SlideShare a Scribd company logo

Social engineering and indian jugaad

n|u - The Open Security Community
n|u - The Open Security Community

null Mumbai Chapter - October 2012 Meet

1 of 29
Download to read offline
Social Engineering and The Great Indian Jugaad
Case Study: Titanic 2 - The Surface Link: http://www.youtube.com/watch?v=vD4OnHCRd_4&feature=fvst Quick facts: • A movie trailer that was and is so popular that many people still “swear” to have seen it if it had been made into a movie. • 8 months after launching the trailer, 100% people in comments believed it was “real” •2 years after it was launched, still 70 % people furiously believed that it was real deal and refused to accept it was a fake trailer. • It took the original author to accept the fact publically on 2010 by updating video on Youtube that it was indeed a fake “trailer”
Case Study: Titanic 2 - The Surface
Case Study: Analysis • Why the trailer became so popular? • Why did people refuse to accept the fact for so long that it was a fake trailer ? • What made people change their mind? • Why trailer is fake or not is still debatable among the “first time viewers” ? • Why makes people who know it is a fake trailer still want to see it again ?
Case Study: Scene-wise Analysis
Case Study: Scene-wise Analysis (contd..)
Case Study: Scene-wise Analysis (contd..)
Social Engineering
Agenda for Social Engineering: • What is Social Engineering (SE) ? • Fundamental principals guiding the success of SE • Case Study Demonstration • Macro-expressions • Micro-expressions • Techniques used during Audit or SE Testing • Counter Measures for SE
What is Social Engineering? Act of influencing a person to take action that may or may not be in target’s interest. Good Social Engineers: Bad Social Engineers: Parents, Fraudsters, Doctors, Confidence tricksters Criminal Psychologists Malicious Insiders, Negotiators Espionage Agents, Salespersons Double-Agents, Diplomats Blackmailers, Whistle-blowers Human Traffickers, Magicians Terrorists
Fundamental principals guiding the success of SE Reciprocation: We are hard-wired to respond to a favour, often not in direct proportion to the size of the favour done to us. Commitment and Consistency: Once we have made a choice or taken a stand, we will encounter personal and inter-personal pressures to behave consistently with that commitment. Social Proof: One means we use to determine what is correct is to find out what other people think is correct. The principle applies especially to the way we decide what constitutes correct behaviour. Liking: As a rule, we prefer to say yes to the requests of someone we know and like Authority: The real culprit is our inability to resist the psychological power wielded by the person in authority. Scarcity: The influence of the scarcity principle in determining the worth of an item.
Case Study: Reliance Canteen episode Objective During our graduation days, we planned have food from the canteen without paying huge bills when our friend group grew large in size. The Opportunity Those days, Reliance had launched an offer that enabled you to talk free between 2 sims if you buy them. The SE Attack We gave the 2 sims to canteen serving boy for having him to talk “as much as he desires” to his village. We made an understanding that whenever our friend circle was visiting canteen, he will bring extra samosas or cold drinks without charging us extra on them. The Effect We used to get almost double the food for the price of few items or the half of the price. This went on un-noticed for 7-8 months.
Case Study: Analysis • Why did the plan work? • What could have caused failure of plan after 7-8 months? • What could have happened if we were caught earlier ?
Macro-expressions / Body language Macro-expression / Body language is a form of mental and physical ability of human non-verbal communication, which consists of body posture, gestures, facial expressions, and eye movements. Humans send and interpret such signals almost entirely subconsciously. Communication consists of : • 7% of what we say • 38% vocal(tone, accent, dialect) • 55% Non Verbal Non Verbal behaviour is depicted fundamentally by some body parts and how they act: • Feet/Legs (Most Accurate) • Torso • Hands • Neck • Mouth • Face (Least Accurate)
Macro-expressions :An Analysis
Pop Quiz: Identify this expression?
Micro-expressions A micro-expression is a brief, involuntary facial expression shown on the face of humans according to emotions experienced. Characteristics of micro-expressions: • They are very brief in duration, lasting only 1/25 to 1/15 of a second. • Highly Accurate in depicting the "actual" thought of the person. • Almost involuntary reflexes barely felt by the subject • Express the seven universal emotions: disgust, anger, fear, sadness, happiness, surprise, and contempt • It is difficult to hide micro-expression reactions
Techniques for controlling Micro & Macro expressions If you are stuck during conducting a social engineering exercise, the following tips might help for successfully carrying out testing: • On confronting an anti social or angry person; frown a bit and tilt your head by relaxing your shoulders. This indicates you are interested to hear him/her out and are not confronting directly. • Enter with a sad expression, the subject will involuntary feel sympathetic for you and will offer to help in most cases. • A friendly and warm reception always has higher chances of information retrieval than a rash or unfriendly behavior • Do everything in confidence even you know you are trapped. • Dress up nicely and walk in short sure steps. It gives an impression of authority and people are much likely to yield under this charismatic effect.
Counter Measures for Social Engineering Source: www.hackers5.com
Must Have Resources • Social Engineering: The Art of Human Hacking by Christopher Hadnagy • The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick • Influence: The Psychology of Persuasion by Robert B. Cialdini Links • Video: Nonverbal Human Hacking Derbycon 2012 http://www.irongeek.com/i.php?page=videos/derbycon2/2-1-2-chris-hadnagy- nonverbal-human-hacking • Body Language – Expressions on Google Android App Store: https://play.google.com/store/apps/details?id=com.Mazuzu.ExpressionTraining&hl=en
The Great Indian Jugaad
Agenda for Jugaad: • Introduction to Jugaad • The Indian Advantage • Effects of Jugaad and Hacks • Examples of Jugaad • Can Jugaad change lives?
Introduction to Jugaad Clever, creative and smart manuovore or workarounds to get the job done often by multipurpose or removing non-essential parts of a given tool. Jugaad also frequently refers to: • An innovative fix or a simple work-around used for solutions that bend rules or conventional approach • A person who can solve a complicated issue. Basically Jugaad signifies creativity to make existing things work or to create new things with “meagre" resources.
The Indian Advantage • Large educated population • Unemployment issues • Young dynamic work force raring to think “out of the box” ideas • Popularity of the social networking tools spreads ideas faster • Strong family ties and relations helps nurturing social cause • Heavy political influence and the thirst for power / influence • Competitive spirit due to large educated population Because of the above factors, India is uniquely positioned to take advantage of Jugaad and to play a pioneering role in it.
Effects of Jugaad • Increasingly being accepted as a management technique (in recession times  ) • Recognized worldwide as a form of frugal engineering pioneered in India. • A practice to reduce research and development costs by companies in India Jugaad and Hacks Similarity Both concepts express a need to do what needs to be done, without regard to what is conventionally supposed to be possible. Difference • An Indian pioneered concept vs a western intellectual term for applied innovation to get things done when required. • A jugaad can be thought of more as a survival tactic, whereas a hack is used in context of intellectual form.
Examples of Jugaad / Hacks Popular examples • What an idea, Sirji !! (idea Cellular Ad concepts) • “Lassi” churners used in washing machines • Bisleri 600 ml lead shot filled bottle used as dumbels • Disha maidan purpose bisleri half cut bottle  In Movies • “Ergo” film concept diagrams for convincing airport security Iranian officers • “Lord of War” flag sideway swap (from France to Dutch) • “Catch me if you can” various fraud scenes Personal Jugaad(s) • Hotmail Junk Filter manipulation to keep account activated • Cassette player song transfer to MP3 files • Admission form of UCER, UCEM • 8 marks increase by changing - to + signs in maths paper Personal hacks • Hutch multiple group mail at same rate (security misconfiguration) • BSNL UP(W) range swap to UP(E) • Telephone line detector to notify the free Internet line availability
Examples of Jugaad / Hacks Commercially Accepted Jugaad(s) • Tata Nano • Jaipur Foot • Aakash Tablet & Simputer • Radio Tuk Tuk (Gurgaon) • EcoCabs (Punjab) • Android, iOS, Windows Apps for locating restaurants & text translators by camera scan, • Cooperative bank working (for vegetable, fish vendors) • QR code scanner for buying grocery (South Korea)
Can a Jugaad change a life ? Sudha Chandran Jaipur Foot Sudha Chandran, an Indian actress and dancer, lost her limb in an accident in 1982. She subsequently overcame her disability with the help of a prosthetic 'Jaipur foot', becoming one of the most highly acclaimed dancers of the Indian subcontinent. Soon after she garnered fame and recognition by venturing into the world of films and television notable being “Kaahin Kissii Roz”, with her character of Ramola Sikand.
THANK YOU !!! Presented By: Manasdeep

Recommended

Social Engineering and importance in pentesting null OWASP G4H september meet
Social Engineering and importance in pentesting null OWASP G4H september meetSocial Engineering and importance in pentesting null OWASP G4H september meet
Social Engineering and importance in pentesting null OWASP G4H september meetprashsiv
 
Designing effective user research to discover the truth
Designing effective user research to discover the truth Designing effective user research to discover the truth
Designing effective user research to discover the truth PeakXD
 
superhumans and innovation workshops
superhumans and innovation workshopssuperhumans and innovation workshops
superhumans and innovation workshopsAgileDenver
 
Sxsw tree slideshare
Sxsw tree slideshareSxsw tree slideshare
Sxsw tree slideshareroscoe007
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Alexandre Sieira
 
Neuromarketing: The Brain Science of Web Marketing
Neuromarketing: The Brain Science of Web MarketingNeuromarketing: The Brain Science of Web Marketing
Neuromarketing: The Brain Science of Web MarketingWebVisions
 
Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...
Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...
Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...Lumina Learning
 
Banishing The Bull
Banishing The BullBanishing The Bull
Banishing The BullKevin Duncan
 

Recommended

Social Engineering and importance in pentesting null OWASP G4H september meet
Social Engineering and importance in pentesting null OWASP G4H september meetSocial Engineering and importance in pentesting null OWASP G4H september meet
Social Engineering and importance in pentesting null OWASP G4H september meetprashsiv
 
Designing effective user research to discover the truth
Designing effective user research to discover the truth Designing effective user research to discover the truth
Designing effective user research to discover the truth PeakXD
 
superhumans and innovation workshops
superhumans and innovation workshopssuperhumans and innovation workshops
superhumans and innovation workshopsAgileDenver
 
Sxsw tree slideshare
Sxsw tree slideshareSxsw tree slideshare
Sxsw tree slideshareroscoe007
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Alexandre Sieira
 
Neuromarketing: The Brain Science of Web Marketing
Neuromarketing: The Brain Science of Web MarketingNeuromarketing: The Brain Science of Web Marketing
Neuromarketing: The Brain Science of Web MarketingWebVisions
 
Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...
Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...
Staying Ahead of the Game - Innovation at Lumina Learning by Dr Stewart Desso...Lumina Learning
 
Banishing The Bull
Banishing The BullBanishing The Bull
Banishing The BullKevin Duncan
 
The cost of irrationality - how poker players perform better by avoiding cogn...
The cost of irrationality - how poker players perform better by avoiding cogn...The cost of irrationality - how poker players perform better by avoiding cogn...
The cost of irrationality - how poker players perform better by avoiding cogn...Lasse Ringstad
 
UX Australia 2015 Redux
UX Australia 2015 ReduxUX Australia 2015 Redux
UX Australia 2015 ReduxAnthony Clark
 
Mentored by a millionaire- The Law of Extraordinary Success
Mentored by a millionaire- The Law of Extraordinary Success Mentored by a millionaire- The Law of Extraordinary Success
Mentored by a millionaire- The Law of Extraordinary Success Jason Kwan
 
Psychology for Startups
Psychology for StartupsPsychology for Startups
Psychology for Startupsjericsinger
 
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT ITWHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT ITKevin Duncan
 
17 FROM 17: THE BEST BUSINESS BOOKS OF 2017
17 FROM 17: THE BEST BUSINESS BOOKS OF 201717 FROM 17: THE BEST BUSINESS BOOKS OF 2017
17 FROM 17: THE BEST BUSINESS BOOKS OF 2017Kevin Duncan
 
Jugad in india
Jugad in indiaJugad in india
Jugad in indiaArshad Iqbal
 
Indian jugaads
Indian jugaadsIndian jugaads
Indian jugaadssamtam123
 
Jugaad - indian style of innovation
Jugaad - indian style of innovationJugaad - indian style of innovation
Jugaad - indian style of innovationVikas C
 
Jugaad (जुगाड़)
Jugaad (जुगाड़)Jugaad (जुगाड़)
Jugaad (जुगाड़)Ambar Utkarsh
 
Jugaad innovation
Jugaad innovationJugaad innovation
Jugaad innovationAmaia Giralt
 
Indian Jugaad
Indian JugaadIndian Jugaad
Indian JugaadSantosh Maurya
 
Indian Jugaad Technology (Frugal Engineering)
Indian Jugaad Technology (Frugal Engineering)Indian Jugaad Technology (Frugal Engineering)
Indian Jugaad Technology (Frugal Engineering)Javed Rizvi
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015n|u - The Open Security Community
 
SMCFW - SXSW Downloaded
SMCFW - SXSW DownloadedSMCFW - SXSW Downloaded
SMCFW - SXSW DownloadedSocial Media Club Fort Worth
 
#ThinkPH Social Media Sentiment Analysis
#ThinkPH Social Media Sentiment Analysis#ThinkPH Social Media Sentiment Analysis
#ThinkPH Social Media Sentiment AnalysisRobin Leonard
 
Designing for behaviour change
Designing for behaviour changeDesigning for behaviour change
Designing for behaviour changePhil Barrett
 
Sentiment Analysis and Applications in the News and Media Industry
Sentiment Analysis and Applications in the News and Media IndustrySentiment Analysis and Applications in the News and Media Industry
Sentiment Analysis and Applications in the News and Media IndustryRobin Leonard
 
Persuasion architectures: Nudging People to do the Right Thing
Persuasion architectures: Nudging People to do the Right ThingPersuasion architectures: Nudging People to do the Right Thing
Persuasion architectures: Nudging People to do the Right ThingUser Vision
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Matt Hathaway
 
Think epic be epic
Think epic be epicThink epic be epic
Think epic be epicHuman Capital Media
 
How Not to Destroy the World: Ethics in Design and Technology
How Not to Destroy the World: Ethics in Design and TechnologyHow Not to Destroy the World: Ethics in Design and Technology
How Not to Destroy the World: Ethics in Design and TechnologyMorten Rand-Hendriksen
 

More Related Content

What's hot

The cost of irrationality - how poker players perform better by avoiding cogn...
The cost of irrationality - how poker players perform better by avoiding cogn...The cost of irrationality - how poker players perform better by avoiding cogn...
The cost of irrationality - how poker players perform better by avoiding cogn...Lasse Ringstad
 
UX Australia 2015 Redux
UX Australia 2015 ReduxUX Australia 2015 Redux
UX Australia 2015 ReduxAnthony Clark
 
Mentored by a millionaire- The Law of Extraordinary Success
Mentored by a millionaire- The Law of Extraordinary Success Mentored by a millionaire- The Law of Extraordinary Success
Mentored by a millionaire- The Law of Extraordinary Success Jason Kwan
 
Psychology for Startups
Psychology for StartupsPsychology for Startups
Psychology for Startupsjericsinger
 
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT ITWHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT ITKevin Duncan
 
17 FROM 17: THE BEST BUSINESS BOOKS OF 2017
17 FROM 17: THE BEST BUSINESS BOOKS OF 201717 FROM 17: THE BEST BUSINESS BOOKS OF 2017
17 FROM 17: THE BEST BUSINESS BOOKS OF 2017Kevin Duncan
 

What's hot (6)

The cost of irrationality - how poker players perform better by avoiding cogn...
The cost of irrationality - how poker players perform better by avoiding cogn...The cost of irrationality - how poker players perform better by avoiding cogn...
The cost of irrationality - how poker players perform better by avoiding cogn...
 
UX Australia 2015 Redux
UX Australia 2015 ReduxUX Australia 2015 Redux
UX Australia 2015 Redux
 
Mentored by a millionaire- The Law of Extraordinary Success
Mentored by a millionaire- The Law of Extraordinary Success Mentored by a millionaire- The Law of Extraordinary Success
Mentored by a millionaire- The Law of Extraordinary Success
 
Psychology for Startups
Psychology for StartupsPsychology for Startups
Psychology for Startups
 
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT ITWHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
WHY PEOPLE BULLSHIT AND WHAT TO DO ABOUT IT
 
17 FROM 17: THE BEST BUSINESS BOOKS OF 2017
17 FROM 17: THE BEST BUSINESS BOOKS OF 201717 FROM 17: THE BEST BUSINESS BOOKS OF 2017
17 FROM 17: THE BEST BUSINESS BOOKS OF 2017
 

Viewers also liked

Indian jugaads
Indian jugaadsIndian jugaads
Indian jugaadssamtam123
 
Jugaad - indian style of innovation
Jugaad - indian style of innovationJugaad - indian style of innovation
Jugaad - indian style of innovationVikas C
 
Jugaad (जुगाड़)
Jugaad (जुगाड़)Jugaad (जुगाड़)
Jugaad (जुगाड़)Ambar Utkarsh
 
Indian Jugaad Technology (Frugal Engineering)
Indian Jugaad Technology (Frugal Engineering)Indian Jugaad Technology (Frugal Engineering)
Indian Jugaad Technology (Frugal Engineering)Javed Rizvi
 

Viewers also liked (7)

Jugad in india
Jugad in indiaJugad in india
Jugad in india
 
Indian jugaads
Indian jugaadsIndian jugaads
Indian jugaads
 
Jugaad - indian style of innovation
Jugaad - indian style of innovationJugaad - indian style of innovation
Jugaad - indian style of innovation
 
Jugaad (जुगाड़)
Jugaad (जुगाड़)Jugaad (जुगाड़)
Jugaad (जुगाड़)
 
Jugaad innovation
Jugaad innovationJugaad innovation
Jugaad innovation
 
Indian Jugaad
Indian JugaadIndian Jugaad
Indian Jugaad
 
Indian Jugaad Technology (Frugal Engineering)
Indian Jugaad Technology (Frugal Engineering)Indian Jugaad Technology (Frugal Engineering)
Indian Jugaad Technology (Frugal Engineering)
 

Similar to Social engineering and indian jugaad

Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015n|u - The Open Security Community
 
#ThinkPH Social Media Sentiment Analysis
#ThinkPH Social Media Sentiment Analysis#ThinkPH Social Media Sentiment Analysis
#ThinkPH Social Media Sentiment AnalysisRobin Leonard
 
Designing for behaviour change
Designing for behaviour changeDesigning for behaviour change
Designing for behaviour changePhil Barrett
 
Sentiment Analysis and Applications in the News and Media Industry
Sentiment Analysis and Applications in the News and Media IndustrySentiment Analysis and Applications in the News and Media Industry
Sentiment Analysis and Applications in the News and Media IndustryRobin Leonard
 
Persuasion architectures: Nudging People to do the Right Thing
Persuasion architectures: Nudging People to do the Right ThingPersuasion architectures: Nudging People to do the Right Thing
Persuasion architectures: Nudging People to do the Right ThingUser Vision
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Matt Hathaway
 
How Not to Destroy the World: Ethics in Design and Technology
How Not to Destroy the World: Ethics in Design and TechnologyHow Not to Destroy the World: Ethics in Design and Technology
How Not to Destroy the World: Ethics in Design and TechnologyMorten Rand-Hendriksen
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
The Best from the UX Summit in Chicago
The Best from the UX Summit in ChicagoThe Best from the UX Summit in Chicago
The Best from the UX Summit in ChicagoLina Angel
 
Npma 2015 referral websites reputation management
Npma 2015 referral websites reputation managementNpma 2015 referral websites reputation management
Npma 2015 referral websites reputation managementDonnie Shelton
 
Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seductionb coatesworth
 
Immerse, Imagine, Invent, Articulate: A framework for disruptive innovation
Immerse, Imagine, Invent, Articulate: A framework for disruptive innovationImmerse, Imagine, Invent, Articulate: A framework for disruptive innovation
Immerse, Imagine, Invent, Articulate: A framework for disruptive innovationPaulJervisHeath
 
Startups and Smalltak - Presented at Smalltalks2014 Córdoba, Argentina
Startups and Smalltak - Presented at Smalltalks2014 Córdoba, ArgentinaStartups and Smalltak - Presented at Smalltalks2014 Córdoba, Argentina
Startups and Smalltak - Presented at Smalltalks2014 Córdoba, Argentinasebastian sastre
 
Communication Hacks: Strategies for fostering collaboration and dealing with ...
Communication Hacks: Strategies for fostering collaboration and dealing with ...Communication Hacks: Strategies for fostering collaboration and dealing with ...
Communication Hacks: Strategies for fostering collaboration and dealing with ...All Things Open
 
The Psychology of Social Marketing
The Psychology of Social MarketingThe Psychology of Social Marketing
The Psychology of Social MarketingTom Penney
 
Driving healthy habits through behavioral product design (short) pdf
Driving healthy habits through behavioral product design (short) pdfDriving healthy habits through behavioral product design (short) pdf
Driving healthy habits through behavioral product design (short) pdfSunil Maulik
 
Y&R Study Results: Secrets and lies sept 19
Y&R Study Results: Secrets and lies sept 19Y&R Study Results: Secrets and lies sept 19
Y&R Study Results: Secrets and lies sept 19Leonard Murphy
 

Similar to Social engineering and indian jugaad (20)

Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
 
SMCFW - SXSW Downloaded
SMCFW - SXSW DownloadedSMCFW - SXSW Downloaded
SMCFW - SXSW Downloaded
 
#ThinkPH Social Media Sentiment Analysis
#ThinkPH Social Media Sentiment Analysis#ThinkPH Social Media Sentiment Analysis
#ThinkPH Social Media Sentiment Analysis
 
Designing for behaviour change
Designing for behaviour changeDesigning for behaviour change
Designing for behaviour change
 
Sentiment Analysis and Applications in the News and Media Industry
Sentiment Analysis and Applications in the News and Media IndustrySentiment Analysis and Applications in the News and Media Industry
Sentiment Analysis and Applications in the News and Media Industry
 
Persuasion architectures: Nudging People to do the Right Thing
Persuasion architectures: Nudging People to do the Right ThingPersuasion architectures: Nudging People to do the Right Thing
Persuasion architectures: Nudging People to do the Right Thing
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
 
Think epic be epic
Think epic be epicThink epic be epic
Think epic be epic
 
How Not to Destroy the World: Ethics in Design and Technology
How Not to Destroy the World: Ethics in Design and TechnologyHow Not to Destroy the World: Ethics in Design and Technology
How Not to Destroy the World: Ethics in Design and Technology
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
The Best from the UX Summit in Chicago
The Best from the UX Summit in ChicagoThe Best from the UX Summit in Chicago
The Best from the UX Summit in Chicago
 
Npma 2015 referral websites reputation management
Npma 2015 referral websites reputation managementNpma 2015 referral websites reputation management
Npma 2015 referral websites reputation management
 
Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seduction
 
Immerse, Imagine, Invent, Articulate: A framework for disruptive innovation
Immerse, Imagine, Invent, Articulate: A framework for disruptive innovationImmerse, Imagine, Invent, Articulate: A framework for disruptive innovation
Immerse, Imagine, Invent, Articulate: A framework for disruptive innovation
 
Human centered design and Social media
Human centered design and Social mediaHuman centered design and Social media
Human centered design and Social media
 
Startups and Smalltak - Presented at Smalltalks2014 Córdoba, Argentina
Startups and Smalltak - Presented at Smalltalks2014 Córdoba, ArgentinaStartups and Smalltak - Presented at Smalltalks2014 Córdoba, Argentina
Startups and Smalltak - Presented at Smalltalks2014 Córdoba, Argentina
 
Communication Hacks: Strategies for fostering collaboration and dealing with ...
Communication Hacks: Strategies for fostering collaboration and dealing with ...Communication Hacks: Strategies for fostering collaboration and dealing with ...
Communication Hacks: Strategies for fostering collaboration and dealing with ...
 
The Psychology of Social Marketing
The Psychology of Social MarketingThe Psychology of Social Marketing
The Psychology of Social Marketing
 
Driving healthy habits through behavioral product design (short) pdf
Driving healthy habits through behavioral product design (short) pdfDriving healthy habits through behavioral product design (short) pdf
Driving healthy habits through behavioral product design (short) pdf
 
Y&R Study Results: Secrets and lies sept 19
Y&R Study Results: Secrets and lies sept 19Y&R Study Results: Secrets and lies sept 19
Y&R Study Results: Secrets and lies sept 19
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Social engineering and indian jugaad

  • 1. Social Engineering and The Great Indian Jugaad
  • 2. Case Study: Titanic 2 - The Surface Link: http://www.youtube.com/watch?v=vD4OnHCRd_4&feature=fvst Quick facts: • A movie trailer that was and is so popular that many people still “swear” to have seen it if it had been made into a movie. • 8 months after launching the trailer, 100% people in comments believed it was “real” •2 years after it was launched, still 70 % people furiously believed that it was real deal and refused to accept it was a fake trailer. • It took the original author to accept the fact publically on 2010 by updating video on Youtube that it was indeed a fake “trailer”
  • 3. Case Study: Titanic 2 - The Surface
  • 4. Case Study: Analysis • Why the trailer became so popular? • Why did people refuse to accept the fact for so long that it was a fake trailer ? • What made people change their mind? • Why trailer is fake or not is still debatable among the “first time viewers” ? • Why makes people who know it is a fake trailer still want to see it again ?
  • 6. Case Study: Scene-wise Analysis (contd..)
  • 7. Case Study: Scene-wise Analysis (contd..)
  • 9. Agenda for Social Engineering: • What is Social Engineering (SE) ? • Fundamental principals guiding the success of SE • Case Study Demonstration • Macro-expressions • Micro-expressions • Techniques used during Audit or SE Testing • Counter Measures for SE
  • 10. What is Social Engineering? Act of influencing a person to take action that may or may not be in target’s interest. Good Social Engineers: Bad Social Engineers: Parents, Fraudsters, Doctors, Confidence tricksters Criminal Psychologists Malicious Insiders, Negotiators Espionage Agents, Salespersons Double-Agents, Diplomats Blackmailers, Whistle-blowers Human Traffickers, Magicians Terrorists
  • 11. Fundamental principals guiding the success of SE Reciprocation: We are hard-wired to respond to a favour, often not in direct proportion to the size of the favour done to us. Commitment and Consistency: Once we have made a choice or taken a stand, we will encounter personal and inter-personal pressures to behave consistently with that commitment. Social Proof: One means we use to determine what is correct is to find out what other people think is correct. The principle applies especially to the way we decide what constitutes correct behaviour. Liking: As a rule, we prefer to say yes to the requests of someone we know and like Authority: The real culprit is our inability to resist the psychological power wielded by the person in authority. Scarcity: The influence of the scarcity principle in determining the worth of an item.
  • 12. Case Study: Reliance Canteen episode Objective During our graduation days, we planned have food from the canteen without paying huge bills when our friend group grew large in size. The Opportunity Those days, Reliance had launched an offer that enabled you to talk free between 2 sims if you buy them. The SE Attack We gave the 2 sims to canteen serving boy for having him to talk “as much as he desires” to his village. We made an understanding that whenever our friend circle was visiting canteen, he will bring extra samosas or cold drinks without charging us extra on them. The Effect We used to get almost double the food for the price of few items or the half of the price. This went on un-noticed for 7-8 months.
  • 13. Case Study: Analysis • Why did the plan work? • What could have caused failure of plan after 7-8 months? • What could have happened if we were caught earlier ?
  • 14. Macro-expressions / Body language Macro-expression / Body language is a form of mental and physical ability of human non-verbal communication, which consists of body posture, gestures, facial expressions, and eye movements. Humans send and interpret such signals almost entirely subconsciously. Communication consists of : • 7% of what we say • 38% vocal(tone, accent, dialect) • 55% Non Verbal Non Verbal behaviour is depicted fundamentally by some body parts and how they act: • Feet/Legs (Most Accurate) • Torso • Hands • Neck • Mouth • Face (Least Accurate)
  • 16. Pop Quiz: Identify this expression?
  • 17. Micro-expressions A micro-expression is a brief, involuntary facial expression shown on the face of humans according to emotions experienced. Characteristics of micro-expressions: • They are very brief in duration, lasting only 1/25 to 1/15 of a second. • Highly Accurate in depicting the "actual" thought of the person. • Almost involuntary reflexes barely felt by the subject • Express the seven universal emotions: disgust, anger, fear, sadness, happiness, surprise, and contempt • It is difficult to hide micro-expression reactions
  • 18. Techniques for controlling Micro & Macro expressions If you are stuck during conducting a social engineering exercise, the following tips might help for successfully carrying out testing: • On confronting an anti social or angry person; frown a bit and tilt your head by relaxing your shoulders. This indicates you are interested to hear him/her out and are not confronting directly. • Enter with a sad expression, the subject will involuntary feel sympathetic for you and will offer to help in most cases. • A friendly and warm reception always has higher chances of information retrieval than a rash or unfriendly behavior • Do everything in confidence even you know you are trapped. • Dress up nicely and walk in short sure steps. It gives an impression of authority and people are much likely to yield under this charismatic effect.
  • 19. Counter Measures for Social Engineering Source: www.hackers5.com
  • 20. Must Have Resources • Social Engineering: The Art of Human Hacking by Christopher Hadnagy • The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick • Influence: The Psychology of Persuasion by Robert B. Cialdini Links • Video: Nonverbal Human Hacking Derbycon 2012 http://www.irongeek.com/i.php?page=videos/derbycon2/2-1-2-chris-hadnagy- nonverbal-human-hacking • Body Language – Expressions on Google Android App Store: https://play.google.com/store/apps/details?id=com.Mazuzu.ExpressionTraining&hl=en
  • 22. Agenda for Jugaad: • Introduction to Jugaad • The Indian Advantage • Effects of Jugaad and Hacks • Examples of Jugaad • Can Jugaad change lives?
  • 23. Introduction to Jugaad Clever, creative and smart manuovore or workarounds to get the job done often by multipurpose or removing non-essential parts of a given tool. Jugaad also frequently refers to: • An innovative fix or a simple work-around used for solutions that bend rules or conventional approach • A person who can solve a complicated issue. Basically Jugaad signifies creativity to make existing things work or to create new things with “meagre" resources.
  • 24. The Indian Advantage • Large educated population • Unemployment issues • Young dynamic work force raring to think “out of the box” ideas • Popularity of the social networking tools spreads ideas faster • Strong family ties and relations helps nurturing social cause • Heavy political influence and the thirst for power / influence • Competitive spirit due to large educated population Because of the above factors, India is uniquely positioned to take advantage of Jugaad and to play a pioneering role in it.
  • 25. Effects of Jugaad • Increasingly being accepted as a management technique (in recession times  ) • Recognized worldwide as a form of frugal engineering pioneered in India. • A practice to reduce research and development costs by companies in India Jugaad and Hacks Similarity Both concepts express a need to do what needs to be done, without regard to what is conventionally supposed to be possible. Difference • An Indian pioneered concept vs a western intellectual term for applied innovation to get things done when required. • A jugaad can be thought of more as a survival tactic, whereas a hack is used in context of intellectual form.
  • 26. Examples of Jugaad / Hacks Popular examples • What an idea, Sirji !! (idea Cellular Ad concepts) • “Lassi” churners used in washing machines • Bisleri 600 ml lead shot filled bottle used as dumbels • Disha maidan purpose bisleri half cut bottle  In Movies • “Ergo” film concept diagrams for convincing airport security Iranian officers • “Lord of War” flag sideway swap (from France to Dutch) • “Catch me if you can” various fraud scenes Personal Jugaad(s) • Hotmail Junk Filter manipulation to keep account activated • Cassette player song transfer to MP3 files • Admission form of UCER, UCEM • 8 marks increase by changing - to + signs in maths paper Personal hacks • Hutch multiple group mail at same rate (security misconfiguration) • BSNL UP(W) range swap to UP(E) • Telephone line detector to notify the free Internet line availability
  • 27. Examples of Jugaad / Hacks Commercially Accepted Jugaad(s) • Tata Nano • Jaipur Foot • Aakash Tablet & Simputer • Radio Tuk Tuk (Gurgaon) • EcoCabs (Punjab) • Android, iOS, Windows Apps for locating restaurants & text translators by camera scan, • Cooperative bank working (for vegetable, fish vendors) • QR code scanner for buying grocery (South Korea)
  • 28. Can a Jugaad change a life ? Sudha Chandran Jaipur Foot Sudha Chandran, an Indian actress and dancer, lost her limb in an accident in 1982. She subsequently overcame her disability with the help of a prosthetic 'Jaipur foot', becoming one of the most highly acclaimed dancers of the Indian subcontinent. Soon after she garnered fame and recognition by venturing into the world of films and television notable being “Kaahin Kissii Roz”, with her character of Ramola Sikand.
  • 29. THANK YOU !!! Presented By: Manasdeep