How Theater Helps You Hack Better

It’s a uncommon fact that I, Chang Tan Lister, is a amateur level method actor.

What is Method Acting?

Method-Acting in it’s simplest form is to encourage “sincere and emotional expressive performances” through three forms, “psychological”, “sociological”, and “behavioral”. https://en.wikipedia.org/wiki/Method_acting

For your amusement, here is a excerpt from: http://mentalfloss.com/article/64817/15-times-stars-took-method-acting-too-far

Billy Bob Thornton allegedly placed crushed glass within his shoes to develop the signature “shuffle” in the movie Sling Blade (1996).

That is Behavioral Method-Acting.

Halle Berry in the movie Jungle Fever (1991), spent two weeks without washing and visited a actual crack den to better fit her role as Vivian the crack addict.

That is Sociological Method-Acting.

One popular example of a Psychological Method-Actor is the now dead Heath Ledger, who prepared for his role as The Joker by locking himself into a hotel room, working his mind into the fictional psychopathic killer. https://www.buzzfeed.com/ellievhall/heath-ledgers-creepy-joker-diary-revealed

The Heath Ledger case is also a sad tale of how Method-Acting can damage your psyche, making it difficult for you to “snap-back” into a mentally fit condition. It has a very strong negative influence on your sleep for example.

Method-Acting can create extremely convincing demeanors and impressions against the minds of your pentesting targets, persuading them to hand over keys, open locked doors and gates, handing you credentials, etc.

Run that through your mind, right before you pentest a big office pretending to be a I.T. worker responding to a call on intermittent network connectivity. Maybe with the right performance, you can waved through the door, so you can plant a penetration testing dropbox or a LAN tap somewhere hidden within the building.

Scam callers, at least the successful ones, are Method-Actors that put up convincing charades over the telephone posing as a tech-support worker that encrypts your files locally by giving them remote access to your machine, or getting you to hand over your social security number and credit cards.

Writing like a woman for spearphishing

According to this statistical study between male and female authors of novels, there is a glaring difference between how different genders write.

This is absolutely critical in the spoofing a identity process of spearphishing. Citing the article “Gender Differences in Language Use: An Analysis of 14,000 Text Samples” by Matthew L. Newman, Carla J. Groom, Lori D. Handelman, James W. Pennebaker: https://pdfs.semanticscholar.org/a6f5/08e1d259b953622e1659784da93032bf3f07.pdf?fbclid=IwAR3oD-zlhqQRXr6biJCWGZd7SeftaZkLOgaJz0-ZCpEbLv2g2qq91T7eLWQ

Men tend to use language for more instrumental purposes of conveying information, in other words, describing through a paragraph more like a bullet-pointed list with a to-the-point kind of effect on the reader. While…

Women more likely to use verbal interaction for social purposes with verbal communication selfing as a end to itself, therefore more time-invested in developing social relationships between the characters and convincing the reader of it’s sincerity, like love for example.

In the professional workplace, our gender-roles tend to get brushed aside by the demands of professional writing, making our grammar and verbage more “stiff” and unisex. But in longer interactions with a customer or client (chat room or long email exchanges), these traits tend to stick out more.

Once you get caught and fingered as a imposter, or a person that has failed to demonstrate his or her status, role, and gender, the game is over. The entire organization you are pentesting are now keen to future attempts to deceive them once word slips around the workspace.

TLDR; either you write professionally and keep it short like a business memo, or if you are trying to cook up a convincing story except you are a dude but you are trying to become Raychelle Powers, External Auditor Acting on behalf of the Stock Exchange Commission’s allegations that you are connected to Susan Wu CPA of California, who recently was convicted of fraudulent financial reporting less than a month ago… you need to act your role properly.

 

The hidden power of NLP (Neuro-Linguistic Programming)

Widely dismissed as pseudoscience from the CIA, the initial stages of Neurolinguistic Programming or “NLP” does work, to some extent.

Its the more extravagent claims of NLP that falls flat on it’s face, like “Embedded Commands” (source).

NLP is founded by Richard Bandler and John Grinder back in the 1970s. Later on, Anthony Robbins (of Yes Man starring Jim Carrey’s fame) released his own NLP Self-Help Program.

However that same source, Hellbound Hackers did have some very good overviews of what Neuro-Linguistic Programming is:

NLP stands for nuero linguistic programming, and as the name suggests it is the programming of a person’ss subconscious mind to get them to do what you please. This is a very good skill to learn for social engineering. NLP is a real phenomenon that can be used by any person. The only real requirements to perform NLP are a working brain and the ability to speak.
NLP works in a way that you give a person subconscious suggestions while you are conversing with them. This is kind of like hypnosis, but NLP is not as noticeable and it is far more effective.
NLP is used in various forms throughout our life. Our teachers use it to keep students in line. Police use it to interrogate people. Advertisements rely on NLP to get their products sold, and we use it in our daily lives without even noticing it. NLP can and is used in therapy to help patients overcome fear and pain. NLP is also used by the military to interrogate POW and to gain intelligence. NLP can also be used in social engineering to exploit peoples trust and to gain further access into a system via social hacking the human factor.
NLP relies on the fact that our subconscious mind notices everything whether we choose to notice it or not. Our dreams come from our subconscious mind playing back and reviewing events in our lives. Our subconscious minds are vast and can retain a lot of information that we do not even realize that we have. NLP is not affected by religious doctrine or dogma, and it does not matter your ethnicity, race, or morals. Everyone can use NLP.
A lot of people do not believe in NLP because they believe in the Hollywood idea of psychics and hypnotists having strange and bizarre powers. But this is not true; NLP is an art of communicating with the subconscious mind of another person. Our subconscious minds are very susceptible to external influence, so a person can be easily influenced if you know how to confront and use these skills against their human nature or factor. Did you know that 95% of the reasoning behind a consumers purchase is associated with a subconscious decision?

The primary opener for Neuro-Linguistic Programming is the “Rapport Building” stage upon the initial contact with your target. Some people confuse this with “kissing-ass”, when in reality rapport building in a combination of compliments and insightful responses to your target to better build credibility of yourself and your chosen role. You don’t always say nice things to them, you control and redirect the subject of the conversation back to yourself (as the center of it), making you appear to be a expert in a specific topic.

NLP sessions are carefully calculated and guided by the practitioner for good (psychiatric help) and bad things (coercion, persuasion, etc.).

A easy method of using NLP on a target is to “suggest” to them (after rapport-building) a “bad idea”, then making it sound like “it was their idea” to begin with, which makes them more likely to act on it. By making positive associations of this action (like opening a locked door) such as satisfying their curiosity, giving them a ego-boost by one-upping their boss, or a collusion effort to commit a crime for a expected reward (sharing of the loot), they may be more convinced to follow along with your plan.

Now here comes the “Linguistic” part of NLP. There is a concept called “anchors”. They are words basically, and when I say that word, you automatically convey positive or negative emotions (associations) to that word.

Let’s say you are afraid of dogs. By mentioning that there is a dog over that fence, you might get automatic negative associations of perhaps a dog-attack you suffered through as a ten-year old. Those images come back as if it was really happening to you right now.

Using NLP, you can reverse a association to be positive (you love dogs, dogs are your best friend, your pet warned you about a burglary last week that saved your life), or negative. That requires more contact with the target however and the most important part of NLP is…

The victim must be willing to

  1. (A) Listen to you (established by rapport-building)
  2. and (B) Willing to change.

If they are combative in their talk with you, Neuro-Linguistic Programming is useless. Maybe it’s because you sound like a jerk, and they don’t want to listen to jerks. Before NLP can be used, rapport must be built up to better make your target suggestable and easily convincable.

Using NLP requires a careful analysis of your target’s “associations” to certain “anchors” and to manipulate the usage of those anchors to convey desired or intended emotions, then by suggesting to them a mischievous idea and filling their mind with delusions of grandeur, fulfillment, and achievement, you can get them to act on that idea.

Some may say that is a overdrawn version of Social Engineering, I say that it is a tool that greatly enhances the effect of it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s