Listen on SoundCloud | iTunes | RSS feed
"Pretexting is like dating," said professional social engineer Frank Ahearn. "You call, you ask, and somebody says no? Okay, fine, you wait. Or maybe ask somebody else."
Pretexting is jargon used by hackers and social engineers that describes the act of inventing a persona or excuse to fool someone into forking over valuable information. In the 1980s hackers like Kevin Mitnick used pretexting and other social engineering methods to obtain passwords and security information from massive telecommunication companies.
Frank is an expert at finding people. For the right amount of money, he said in an email interview and on the TechRepublic podcast, "I can find anybody." And the best way to find people, he said, is to first learn why people disappear, and how.
SEE: Create a security culture framework to protect against threats (Tech Pro Research story)
Though individual circumstance will vary, to disappear completely, according to Ahearn, everyone must do these three things:
Step 1: Stop everything. And get rid of your phone. "Anything that ties you to a physical location makes you vulnerable." The money trail is often distributed globally and harder to trace, he said, than social media footprints. "Just don't use social media. If you want to disappear, ditch your phone and stay off of social media."
Step 2: Spread misinformation. Before you quit the web, spread misinformation. Be smart and do it online and off. "Perform Google searches for places like Montreal or somewhere you never plan on going. Tweet about it, post some pictures. Mention it offhand for several weeks," Ahearn said. "Then go somewhere totally opposite."
Step 3: Don't look back. "When I start hunting for someone, I don't look for that person. I look for their family, their Facebook friends, their jobs and their hobbies. I'll call you mother, or I'll call a magazine you subscribed to years ago." Point being, when you disappear, make sure you really disappear. Don't check in with old friends. Forget your family and ditch the hobbies.
Who disappears, and why?
It usually comes down to money, violence, information, or freedom. People who have found themselves in bad situations.
The money: I lost everything and I need a new start. The violence: I got involved with the wrong people. The information: I am extremely wealthy and I fear abduction. The freedom: I did something stupid and my freedom is in jeopardy.
There is no one profile. Those who want or need to disappear come from all walks of life. The one common element is that they are searching for freedom. It always comes down to freedom. Sometimes you just need to start over. It's as simple as that. You can bank anywhere in the world. You can bank in Bangladesh, but rent in Spain and just be gone. And technology has made it easier to start over.
How can I be discovered?
A million and two ways. You're doing me a favor by not creating misinformation. If you create confusion, you also cost the skip tracer time and money. So spread misinformation. Don't spend six months prior looking at apartments for rent in New Orleans, then move to New Orleans. Also, don't contact people from your past. And don't tell people in your new world your real name.
Social engineering before and after the internet: what has changed?
[Digital] is a tool that can be used to create misinformation. Remember, information is just information. It does not mean it is correct or up to date.
Prior to the internet it was offline information, like phone records, bank records, and travel records. The internet offers other types of records that can be used to find people. Often these records have been created by the person themselves, via social networking. That's new.
Host:
Guest:
Listen to more TechRepublic podcasts
Source: http://techrepublic.com.feedsportal.com/c/35463/f/670841/s/4e7eef65/sc/13/l/0L0Stechrepublic0N0Carticle0Cpodcast0Ehow0Eto0Edisappear0Efrom0Ethe0Einternet0C0Tftag0FRSS56d97e7/story01.htm
No comments: