This is the second part of the Tinder hacking experiment, see part 1 here.
We left off the last blog by being selected and engaging in conversation. Next, we do what all friendly people do, put on their best suit and get to know each other, and so on…
Humans are bad at being random. Conversations follow a predictable format, so it was easy to go with the conversation, ‘seed’ and listen to the ground for clues. This is why SocEng is so successful, as long as you don’t do anything stupid, you can get just about anywhere.
The Enemy will SocEng in order to break down the other persons OpSec to get the crown jewels in the shortest period of time. My goal is different, to see what information the target will volunteerailiy/passively disclose.
- Avoid answering any questions with specific detail, hard to do but after time conditioning will kick in.
- Don’t drag out the conversation on Tinder longer than it should, if you express interest in each other, the guy should have the balls to arrange a meeting (in a public place, don’t forget your burn phone).
The scary stuff:
In utopia, you can say/do anything about anything and not feel the repurcussions. Unfortunately, this is not the case, otherwise, this blog will not exist and I’ll be a landscape gardener. There have been instances where I have had to deal with some really nasty stuff resulting from something that started so innocently. Again, if someone has the motive and inclination to carry something out, they will do it (irrational minds do some really stupid things). Don’t make life easy for them. Yes, the truth sucks.
SocEng on Tinder:
When under the guise of relationships, it’s socially accepted to ask questions about one another. The usual, where are you from, what do you do, how big is your pay packet, etc…which are all fine to ask/answer but there are some definite things you shouldn’t do.
Ever watched TV and see the subliminal advertising censored out? You *know* it’s an ad but you don’t know which company. That is how you should treat the interaction: tell them enough to answer the question but not enough to reveal exactly what it is. Some time is required for conditioning but unless if you meet face to face in a mutually agreed setting, it’s best to keep the personal details until then.
The exercise was done in two separate ‘areas’, one ‘area’ known to be a bit more open and relaxed and the other a bit more closed. Think of it as the big city vs small city mentality.
In the ‘small’ city scenario, people were more open to meeting others, more open to share information including personal information about themselves, generally more trusting towards strangers. In the ‘big’ city, people were the exact opposite, unwilling to share information and less trusting towards others.
There are different theories as to why this is so, in the limited numbers questioned, it was due to the fact that some people have heard/known/experienced uncomfortable situations which leads them to shut down.
This resonates well with the thought of the ‘global’ community, techology bridging people and associated problems being part of the package. Unfortunately, the once ‘safe’ and trusting places will in the future be targets for information based crimes unless education and awareness is put into place.
Side note on trust:
The problem with trust is, once tainted, you can never go back. It’s hard to regain/earn trust. A quick example would be one of the Irish Travellers, they set off to quiet communities targeting their trust and for a better word, innocence. When they are there, they pull of a con and leave. The legacy they leave is the target losing money, a cleanup bill and damaged trust. This distrust follows for a while, exhibited to strangers and brings out the worst in people (as mentioned in the previous <blog>) without trust, society as a whole become closed and any action by strangers is met with resistance.
It is why that mom and dads struggle with online security=lack of information and awareness=easy targets=level of trust has changed/increased paranoia.
Trust is the key, you have to have some. It is what bonds people together.
Too much information:
As mentioned, targets that live in the big city tend not to share out information as freely as those from the small cities. Probably due to the level of trust and heightened paranoia.
During the interactions, I was absoutely amazed as to the quality of the information disclosed, some were found in pictures/text and others were from conversation:
- Area of where they live (narrowed down searches)
- What they did (narrowed down searches)
- Where they went to school/work (company names!)
- Phone numbers (hummm…)
- Photos (identifying locations!)
- How to get in touch on other social media sites…ummm…really bad idea!
- etc, etc…
With this information, one could quite easily conduct some profiling on the subject (remember: this is out of scope) The frightening thing is the ease of which this is done. Hell yeh, I’d be concerned if I were a parent!
It’s human nature to be open especially when looking for love, however it’s equally important to be alert and not compromise one’s safety.
- Get to know each other, have fun but save the detail for when you both meetup
- Adopt the ‘big city’ mentality, it’s not a bad thing.
OpSec specific notes:
- If the target asked questions about me, I will answer it truthfully to avoid any awkwardness/suspicion however, not to the point where they could identify me as an individual.
Importance of seeding:
As mentioned, the conversations I had were ‘seeded’. Examples of ‘seeding’ include telling the target that:
‘we’re comfortable with the conversation’=we’ve reached a point where we trust each other, time to confide
‘I’ll come and visit one day’=you’ve given me too much information about your location
‘it’s amazing but you haven’t pissed me off yet’=we’re going to end this soon, full disclosure time
This has proved to be very important when convincing the target that it the interaction was staged, refer back to where issues appeared and it was done was for research and nothing else (read: no manipulation, etc)