The Answer - A social engineering riddle...
Jenny Radcliffe - The People Hacker 🎤🎧🧠
Infosec Hall of Fame Inductee 2022, Social engineer, author, burglar, podcast host, keynote speaker and panelist, expert media commentator. Security education/awareness, bespoke content creation, training and talks.
So, the answer to the Social Engineering riddle…..
How did I get past? And, more importantly, what is the prize for guessing it right?
Well, loads of you got it! I picked up a bottle of water and tapped a security guy on the arm, I just mouthed “speaker” and tip toed past. I picked my way through the chairs and just stood at the side politely. DONE.
Anyone, who got this answer right deserves a beverage and I will buy you one (not water) if you ever meet me in person and say “ I got past with water!” as your opening line. Having said that, the reason why I grabbed the water is perhaps less obvious, and so I am going to explain it below.
Firstly, however we need to consider, and applaud, other plausible answers including a camera, a microphone (you know me so well,) a clipboard, a name badge from the welcome table and a security guard, all of which I have tried successfully in the past, although my infamous “Tower of London” break in used a combination of a bottle of water and an embarrassed security guard to be fair.
The truth is that although in this case the “answer” was water, the real story here is the quick thinking and improvisation that is at the heart of social engineering.
A good social engineer might find themselves without access to tech, props or much else when on a job, and being able to use whatever is at hand to “get past, get in, or get out” is as important as being well prepared in the first place.
The process of assessing a space for exits, threats and props becomes automatic and is part of a mindset that comes with experience and practice, as much as anything else.
Whilst cameras, microphones and clipboards are all plausible tools here, ideally you should always be looking for the simplest solution, the one that requires least acting and preparation. The more complex the lie, the more difficult it will be to sustain it. If you can grab either someone else’s name badge or a bottle of water, go for the water its less complex, more likely to work, easier to explain away.
In fact I would to any prospective S.E I whilst I would always say you can never prepare enough, the job demands you to think on your feet, take a few risks and improvise quite a lot. You need to be ready. Thinking like a Social Engineer isn’t just about picking up the right prop, its also about knowing why that prop will work better than another one.
Now, where’s that security guy gone….
Growing Digital Security Start-ups | Connector of People | Mentor and Coach | Evangelist | Consultant | Advisory Board
9yI feel gutted the axe answer wasn't correct !!!!
Cyber Security, AI Risk and Governance Leader, Technology Evangelist
9yI was hoping the answer would have karate chops involved in some way!
Infosec Hall of Fame Inductee 2022, Social engineer, author, burglar, podcast host, keynote speaker and panelist, expert media commentator. Security education/awareness, bespoke content creation, training and talks.
9yBeen too long Gerard!
Happily retired
9ySo a desiree potato isn't quick thinking? I knew it I should have said a vivaldi and if questioned - my would have been 'I'm with the band'.
Infosec Hall of Fame Inductee 2022, Social engineer, author, burglar, podcast host, keynote speaker and panelist, expert media commentator. Security education/awareness, bespoke content creation, training and talks.
9yCheers Danny!!