The Power Of The Uniform in Social Engineering

The power and allure of a uniform is ancient and often used by social engineers. Official garb is an instrument of power and might as well as authority and specialty. In many instances, it conveys safety and security; and in this way, it can be easily transformed into an instrument of influence. On page 201 of Chris Hadnagy’s Social Engineering: The Art of Human Hacking he writes “If you comply with authorities mindlessly, you may respond to symbols of authority rather than to reality.”

In May, three men posed as police officers in uniform to rob a Miramar, Fla. man in his home. After knocking on the door and identifying themselves as police, the thieves forced themselves into the home as the victim opened the door. The impersonators made off with weapons, cash, and other items after beating the homeowner.

In April, a Seattle criminal wearing a dark blouse similar to hospital staff scrubs, black business slacks, and black shoes that resembled staff dress, attempted to steal pain medication from patients’ analgesia pumps. Witnesses told authorities she carried herself with authority and acted as if she belonged there. She made off with a small amount of pain medication and damaged several pumps.

A U.K. man, Alexander Wright, was recently convicted for posing as a police officer and robbing elderly homeowners after purchasing official-looking garb as well as wearing a fake earpiece, walkie-talkie, and badge that read “police.” Wright would knock on the victims’ doors stating that he was investigating burglaries and needed to check their homes. A victim reported that he would speak into his fake earpiece so it would appear he was in contact with a police control room.

Over twenty years ago in Boston, two thieves in police uniforms flashed fake badges and made their way into the Isabella Stewart Gardner Museum. They then tied up security guards and disabled security cameras before making off with $500 million dollars worth of valuable art. They did not hide their faces and made two trips to their car to load the pieces for transport.

Operation Stone was a Czechoslovakian program in the late 1940s and early 1950s designed to lure Czech immigrants fleeing to West Germany into a false sense of security by employing American flags and uniforms and Czech secret police posing as American soldiers. The Czech civilians seeking asylum in the west were ushered into sites that were set up inside the Czech border but outfitted to appear as American border posts. They were then asked to give up their contacts in-country to soldiers that were seemingly American before being arrested.

In some instances, even the promise of symbolic authority is enough to draw people in. A Santa Clarita man recently told at least one woman that he worked for the government and the military in the special forces to make himself seem more desirable and gain trust through a popular dating website. He was arrested for grand theft and burglary after stealing credit card information to purchase items.

These are just a few of many examples where the illusion of authority and public service allows people with ulterior motives access to people and places that may not have normally been available. It is useful for both the white-hat social engineer and the everyday citizen to pay attention to these cautionary tales for service, education, and safety. Don’t make assumptions about a stranger’s identity simply based on the symbols of authority they may carry, and that includes a uniform.

Stories like these, and the many more that pop up every day, are the reasons why we include this topic in our 4-Day Social Engineering Course.