, and your so right about other people, but I really rate my tarot reader.
Now we go through the process of talking tarot for abit, so make sure you have done some research on terms etc.
Me : Its great to meet someone who shares my same interest, it really is rare. By the way how are you getting on with the information on the confidential waste information.
Victim : I cant seem to find anything, but I think it would be ok to share the information anyway. Its Acme disposals.
Me : Brilliant, thanks you really helped me out. Thanks for everything and take care.

This hopefully kinda gives an idea, utilising that dead time when they are searching for stuff, get the hook and exploit it to manipulate your way to getting the desired information.

Hope this was of interest, and you can try this in many scenarios. Those that know me will know that I used similar techniques to this on the phone to get discounts and freebies when I am buying stuff, same principles apply. Essentially regardless of your beliefs you are going to go with the grain, not against it.

Be Sociable, Share!



    About the Author

    Dale Pearson
    has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009. Dale is a full time Red Teamer with a love of social engineering and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.




    0 Comments


    Be the first to comment!


    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.