Kalimat al-Mutafalsif

You know what happens when you assume, right? Maybe you do, maybe you don't. I've spent the day musing over various assumptions, how I've used them, and how they can be used, and I think its something everyone should know.

As a broad overview I'll go over the different types of assumptions, as I see them. Then talk about how the fit into hacking, and finally examples from my life that back this up.

Safe Assumptions
What do you think when you see a pretty girl with a ring on her left ring finger? She's married.
How does the assumption change if its a diamond on a silver band, versus a plain gold band? She's only engaged.
Two people holding hands somewhere? They must be dating.

Are the above always true? No. I have friends that wear rings on that finger, who are single. I know others who just like to hold something, so holding hands or linking arms means nothing to them. In the Middle East it is quite common for close male friends to hold hands. Doesn't mean they're dating, just they're close friends.

I'm calling these "safe assumptions" however, because you're almost always going to be right.

Weaker Assumptions
Now, for a weaker assumption, lets use context. I see a person, early 20s on a college campus.

How would they consider themselves politically? Good guess, would be liberal.
What year are they? If near dorms, guess underclassman, if near off campus living, guess upperclassman.
Dressed really fancy? If there's no obvious parties going on, I'd guess in their final year, and going to a job interview.

Poor Assumptions
These are the basis of more hacks and cracks then anything else. I speak, of course, of the buffer overflow, where a programmer assumed "That could never happen", "Who would input that", or "Why would someone try that?!"

These are really, really bad, as assuming someone won't try something, or something won't happen is begging for something bad to happen if it does.

Hacking
Some, especially the political, of the above assumptions people will jump on me for. "You can't assume that!" or "How do you know that's true?!" Answer is, I don't, I assume it to be true. And that's where, with a little luck, this plays into hacking. By hacking, I should clarify that I mean both cracking other systems, as well as social engineering.

So, how can assuming something to be true, versus knowing its truth value, help you? Let me go back to my basic assumptions. You see a young woman, she has a gold band on her finger. I could tell her I know her husband. She'll think "I never told him I have a husband" and might believe you. She wouldn't stop to think she's telling the world she has one. I do say young here, because the two ways this breaks down is if the husband has already died, or she's married to a woman. Can't do anything about the latter, but unless it was an accident, if she's young the husband will still be alive.

So who cares if I can guess she has a husband? I could pose as someone who knows him, if I wanted to kidnap her (notice how big of a problem this is in other places of the world, and a DEFINATE source of money). Or, perhaps, I just want to make myself seem friendly so that she'll listen to a sales pitch.

Ok, I might be stretching that one. But here's a way it pertains to hacking. If you buy a Linksys router the default wireless ESSID is linksys. The default login is admin:admin. Unless you know to change that those values stay forever. So, one might work at Best Buy, and note who buys linksys routers. You could also just go war driving for "linksys" access points, but that doesn't help my argument. Find people with a linksys router, you can assume the default login is still good if they've not changed the ESSID. Login to the router, and do whatever you want. I'd recomend DNS pharming them just because its a trick I came up with (attacking DNS settings on wifinetworks for the purpose of farming).

better, its a safe bet that a new Windows machine is not setup to prevent access physically. By default there's no login manager, so if you notice Dell boxes outside of a company, you might be able to walk up, and login to the new system. Throw an admin account on there, hide it, and walk out.

But, I want to stay mainly with social engineerring. So here's how I use it

My Games
I love games. I also love hacking. So i combine them to make my life one gigantic war game of hacking. Social, computer, whatever. I keep it legal, mostly, and only go so far... not over the line.

To that end, my goal is always to make as many "safe" assumptions as possible. This is almost never possible, as whenever I run an "op" on someone, by which i mean guessing as much about their life as possible or hacking in some other way, I almost never know them ahead of time. That's where context comes in. You may notice under "Weaker" assumptions I give context. I do that because without context, guessing a random person's political afifliation is neigh impossible. However, adding in that most young people are liberal, as well as most college campuses voted democratically in the last election (check for yourself), it becomes almost a safe bet a college student would consider themselves liberal. It is also important how you phrase this. Note that I did not say "Is liberal", I said "consider themselves liberal". Because most are also going to care what their peers think, they won't say "conservative" because they're afraid people will associate htem with the present administration. So here, how you pose the assumption is also quite important.

So, I opened a bank account recently. I didn't much like the service I was given. So, instead of being my normal polite self I only spoke when I abslutely had to, and spent the rest of the time analyzing the lady who was making the account. I'd say she had one kid, middle school aged, and a husband that worked. I made this assumption because she had kids artowrk in teh walls, and someone called to tell her they were home. For a more detailed analysis of how I came to the conclusion, feel free to get in touch with me, but take my word for it they were really safe assumptions.

This is just a broad overview of what I've been thinking about today, and as always is designed to make you think about it and come to your own conclusions. I'd welcome comments expanding on this, as I've just begun to think about it today.