To anyone who is interested in social engineering as an art or science – passing or otherwise? Not really. Does it fulfill its role as a protective tool against non-verbal communication? Again, not really. There’s just too much of an awkward balance between in-depth explanation and practical advice. It doesn’t feel specific and structured enough to be a blueprint, and not inclusive enough to be a handbook.

And, it’s not practical and demonstrative enough to be either of those. So, I’m left stranded as to who to recommend this to – because honestly, I’d much prefer to recommend Ekman’s work and explain its application in a much more condensed format.

This long list of sometimes seemingly insignificant complaints might give you the impression that I believe ‘Unmasking the Social Engineer’ is a bad book. It’s not.

It’s characteristically fun to read and well-written, well-researched and competently edited – I really do mean that. Hadnagy, Ekman and Kelly are all absolutely brilliant – geniuses in their respective professions. the former two have been my idols and examples for many years, and that isn’t without reason.

However, this amalgamation of awesome names and backgrounds does not hide the fact that ‘Unmasking the Social Engineer’ doesn’t really fit in anywhere, nor does it excuse it its faults. It is clear what it set out to do, and it it’s also clear what it became instead. Maybe it would fit as a quasi-handbook mostly read in preparation of Hadnagy’s consultation and auditing services, where he can demonstrate its application and answer questions and expand more thoroughly on raised topics in person. Otherwise, and to anyone with any time on their hands, there are plenty of better alternatives.

It is serviceable, but it does not stand well on its own – it simply doesn’t provide enough deeper understanding or contextualization to match Ekman’s books plus an evaluatory article or two and a list of exercises. Those will inevitably accomplish far more, and provide both beginning and advanced social engineers with a more complete, if not a more well-rounded experience.

And to be blunt, if he were to paraphrase and condense this book’s contents into a couple of rules to follow and a couple of exercises to practice, (e.g. ‘Always ask for ID and external authorization – no exceptions’), with a short seminar explaining the more fundamental ‘how’s’ and ‘why’s’, I think he’d end up providing the client companies’ personnel with both more practical and intuitive ways to defend themselves against Social Engineering attacks.

One good thing about reason I will share, is that it did provide a nice basis and motivation for comfortably reassessing the ways in which I’ve been putting Social Engineering into practice, and imagine possible new applications of the things listed in the book – an elaborate sequence of thought experiments, if you will. However, that occurs naturally with any piece of information, not just this book, so take from that what you will.

Over-all, I ended up finishing this book with the strong impression it was not worth my time, if only because I didn’t need this book in the same way that I needed ‘Social Engineering: The Art of Human Hacking‘ – it’s just not definitive, exhaustive and expansive enough. It doesn’t encapsulate enough for me to forget the fact that I already know what’s in here in vastly more detail.

Maybe I’m just not his audience anymore – but if so, neither is the rest of the /r/socialengineering community.

Still, I don’t regret buying this book. Why? Well, because there is no person out there responsible for the defining, refining and promoting of an entire discipline of applied psychology quite like Christopher Hadnagy is. He is a legend, a champion, and a sage of Social Engineering – and he deserves all due recognition and credit for it. Ultimately, though, my personal celebration and veneration of his person is not sufficient reason for you to spend money on this one book I am certain you won’t need.

With love,

– Joven

The post [011] Conclusion – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

Chapter 8 opens with Robert Dreeke’s ‘Top Ten Principles for Building Quick Rapport with Anyone,’ which he has listed once before in this book. They are:

1. Artificial time constraints.
2. Accommodating non-verbals.
3. Slower rate of speech.
4. Sympathy and assistance themes.
5. Ego suspension.
6. Validation.
7. Ask how, when, why questions.
8. Quid pro quo.
9. Reciprocal altruism.
10. Manage expectations.

For more information, I recommend Googling ‘Robert Dreeke 10 Principles Building Rapport.’

Though I haven’t yet fully read Robert Dreek’s ‘Not All About “Me,”‘ I do feel that this list is missing some key rapport building techniques, most notably ‘Mirroring,’ where you mirror the targets gestures, stance and manner of speech.

Hadnagy then lists a few questions that typically go through the head of someone being approached:

– “Who is this?”

– “What does he want?”

– “Is he a threat?”

– “How long will he be a part of my life?”

He then goes down Dreek’s list point by point, explaining how they each answer one or more of those questions. Though interesting, it’s nothing you wouldn’t find by Googling those principles – and again, could have been shorter.

Finally, we get to the eyebrows, the last part of the body that wasn’t specifically covered yet, and how they are used to communicate conversational signals.

Take Hadnagy’s advice and learn all about them by just noticing the eyebrows as you see people talking, and as you are talking to people. Replicate the expression you’d make under the circumstances of disbelief, astonishment, skepticism, and notice the situations where you’d make use of a head nod and head bobbling. Practice using them more frequently to show you’re engaged in the conversation.

Chapter 9: Putting It All Together:

This chapter shows two things very clearly:

1) This book never gets around to becoming a proper learning experience. It falls short of whatever its intended goal is.

2) Hadnagy is a true inspiration and it is no surprise why he is still a hero of mine, and a shining example of what I hope I can someday be.

It is so clear that this book, and his previous, and Social Engineering as an art and a science, is so deeply personal to Hadnagy. I don’t think anyone can quite say they have the passion and knowledge and presence that Hadnagy has in this field. To me, he is the lifeblood of Social Engineering.

He has such an obvious concern for the well-being of not only his clients, but his readership, and people in general. He is not only one of the best, if not the best social engineer, but deeply and profoundly moral as well.

He and I agree that intent, not method, decides morality. What he understands better than anyone, however, is that education and then action is the fix for most, if not all the dark that we humans create. Knowledge, and the motivation to use that knowledge.

Hadnagy often states, and now is no exception, that your goal should be to ‘Have them feel better for having met you,’ with which I couldn’t agree more.

His other advice includes using skilled and experienced ‘training partners’ when learning Social Engineering ‘self-defense,’ which is generally good advice, and he advises us to practice (perfectly) often, until all of it becomes second nature, or at least intuitive to some degree.

Lastly, in conclusion of his book, he asks of us all that we learn and teach to think critically about all information, not just some. Explore and test your realities and their limits, including everything you take for granted on a daily basis, like a woman in orange work uniform asking you if you ‘are willing to donate to ‘charity x’.’

If by any chance Hadnagy should ever read this, and not be discouraged or dissuaded from reading to this point, I would like to thank him, from the bottom of my heart, for the knowledge and inspiration he has given me over the years.

Without him, none of what I do would be possible. And without doing what I do, I wouldn’t have been where or who I am. And, I hope to have done him proud in some way, even if he vehemently disagrees with every single point I’ve raised. Even if I’ve made some ludicrous assertions, or some glaring errors, or just generally have not thought everything through quite as well as I thought.

I hope he can appreciate this for what it is: my own personal excursion of critical thought, and my own testing of limits and the status quo.

Continue Reading – [011] Conclusion

The post [010] Chapters 8 and 9 – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

For those who don’t already know, Ekman identified seven universal emotions, that all show in uncontrollable ‘micro-expressions’ (you can Google it, or check my Encyclopedia), namely Anger, Happiness, Sadness, Surprise, Fear, Disgust and Contempt.

If you want to learn anything about this subject matter (which I hope you would if you’ve considered buying the book I’m reviewing right now), then simply Google FACS (or buy Ekman’s ‘Emotions revealed‘) and use Ekman’s Micro-Expression Training Tool (METT). This is also the summary of this chapter.

Chapter 6: Understanding Nonverbal Displays of Comfort and Discomfort

Using what has been written earlier in the book and some snippets of new information, this chapter explains how to notice, analyze and utilize displays of comfort and discomfort.

(Except, not really. It tells us various signs of comfort and discomfort, and the fact that you should analyze them is implied in the subject matter. How? Granted, the chapter title never says it will train you in doing any of it, but then what is the point in reading it when other books_ do? _But there is hope! Chapter 9, ‘Non-Verbal Communication and the Social Engineer’ will surely fill out all these gaps, won’t it? Eh…)

New area: Neck and Face Pacifying. Strong indicators of discomfort. Watch for changes. Watch for tells. Find out why.

Another new area: Mouth Covers. Show of shock or surprise, strong indicator of discomfort. Watch for changes. Watch for tells. Find out why.

Another new area: Lips. Lips show signs of emotion. Can indicator discomfort or hesitation. Watch. Watch. Find.

Fourth area: Eye Blocking. Indicates sadness. Not going to bother with the rest.

Last area: Self-comforting and Head Tilts. See above.

This chapter was definitely more worthwhile than the others, if only because these area’s aren’t mentioned as often elsewhere as the others are, but they are still bits of information that are already known to must of us and didn’t need the amount of space they were given to be explained to newcomers.

Chapter 7: The Human Emotion Processor

This is the one. This is the chapter that made me doubt my own sanity – my own skillset, my entire opinion of this book and my entire opinion of myself. The reason for it was simple: This book had me hoping, against all odds and past experience, that it was going to be worthwhile – something extraordinary, something revolutionary, or at least something that showed why Christopher Hadnagy is the one that sets and raises the bar when it comes to detailing all facets of Social Engineering. And, this chapter seemed to be a turning point.

The obligatory ‘our brain is a computer’-metaphor was rhetorically satisfactory, and did what it set out to do without using up too much space and time. It is followed by some important (though not novel) things to remember and be aware of:

1. Our emotion affects our perception and reaction to a situation. Our emotions modulate our perceptions and affect memories as well, allowing them to trigger very strong reactions.

2. Emotion involves an appraisal process that occurs in our internal processors to create a response. For comparison, look at the oft-repeated adages ‘Things are what we make them.’ and ‘No one can hurt you without your consent.’

He moves on to the amygdala, where the key take-aways are that the 1) amygdala creates a response before we’re even consciously aware something happened, and 2) the amygdala requires only a single negative experience to decide that something is a threat.

He then raises the interesting notion that ‘there must be a way to hijack someone’s amygdala to create the emotional content that you want in there,‘ and with that, my heart started racing.

Perhaps irrationally, but I hadn’t been this enthused to read on and soak up information since I first read Daniel Wegner’s ‘Illusion of the Conscious Will,’ or Stuart Sutherland’s ‘Irrationality‘ (my own personal introduction into the amazing realm of psychology), or even Carnegie’s ‘How to Win Friends and Influence People.’ I was prepared to have my mind be blown, feel ten times smarter than I had been before, now aware of this amazing piece of knowledge that I had needed all along to transcend to a higher plane of being.

Contrary to what you might assume, I was not disappointed in that regard. Or in that regard, I should say.

Because my other belief was that this chapter would redeem the minimal quantity of compelling content the book had provided this far. That, needless to say, wasn’t the case.

You have to understand that it takes a very little to please me – I love learning things. If I can read a book and see even one thing in a completely new perspective, I’ll be left satisfied. Well, I did have a moment like that. It did please me, and it was little. One line, actually:

In this first section, we learn ‘Triggering, or hijacking, the emotional, empathetic, or social regions of the brain can shut down the person’s ability to think logically.’

A sort of an Emotional Human Buffer Overload, you could say. Had I not already heard of this? Of course I had. ‘Flipnosis‘ by Kevin Dutton makes mention of it, and in fact bases an entire book around the idea. But I had never thought that it could be applied so broadly – the endless new possibilities raced through my mind, and it left me manic and giddy like a child for the briefest moment.

All in all, it comes down to this: ‘Activate someone’s empathy centre. Activate their social centre. Activate their emotional centre. Use microexpressions or other means of non-verbal communications to do so. Exploit their moment of mental weakness.’

That is my personal summary, anyway. Now I’m left to ask myself the question: ‘Since you (the reader) now know this, if you didn’t already, what other things of note does the book provide? What makes it an essential book to have?’ I’ll answer that question in this review’s conclusion.

Moving on, we must remember that ‘The brain subconsciously recognizes nonverbal communications and then reacts.’

Then, ‘… our nonverbal communications play a major role in our reactions to a given situation,’ which is important to realize because:

1) ‘Learning to read other people’s nonverbal communication can help you understand their true intentions and motivations.’

2) Your own expression and non-verbals can give-away emotions your pretext doesn’t support, and controlling them is essential when trying to influence the other person emotionally.

3) When you’re aware of not just the emotional state of your pretext, and not just the emotional state of your target, but also the emotional state of the room you’re both in (the ‘atmosphere’), then you can set your own emotions to match and be more convincing as a result.

The rest is anecdote, which is actually something I wanted to touch on: Hadnagy’s anecdotes are, as always, an absolute pleasure to read. He really makes his own personal adventures come to life in our minds, and for that briefest of moments, we feel like the social engineer Hadnagy is — the one we all wish we could be.

However, there are simultaneously too few and too many anecdotes, and if I were to ask for more, I’d ask Hadnagy to write an autobiography, not an instructional book.

This chapter was by far the most interesting and stimulating one in the entire book. I have no real criticisms to levy at it, except for it being far too little of a good thing, and far too late.

Continue Reading – Chapters 8 and 9

The post [009] Chapters 5 through 7 – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

After a lengthy explanation that brings to attention the way hands not only communicate language, but also emotion, Hadnagy notes that people may sometimes subconsciously give away their own emotional state and discomfort (not necessarily because they’re lying, discomfort for any reason).

He hasn’t mentioned it quite yet, but he’s going to soon, and often, so I will here write down what we’ll call ‘The Golden Rule of Reading People:’ Just because you know what a person is feeling or thinking, does not necessarily mean you know why.

This is all-important, and pretty much the only reason for which I’d recommend buying this book without hesitation: to be continually reminded of it.

So: Write it down.

Whether someone is becoming uncomfortable when you ask them to clarify on a story element, or you see hints of anger come across their face when mentioning their deceased father, or when you see them playing with their jewelry (‘manipulating’ an object): You’ve established that the behavior has moved away from the base-line. Nothing more.

As Hadnagy mentioned in chapter one: hands display emotions by four means of communication: emblems, gestures, illustrators, and manipulators. (You can Google this.)

Next, he mentions how Ekman and Wallace developed a sytem of understanding this type of body language, comprised of these three parts: Origin, Coding, and Usage. (You can Google this.)

This entire next section is him explaining where those four means of communication originate and how they are used. While doing this, he further expands the topic with subdivisions and elaborates on more general definitions. The other important take-away is this: Different cultures have different usages for the same gestures.

I have to give credit where credit is due: though there are way too many images to illustrate very simple points, at least the illustrations here still provide a tangible benefit for the reader, allowing them to quickly internalize the information. It also provides the reader with a nice little confidence boost that may take shape in the forms ‘Cool, I already knew that one!’ and ‘I will definitely look out for those!’ (And then congratulating themselves whenever they manage to find a fitting example, even when analyzing a memory.) Even if Hadnagy isn’t quite yet instructing them to look for them, the reader is already priming himself for it at this point.

Off-topic:

Is that a strength of the book? Not really, no. Because what I just did is assuming at best – there could’ve been summaries, key take-aways and exercises to ensure the reader does internalize and apply the knowledge, yet they aren’t there.Since the book lacks any other clear aim, a training/instruction manual and accompanying template, or a text-book format, would’ve served the already limited and old content quite well.

This is a point I’ll make right now in general so I won’t have to reprise it at every point where it’s relevant: On a training course website, this content and set-up could’ve worked, but of course then the content would’ve been insufficient and incomplete at best. As a book, it is insufficient entirely. One could set you up to learn this entire book in less than half an hour, with a better retention rate, more practical usage advice, better analysis, and training resources that didn’t already exist prior to the site’s inception.

I’m flabbergasted that this doesn’t already exist – I am surprised that Hadnagy didn’t yet take the opportunity to make such a training website and make his SE.org Framework an understandable and intuitive learning experience. But I digress.

Back on topic:

The upcoming few sections are the ones with the set of images I described much earlier, at the start of this review. The first section here is about ‘High-confidence Hand Displays,’ which are steeples, thumb displays, ventral displays and genital displays. It makes some extra key points that I won’t all list, but one of them is using ‘open palms’ to seem open.

A quick tip: Roll up your sleeves, and wear V-Neck shirts or unbutton your blouse (no tie), if you want to seem open.

Another quick tip: Use gestures with open palms, having the effect of inviting in the person you’re talking to.

Then, there’s the Low-Confidence and Stress Hand Displays, which are ‘inverse’ thumb displays, hand wringing (a ‘manipulator’), and closed hands.

Next section before last comes down to: ‘Practice using and noticing these various forms of hand communication.‘ and ‘Perfect practice makes perfect.‘

His summary remarks that to get in-group, you have to use similar gestures to the ones that group or ‘tribe’ uses. Good point. It also remarks that you should probably practice these things ‘in the wild’ first, rather than going into an engagement looking for those things. That’s a fine point as well. Most importantly, it tells you to not look for individual instances, markers or ‘hot-spots,’ but rather to see how the base-lines change and then decipher these emotional changes.

Over-all, there was nothing in this chapter that most of you didn’t know already. (If you don’t know some of these things, use the keywords of this review to Google them, or check my ‘Recommended reading’ section later in the review.)

More than this, it doesn’t seem to be a very complete run-down of all the different aspects of hand communication and the presentations thereof, either. Though I understand that it would be impractical to list all of these in this chapter, as it would interrupt the flow and pacing of the book, nothing stopped them from adding them to the end of this otherwise pretty short book or linking a more complete list.

Chapter 4: The Torso, Legs, and Feet

We move on to the torso, legs and feet. They all have several crucial key-points, all leading back to the main focus of all of this: observing if there’s a change in comfort level, or base-line.

Example: Happy people generally stand on the balls of their feet, nervous people get jittery. If a happy person suddenly stops jumping for joy, or if a person suddenly starts twitching his leg when you mention his best friend, then you’ve hit a ‘hotspot.’ They’ve become discomforted (or the inverse), and now you can decipher why and use that knowledge.

Remember: A change in base-line only tells you that they’ve gone from feeling comfortable to feeling uncomfortable, or the other way around. It doesn’t tell you why.

Leg key points: Feet and legs point in the way a person wants to go, indicating his disinterest. Widening one’s stance indicates one might feel threatened and his trying to establish dominance. Crossing our legs can act as a non-verbal barrier for someone we don’t like.

I almost feel bad about listing these in such a way, as if I’m somehow plagiarizing Hadnagy’s work by doing so, but again, there’s really nothing in here that we don’t already know, and it could’ve been put in table or on a website with greater efficiency and effectiveness, respectively.

‘Torso and arms,’ the next section, contains probably the most useful non-verbal marker we can know, as social engineers and as people:

We tend to lean into things we like and away from things we don’t like. It shows where our real interests lie, including which people we feel most comfortable with/are most interested in.

And that was it, really. I will refrain from continually concluding with ‘nothing we don’t already know.’ When something novel arrives, I’ll tell you. Serviceable chapter, nothing that required a book, however.

Continue Reading – [009] Chapters 5 through 7

The post [008] Chapters 3 and 4 – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

‘Unmasking The Social Engineer‘ starts with a list of acknowledgements, coupled with an introduction. Now, this introduction gives us some insight into Hadnagy’s background and his motivation for writing this book. In it, he starts by asking us why we should care about nonverbal communication.

Well, anyone reading this review will know why he or she should care – because this is what we do. Any and all knowledge that enables us to engineer social situations effectively, defined as ‘actions that lead someone to take an action that may or may not be in their best interest‘, is knowledge we care about.

He asks us if we know what our ‘gut feeling’ is, and yes, we probably know intuition is a set of heuristics and value judgments (or ‘appraisals’) made subconsciously, based on past experiences.

He then remarks ‘No book has compiled all this research, and no book has shown you how to use these skills as a social engineer.‘ I partially disagree with the first, though not the second – however, ample websites (such as this sub) have shown people how to use these skills. These things have been compiled before, and worse than any of this: this book, as we will see, doesn’t do anything new or excel in any way regarding these topics.

In the next section, his relationship with Professor Ekman is then described, and it is part inspiring, and part sharing in Hadnagy’s joy. That is to say: I like it. He then proceeds to explain the contents of the book and how this book will be used.

All in all, a solid introduction, and Hadnagy comes over as very likable and earnestly humble — something I personally really appreciate.

Chapter One: What Is Nonverbal Communication?

Hadnagy starts with a brief explanation of what communication is (something covered more extensively in ‘Social Engineering: The Art Of Human Hacking‘. Then, he segues into nonverbal communication.

Curiously, when starting his preloading for this chapter, he asks why people are yawning or seeming otherwise uninterested during a hypothetical speech you’re giving, and answers the question of ‘Why?’ with ‘Because: nonverbal communication.’

Here, I have to ask ”Why’ what, Hadnagy?’ because he makes it seem as if the reason they’re uninterested is your failing nonverbal communication, not the reason why you, as the speaker, can notice them being bored. In that case, why didn’t he at some point in this book come back to that example and explain us how to engage a crowd with non-verbals? A minor and perhaps insignificant thing to point out, but it would have been fine for Hadnagy to use a different example that only made us imagine a single bored person. It just left me a bit confused as to his point, is all.

His eventual point of this section is that it is important to understand the extent and depth of the nonverbal communication and just how important it is.

Next, he lists seven different aspects of nonverbal communication: Kinesics (nonlinguistic body motions), proxemics, touch, eye contact, olfactics (smell), adornment, and facial expressions. He then, where needed, further subdivides these seven aspects into further areas. This entire section is completely functional, and it doesn’t seem like any examples here are filler – when condensed, I assume that it could be summarized into a table spanning about a page.

No information in this chapter will be novel to those who have ever read anything about nonverbal communciation, and followed news in that area (such as the readers of /r/SE). In total, it would take a few minutes to become aware and memorize this data.

His summary curiously doesn’t summarize the chapter, which is a trend in this book. So: In summary, there are seven different aspects of nonverbal communication. They have an incredibly large impact. A social engineer should know, notice and utilize them.

Chapter 2: What is Social Engineering?

As I said earlier, this is a recap of ‘Social Engineering: The Art of Human Hacking‘. It might as well not be here at all, unless this would be the first book for you to pick up on the subject. In which case, why not pick up ’Social Engineering: The Art of Human Hacking’?

Continue Reading – [008] Chapters 3 and 4

The post [007] Introduction and Chapters 1 and 2 – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

The meat of the book begins at p.5 and ends at p.211. This means it spans 212 pages of content so far. First, we remove chapter 2, as it is a summary of ‘Social Engineering: The Art of Human Hacking’. This leaves us with 212 – (51-25) = 186 pages of novel content.

The first chapter loses 3 pages in images and one blank page, for a total of 4. (The rest has already been removed by starting the count at p.5.)

The third chapter loses 4 pages at the start, 12 pages throughout. Fourth loses 11,3 pages. Chapter 5 loses 13,4, chapter 6 10.3, chapter 7 loses 5.3 (which just so happens to be the best chapter, go figure – 3.3 if you don’t count the first two pages that show ‘Part 3’of the book), chapter 8 loses 4.6, chapter 9 loses 4.8.

This brings us to a generous estimate of 186 – 69,8 = 116,2 pages of novel, written content. This figure excludes direct quotations, unelaborated paraphrasing of other books, and repetition of content. (Would be closer to 95, if I were to give an estimate.)

But more important than any of this is the figure of novel information and content that hasn’t been done better elsewhere, which brings us to a very generous, rounded-up total of 20 pages of worthwhile content for an amateur social engineer. (Less for those who’ve read any book on non-verbal communication or deception before.) This is less than 10,000 words at its low word/page count (~400), or less than the expected total length of this review.

You will see how I got to this number in the next section. For now, it is important to remember that every book will have a similarly low fraction of its complete content be novel, however, very few books of this caliber, and definitely those by writers the likes of Hadnagy, have such a low amount of over-all utility. (Read the conclusion for my thoughts on why.)

For contrast, compare to it to ‘Social Engineering: The Art of Human Hacking’, which had more than 200 pages of worthwhile content when it was released (and still around that very same number today), and consider that it had a lot more words per page (I’d say around 525, or 25%+ more), and we’re left to conclude that ‘Unmasking The Social Engineer’ wouldn’t have been more than two short chapters when added to ‘Social Engineering: The art of Human Hacking.’

Continue Reading – [007] Introduction and Chapters 1 and 2

The post [006] Page Count – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

– The first posited that they were clearly having an argument of some kind, and that the woman was frustrated with the conversation and ‘biting her tongue,’ so to speak.

– The second was that the girl had clearly done something wrong, and the man was being stern and disappointed, alternately with or without anger, and the girl was looking away innocently, as you would see an 8-year old in a TV-Sitcom do. (Note that I say ‘girl’ only because this is how they called her within that interpretation.)

– The third was that the woman was recalling some sort of happy memory and thinking of it fondly, after having been triggered to in some way by the conversation.

– The fourth was that the woman was recalling some sort of happy memory and thinking of it fondly, with the man just being an onlooker and having nothing to do with it. (And interpretations of what he is doing vary wildly.)

The first implies the woman is frustrated, the second the woman is dismissive of the man’s concerns, the third implies she is happy, and the fourth imagine she is both happy and not even interacting with the man. These are wildly different interpretations for what should be a pretty clear and concise training exercise.

Hadnagy surely knows that a 90 degree angle is a very safe angle for most people, even within personal or even intimate space – though, of course, this is less the case when there is eye-contact. On YouTube, Apollo Robbins gives a great explanation and demonstration of this. However, I don’t think his potentially not knowing this is the problem. Instead, what was probably glossed over is the fact that the reader makes his own interpretation of the _relevance_ of the angle, and does not necessarily know why they are in that angle in the first place.

Maybe Ben has just approached and is now standing there, frustrated or otherwise, waiting for Selena to stop day-dreaming and be given attention? This explains interpretations 3 and 4.

Maybe Ben is standing in that angle because he is frustrated with Selena, like in interpretations 1 and 2, but in a fifth possible interpretation, she might not even be aware he’s there, angry with her.

In that case, as I believe Hadnagy would agree, it would be entirely the wrong move to approach Selena at all, as you’ve just taken away the attention that Ben couldn’t get – what a horrible situation to be in!

So really, I don’t believe this should be a matter of interpretation, given Hadnagy states it is at least part science, and that is the problem with these ‘caricatures’ or ‘set-up’ photo’s – instead, use real photo’s and describe us the situation after we’ve tried to analyze it. That would’ve been vastly more effective, wouldn’t you agree?

To get back to my original point, analyzing just one situation with every possible interpretation would’ve been vastly preferable to meaninglessly glancing over several – because it would’ve illustrated the inherent flaws arising from lack of proper context and have shown the many ways to incorrectly assess both correctly and incorrectly observed data.

Interestingly, this is similar to what I’ve done here – rather than listing all the bad examples, I raised two examples and dissected them thoroughly. This gives the audience a clearer understanding of what is going on, without overloading them with examples that are meaningless to them, or at worst counterproductive and confusing. It’s an effective teaching method.

That is my first major complaint.

My second complaint has to do with the feeling it instills to a potential student of non-verbal communication within social engineering, which seems to be Hadnagy’s main demographic.

This only applies slightly to myself, and more so to the people I’ve polled, among which were some social workers, counsellors and psychology students. My question was: “If I hadn’t opened with the disclaimer that no answer is wrong, and instead this would’ve been part of an emotional recognition test, within either the learning part of a course of examination of that course, what would you be feeling right now?”

Unanimously, they came to conclusion that they would’ve felt either ‘betrayed’ (by the author), ‘indignant’ (for being told they’re wrong when they’re clearly right) or ‘stupid.’ The ‘stupid’ aspect, I can only assume, comes from the fact that even after relooking at the picture, it was difficult to find a way to rationalize ‘coming on strongly’ and ‘discomfort’ were the only explanation, let alone an intuitive one. This seems completely contrary to ‘Unmasking the Social Engineer’s’ aim to be a teaching tool.

One problem is that it (subconsciously) gives us the impression that either Hadnagy is unaware of simple things that we all should know, or that we’re idiots for not noticing such simple things – a feeling, I feel, that a lot less experienced people will have more, and they will be disappointed by themselves as a result. It leads us to feel dumb, not empowered or enlightened – and fools rather than students.

Of course, I don’t agree that feeling ‘indignant’ here is the intended or expected response, mostly because Hadnagy never tells them anything even remotely capable of making us feel that way, but to reprise an old point: “It doesn’t matter what you say – people will remember how it made them feel.”

My suggestion: either be general enough to not have such obvious exceptions, or be specific when using these examples. Again, a short disclaimer could have fixed this problem, and helped ease the reader.

Maybe they used hyperbolic naming for emotions that are not quite so pronounced, but reasonably, they should not be there at all.

Before I conclude this point, my samples also thought the p.69 image didn’t at all show a “perfect example of a confident man” – but a creepy, weird, ‘downy’ man instead. I can only assume this is due to the awkward angle, or perhaps a quality of the lens. The image is entirely unsettling, and I can’t for the life of me imagine Ekman and Kelly both not realizing this.

Perhaps it’s because they are too busy finding what they know is there, rather than seeing the image, and the book as a whole, as a novel situation from the perspective of the reader – which is a thing everyone does, and three legends are no exception.

Continue Reading – [006] Page Count

The post [005] Four of a Different Kind – Unmasking the Social Engineer appeared first on Social Engineering Blogs.

“She looks away with a look of longing (drifting eyes, a ‘genuine’ smile), so she probably was either elicited to recall a pleasant memory or sharing that memory with the man standing next to her before drifting off. Her head is tilted, which again makes me feel like she is highly entranced by that memory. She is manipulating her wrist, but that could have significance in respect to the memory – pacifying herself, meaning whatever she is thinking of comforts her.

“The man is looking at her with particular interest, and his posture is upright, so he is clearly comfortable in the situation, as is she. He stands in genital framing, at an unintrusive 90 degree angle. The significance of this would probably be better understood after invading this conversation (if it even is one – it is not immediately clear, and it could just be that the man fancies this girl).”

In retrospect, this seems completely plausible and vastly more apparent than the conclusion Hadnagy draws from this and tries to convince us is evident. More specifically, he states ‘Did you notice that Ben is trying to assert his dominance?’ which I don’t agree he necessarily is, mostly because of the angle and the way that Selena seems content with the situation, and ‘She doesn’t look too comfortable with his approach, does she?’ which I’d say she does, and I wouldn’t even necessarily agree it is an approach.

The point is not that I’m right and he’s wrong, or vice versa, the point is that it isn’t clear at all who is right, and why. This is more interpretation than observation.

To illustrate and support my proposition that this is more than just a tangential affair, and rather a fundamental problem, I went out (as I was writing this part of the review) and polled people on what they thought was going on in this image, in particular what emotions they thought the two subjects (Ben and Selena) were feeling. Furthermore, they read none of the text, nor did I brief them, instead debriefing them on the contents of the book and what I was hoping to demonstrate afterwards.

Before we get into their interpretations, I’ll start by saying we saw three big issues show up:

First, the resolution of the images is obviously problematic. It is not clear whether the man is frowning with his left eye (since the skin under the eye seems raised), and this means that it’s unclear what his intentions and emotional state are. (I’ll get back to this in a bit.) This is clearly a limitation of low-resolution black-and-white pictures.

Second, the intentionally acted set-up (for clarity, I presume) actually makes it a lot harder to determine what is going on, because there are certain natural clues that are completely missing. You can tell Ben to act confident, and Selena to act discomforted, but without context it is very difficult to get anything meaningful from this display. If you wanted to know if Selena were truly discomforted, you’d have to talk to them first, which creates a situation where analyzing the situation pre-hand is not relevant anymore.

Third, all of the cues can be explained differently, and it became more a matter of consensus than analysis, more vague than concrete. Upon comparing each raised possibility, all participants agreed that they were all likely – so much so, that they could no longer confidently support their own initial interpretation, even though I made no personal attempts to dissuade them. In fact, when asking groups for their member’s individual opinions, which could be quite different, none seemed to challenge the others’ opinions in the slightest, even if their own opinions were different.

This type of ambiguity in an example exercise is inexcusable.

Note, I might be a skilled persuader, but I did not attempt to persuade them into anything but their cooperation with my poll. In fact, I merely asked them to give feedback on certain other interpretations far after they had completed my request and discussed it amongst themselves. I did not serve as an intermediary in their discussion in any way.

Continue Reading – [005] Four of a Different Kind

The post [004] Interpreting the Evidence – Unmasking the Social Engineer appeared first on Social Engineering Blogs.