Know Thy On-line Enemy
Why I Use Social Engineering When I Present
I love interacting and presenting to tweens, teens and young adults, and have done so for the past 20 years specific to the areas of both on-line and off-line safety. One of the key elements that makes my presentations so different from others; at times I present from the “criminal” or “threat” perspective in an age appropriate manner. If you understand how and why the on-line or off-line threat will target their prey, and apply counter tactics to their crime cycle, then you will likely not be targeted. Peer review research has shown that “experiential” learning/training, rather than rote or didactic learning/training, has a stronger impact on participants at an emotional, psychological and even physical level that can expedite positive behavioral change.
As a parent, on-line safety advocate, serving law enforcement officer (26 years so far), and a student of martial arts and combatives, I have made the study of strategy and tactics, specific to understanding a threat, a professional life long endeavor. An ancient asian warrior by the name of Sun Tzu stated, “If you know the enemy and know yourself you need not fear the results”. Many who use the Internet and Social Media, although they “may” know themselves, “may” not necessarily know the enemy and their often used tactic of “social engineering”, also known as human hacking, specific to the on-line grooming process. On-line trust and rapport are key when it comes to stealing information, criminalization or even the sexual predation of an identified target. The weakest link, when it comes to on-line security and safety, is always going to be the human link, no matter what one’s privacy settings, and those wishing to prey upon others will exploit this reality to its fullest.
A part of what I do before I present our Internet and Social Media safety program at a Jr or Sr Secondary School, is to see how many students will invite me in believing that I too am a student of their age who has similar on-line and off-line interests. By utilizing nothing more than a believable “pretext”, once a request for friending has been sent, more often than not students will accept the request and thus friend or follow me. Once friended, I then have access to all their information, no matter what their privacy settings, which could then be exploited.
When I first started presenting our Internet and Social Media safety programs, we did not engage in the above noted process, but rather we tried to explain it to our audiences. Teens being teens; they would just blow off this information believing that such a thing would and could never happen to them given that they were very internet savvy. It was not until some students approached me with a challenge, they bet me that I could not convince them that I was someone else on-line prior to presenting at their school. That student challenge germinated the idea.
Seeing an opportunity to effect a positive change in beliefs and on-line behavior specific to this issue, I began my work to create a convincing “pretext”, which in the end had all of these students inviting me in as a friend believing that I was in fact a teen. When I then presented at their school, the word quickly spread about what I had done, which created a “light bulb” or “jack in the box” moment for all the students in the presentation…..“if it could happen to my fellow classmates, people who I know, then it could happen to me too.” The entire student audience was now glued to my every word. For the students who invited me in, it was a good example of safe experiential learning at its best. For all the other students listening, it allowed me to now connect with them at an emotional, psychological and physical level. It was now “real” to the entire student audience given that their classmates had been socially engineered.
The goal here is not to peer embarrass students, in fact when we present, we never publicly “out” or “shame” those students who invite us in as a friend believing that we are a teen. We do however, provide examples of what we did and how we did it using other students in the Province who have given us permission to do so, but even then, we protect their identities. We then provide real world examples of how students across Canada have been targeted and victimized using this social engineering process. As an example, just recently B.C. School District 42, in cooperation with the RCMP, publicly released this warning to parents: http://www.sd42.ca/rcmp-alert
I have had some who believe that utilizing this teaching technique with students is wrong, and has no place in on-line safety learning. I have however, had many many more people, including principals, counsellors, parents, child psychologists, law enforcement and more importantly the students themselves, share with me how positively impactful this teaching strategy is to changing less than desirable on-line behaviour. My use of this teaching strategy, “specific” to helping students to truly understand the threat of what social engineering is and how the on-line predator will use it to their advantage, is what drives what I do and how I do it. “If you know the enemy and know yourself you need not fear the results”. Once again, context is everything.
Cerebral Food For Thought
The Digital Sheepdog