blogg‎ > ‎

Hacking Social Protocols

posted Dec 1, 2016, 4:43 AM by Björn Spåra   [ updated Dec 1, 2016, 1:26 PM ]

My first real job (before I got into IT-Security) was in sales. With "sales" I mean the kind of sales where you walk up to random strangers on the street and pitch them various novel items carried with you in a duffel bag. With "real" I mean 100% commission based which meant that unless I actually sold something, I did not get payed. The random people I mentioned, often took it upon themselves to advise me to get a "real job", as if that idea had somehow escaped me. There is a lot to be said about this time in my life and the lessons I learned, dealing with people, sales psychology and entrepreneurship. However this post is not about that. This post is about hacking the mind and directing thoughts and actions of others towards you own objectives.

It was a beautiful spring day in Stockholm, Sweden - and I was working my way through a part of town where tourists like to stroll and take in the sights, when suddenly I came across a funny looking building I had not noticed before. It was a small yellow concrete structure with no windows and a solid iron gate. Intrigued, I walked up to the gate and noticed an intercom terminal and a small sign, identifying the occupants of this odd structure as the Customs Authority.

I pictured the inside of this structure as virgin territory, previously isolated with inhabitants totally unprepared for my brand of selling. I knew I had very little chances of gaining entry and that the people inside would most likely not react kindly to my presence, should I through some miracle succeed. Undeterred, I decided to boldly go where no soliciting was allowed. I pressed the button on the intercom..

"Customs" - said a female voice coming through from the other side of the massive gate designed to keep me out - obviously a security guard.

"Hello, is this the Customs Authority?" - said the younger me.

"Yes" - said the female voice.

"Oh good, thank you very much!" - said the would-be-antagonist (me). And the gate opened.

Partly due to my own surprise in my success, and the fact that the security guard quickly realized her mistake and rushed to physically block entrance - I did not actually go inside, which in hindsight is probably a good thing because I am pretty sure I would have gotten into trouble. But this little anecdote illustrates the power of the protocol and the vulnerabilities that may come as a result. By simply not conforming to protocol and advancing the conversation to a point where I was thanking the security guard for obliging, the security guard automatically opened the gate without thinking.

Humans can recover from this type of mistake, as the security guard at the Swedish Customs Authority promptly did, and react accordingly. Computers however, typically cannot. Any system (human or machine) that rely on protocol and expects a certain type of behaviour at a certain point in the process is potentially vulnerable.

Knowing how to shortcut thought processes and manufacture decisions based on injected ideas can be quite useful.