1
00:00:00,810 --> 00:00:06,540
It's time for the practical part I would like to show you how easy it is to fix someone's identity using

2
00:00:06,540 --> 00:00:15,310
websites such as fake name generator dot spoof tell Dot com or fake my text does come.

3
00:00:15,350 --> 00:00:21,190
I would also like to show you social engineer toolkit some techniques collected and described as social

4
00:00:21,190 --> 00:00:22,390
engineering.

5
00:00:24,590 --> 00:00:30,830
Then we'll use an Internet platform called Meadow split to make a social engineering attack automatic.

6
00:00:30,870 --> 00:00:37,720
Let's start with creating a new identity suppose you're not very creative and you don't feel like inventing

7
00:00:37,720 --> 00:00:38,470
a birthplace.

8
00:00:38,500 --> 00:00:41,270
Mother's maiden name and such.

9
00:00:41,390 --> 00:00:44,390
Here's where a fake name generator dot com comes in handy

10
00:00:47,050 --> 00:00:48,000
using this Web site.

11
00:00:48,010 --> 00:00:53,530
All you have to do to fake an identity is to choose nationality and country of origin.

12
00:00:53,530 --> 00:01:00,580
This is all the basic information required.

13
00:01:00,610 --> 00:01:03,420
The Web site generated a fake identity.

14
00:01:03,620 --> 00:01:06,180
Our new name is William Ward.

15
00:01:06,180 --> 00:01:07,670
We live in Fort Washington.

16
00:01:08,860 --> 00:01:16,480
You can see our new telephone number email address website password mother's maiden name date of birth

17
00:01:16,900 --> 00:01:23,250
credit card number and expiration date and much more interesting data.

18
00:01:23,260 --> 00:01:27,930
It takes one click to create a new online identity.

19
00:01:28,000 --> 00:01:31,960
If you really need to make it look convincing you can start up a blog.

20
00:01:31,960 --> 00:01:38,540
Add some photos and write some entries and if you write that you're a millionaire or a sportsman and

21
00:01:38,540 --> 00:01:43,090
that you like light music it may turn out that the fake profile will have more followers than the real

22
00:01:43,090 --> 00:01:51,930
one and that everyone will know you one real life example is a man who after creating a Web site got

23
00:01:51,930 --> 00:01:56,020
seven hundred thousand messages with birthday wishes from people whom he didn't know at all.

24
00:01:58,270 --> 00:02:03,710
Not all the personal information you find on the Internet is real.

25
00:02:03,790 --> 00:02:10,010
Let's now go to spoof telecomm the site allows you to fake a phone number you're calling from.

26
00:02:10,050 --> 00:02:13,020
It can also change the voice of the speaker.

27
00:02:13,270 --> 00:02:18,280
If your telephone display shows an incoming call from Warsaw and even if it seems that you're speaking

28
00:02:18,280 --> 00:02:21,540
with a 10 year old child this is not necessarily so.

29
00:02:23,710 --> 00:02:27,790
It may turn out to be your colleague calling from the other room using services provided by spoofed

30
00:02:27,800 --> 00:02:30,710
tel.

31
00:02:30,860 --> 00:02:39,570
If you can fake phone calls can you also fake text messages.

32
00:02:39,570 --> 00:02:45,680
Of course you can a phone call lets you pretend that you're working for a certain company.

33
00:02:47,400 --> 00:02:50,990
Text message lets you lure a person you'd like to see out of a company's building.

34
00:02:52,920 --> 00:02:57,000
For example we could arrange a meeting at a spot where we've lost a memory stick.

35
00:02:59,120 --> 00:03:01,590
A person who finds it will probably try to see what's on it.

36
00:03:01,610 --> 00:03:08,790
Out of sheer curiosity if the person has left the company is building just for a little while he or

37
00:03:08,790 --> 00:03:11,120
she will not go home to see what's on the memory stick.

38
00:03:12,090 --> 00:03:15,600
Rather they return inside and just connect it to any available computer.

39
00:03:17,890 --> 00:03:21,220
This operation is enough for a successful social engineering attack.

40
00:03:23,890 --> 00:03:32,170
To fake text messages you can use fake my text dot com.

41
00:03:32,400 --> 00:03:38,290
Let's say something more about attack methods and social engineering.

42
00:03:38,560 --> 00:03:43,900
You can find a very interesting website useful not only for people who want to actively engage in social

43
00:03:43,900 --> 00:03:49,360
engineering.

44
00:03:49,590 --> 00:03:55,370
You can also learn to be able to tell when somebody is trying to manipulate you.

45
00:03:55,440 --> 00:04:00,720
Please note the framework of the Web site the information provided there gives you an insight to the

46
00:04:00,720 --> 00:04:07,120
tools used by the attackers.

47
00:04:07,130 --> 00:04:13,770
Please look at the pen you see in the slide this elegant pen surely writes well but it can also be used

48
00:04:13,770 --> 00:04:17,780
as a sensitive microphone and a memory stick.

49
00:04:17,830 --> 00:04:21,920
If you give it to someone as a gift you will know what that person talks about at work.

50
00:04:28,990 --> 00:04:33,940
In the section principles of psychology you can find an article describing the human buffer overflow

51
00:04:33,940 --> 00:04:39,090
attack.

52
00:04:39,200 --> 00:04:44,820
The pictures show simple messages with a closer look though things get confusing.

53
00:04:46,620 --> 00:04:49,440
The picture presents contradictory pieces of information.

54
00:04:51,710 --> 00:04:54,170
The writing which says yellow is green.

55
00:04:54,290 --> 00:04:56,800
The one saying black is yellow.

56
00:04:56,810 --> 00:04:59,700
The purpose of that is to confuse our perceptive skills.

57
00:05:08,780 --> 00:05:13,180
Not that you don't get confused listening to a fast speech.

58
00:05:13,290 --> 00:05:18,110
On average a person utters 150 words per minute.

59
00:05:18,170 --> 00:05:23,740
The brain however can process even 500 to 600 words per minute.

60
00:05:23,740 --> 00:05:28,120
People generally don't speak at a pace that would make it impossible to follow their train of thought.

61
00:05:28,570 --> 00:05:30,920
But you don't need to speak fast to confuse people.

62
00:05:32,230 --> 00:05:39,400
You just have to provide them with contradictory information containing simple commands.

63
00:05:39,410 --> 00:05:43,040
If a person wants to understand you you just have to give them hints.

64
00:05:43,280 --> 00:05:50,370
Simple instructions discernible in your intonation pattern people naturally follow such hands.

65
00:05:50,790 --> 00:05:55,890
They'll do what you want them to.

66
00:05:55,910 --> 00:05:59,960
I encourage you to visit the website because you can read about a few interesting techniques there.