Hacking Humans

May 05, 2020

What does "hacking humans" even mean? To put it simply, social engineering, or using verbal judo as Logan likes to call it, to get something you want or need. Now, this sounds bad, but it isn't always supposed to be nefarious or malicious. Sure, people have taken it that direction, but social engineering has been around for as long as humans have been around. Probably even longer.

As Logan talks about this week on Tear Lines, (found on all major podcast providers like Spotify and Apple Podcast), think about babies. They cry. A lot. Or so it seems, I don't actually have kids. But they use crying to get what they want. Are they hungry, do they need a diaper change, do they just need to be held? Eventually, parents figure out this language of crying and what different cries mean, but it's all the baby knows how to get what it want. They can't talk, they can't verbalize, they can't point. It's social engineering at its most simple execution. Or think about our furry four legged friends, our dogs. How do I know when my dog wants to go on a walk? He walks downstairs to the front door. Can he tell me? Absolutely not. But he's darn cute and can find other ways to get around the language barrier to get what he wants.

I know I usually only talk about the cyber side, but bear with me here because this still has everything to do with cybersecurity and how we can better secure ourselves. And we're talking about it on the podcast this week as well.

So who actually hacks humans? Well, everyone, whether they realize they're doing it or not. And we've been doing it since the dawn of time.

What is human hacking? Well, I went into that a little above, but the dictionary definition of social engineering is "the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes".

Where do we see it? Literally everywhere.

When is it used? All the time.

Why is it used? This is a complicated question with a complicated answer. Long answer short - for assorted reasons from a person's social standing to nefarious acts of espionage.

How? Let's talk about that next.

If you listened to the podcast this week, Logan tells us about the two oldest professions: prostitution and espionage. Think these professions require a bit of human hacking to be successful maybe?

In a 2013 article in Studies in Intelligence, author Randy Burkett describes two frameworks for agent recruitment: MICE and RASCLS. We're not going to get into agent recruitment here, but we can apply these to hacking humans in our everyday lives.

So what is MICE?

MICE breaks down human interactions at its most basic level, but one criticism of it is its inability to capture the complexities of human motivation. Which is where RASCLS come in.

RASCLS comes in from Cialdini's book The Psychology of Persuasion. Burkett describes understanding the importance of the RASCLS principles by understanding how humans have developed shortcuts to function in a world full of sights, sounds, and other stimuli flooding human senses. Human beings are under a constant barrage of bits and bytes all day, every day. But humans are also adept at evolving and adapting to the world around them.

But, one thing I've learned during this pandemic and my hours on a simulation racing rig is how unpredictable people are. This does not just involve online racing, but in most everything humans do. So you might expect a person to behave in a certain way, but they won't necessarily do that. Understand MICE and RASCLS an how you can use these concepts in your everyday lives, in the checkout line, at the airport, with your family.

In the end, no matter which way you look at it, people just want to be liked, they want to have a purpose.

Look at it as a ROGUE - recognize, orient, gauge, understand, execute. And if you missed this week's podcast, listen to it here. We ask for folks to apply these principles in their lives - what are you going to try?