ﾚﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄｿ
ｳ                    S o c i a l  E n g i n e e r i n g                      ｳ
ｳ                          How to get Information                            ｳ
ｳ                              By Fallen Angel                               ｳ
ﾀﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾙ

Have you ever wished you had the finesse of calling some high-level
operator up and getting all the information you need just by asking?  Great!
I'll outline some simple steps to the art of social engineering, or getting
that you want, in this article.  Social engineering really is an art and
should be treated as no less.  Make sure you abide by these guidlines and
don't screw up because screwing up only alerts the security people that there
is an imposter just begging information off of the lame-brained operators.

VOICE
-----
First, you need to be old enough to sound like you could actually be the
person you are trying to impersonate.  The operators will be able to figure
out that you are not thier boss if they can tell you are only 13 years old and
your voice opens trunk lines (eg. 2600 Hz.)  Get someone else to do it for you
or wait until *after* puberty to do this.

OVERKILL
--------
Don't act like you are a legitamit customer trying to get information because
that can clue the operators in as to what is actually going on.  You should
consider calling as an fellow employee from another store from the chain, or
maybe as that persons supervisor.  They may be stupid and subservient to thier
officials, but hired phone operators will know that the owner of the company
is not going to be calling Atlanta to find out technical information or C/NA on
someone that lives in Anchorage, Alaska.  That would be overkill.  The best
bet in getting information from a TSPS (dial 0 for one of these) operator is
to call as a lineman.  A lineman is the guy that comes to your house to
install the phones.  They usually hire contractors to run extensions under
your house as they don't want to deal with it themselves--don't call saying
you are having problems with your wire cutters and you need to know what the
local ANAC number is.

PBX's
-----
PBX's are a nice utility to the social engineer because they almost insure
that you will get a different operator each time you call.  With this
knowledge, and no ANI available to them, you can continue to query operators
on PBX's as many times as there are operators.  Obviously, if you keep asking
the same person for information they will figure out that you don't know a
damn thing and are trying to leech them.

CONFIDENCE
----------
If you stutter a lot and trip over your words they will eventually notice that
you are not who you say you are.  It doesn't hurt one bit to plan out exactly
what you are going to say and verbally run over a few times before you call.
You could screw up an insecure company by alerting them of the real world.

JARGON
------
It really helps to know the proper jargon and acronyms for the company you are
trying to get something out of.  For instance "Hello there, this is Phred
Smith and I would shore like it if you could give me the adress and name of
512-555-555" wouldn't work as well as "This is Smith from line service.  I
need caller name and adress for 512-555-5555"  In this case being polite
doesn't do you much good.  Good sources on jargon would be g-files on BBS's
or hacking/phreaking dictionaries.

EXTENDERS
---------
Always do your engineering from an extender because there are plenty of secure
places that will have ANI readouts on an LCD when you call in.  They will call
you back and ask you why you were calling if they think you were engineering
them.  They will get the dialout number for your extender if you call from an
extender.  For all practical purposes, this is impossible to trace.

BACKGROUND NOISE
----------------
As a for instance, you are a telephone lineman and are boxing a call to C/NA.
Instead of hearing birds in the background, the C/NA operators hear
keyboard clicks and other phones ringing.  They will not give you anything in
situations like this.  Call when nobody else is home or if they are asleep.

TIMING
------
This is a small but important matter.  The operators will know that you aren't
really installing a phone line if it's 2:30 a.m. and you are whispering so you
don't wake up the parents!  You have to remember things like this.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Downloaded From P-80 International Information Systems 304-744-2253 12yrs+