HoneyDocs – A Year Long Social Engineering Gig

October proved to deliver a substantial Social Engineering trick to former users of the file-sharing site Uploader Talk. The former operator, known only as WDF, posted an announcement last week boasting that the site had been operating as a trap for information collection in affiliation with anti-piracy groups. He was quoted as saying, “I built a history, got the trust of some very important people in the warez scene, collecting information and data all the time.” – WDF

ENTER THE HONEYPOT

Such sites are referred to as “honeypots” and are designed to encourage criminal social engineering behavior. These schemes have been used successfully before and offline variations are often employed to help curb car theft.

Falling victim to the false comfort of a tribe mentality, the users of Uploader Talk supposedly acted in an environment where everyone engaged in and believed in a shared illicit behavior. Considering the impersonal nature of the Internet, it isn’t difficult to understand how easily someone could find themselves exposed amongst supposed comrades.

In addition to tribe mentality, there are a number of concepts at play here; social proof, assumed knowledge, validation, mutual interests, probably some reciprocity. The great thing about knowing more about how humans make decisions and operate in their environments is that you start to see these applications in the most simple and daily situations.

EDUCATE / ACTION / PROTECTION

Our mantra here is to base your social engineering protection and action around education.  If you are aware of the dangers, threats, and attacks that are occurring, you can help yourself, your families and your companies stay secure.

In attacks like these, critical thinking skills and keeping your employees off of websites like this while on the corporate network can go a long way in protecting your company from attack.  As WDF bragged, “I have collected information on many of you.”

Till next time, stay secure.