Psychological subversion

Psychological subversion (PsychSub) is the name given by Susan Headley to a method of verbally manipulating people for information. It is similar in practice to so-called social engineering and pretexting, but has a more military focus to it. It was developed by Headley as an extension of knowledge she gained during hacking sessions with notorious early computer network hackers like Kevin Mitnick and Lewis de Payne.

Usage example

Headley often gave the following example[1] of the use of psychological subversion: Suppose the hacker needed access to a certain classified military computer called, say, IBAS. He would obtain the name of the base commander or other high-ranking official, gain access to the DNS network, (which is the separate military telephone network) and dial up the computer center he needed to reach, which was often in a secured facility. The person who answered the phone would usually be a low-ranking enlisted person, and the hacker would say something like, "This is Lieutenant Johanson, and General Robertson cannot access his IBAS account, and he'd like to know WHY?" This is all said in a very threatening tone of voice, clearly implying that if the general can't get into his account right away, there will be severe negative repercussions, most likely targeting the hapless person who answered the phone.

The hacker has the subject off guard and very defensive, wanting nothing more than to appease the irritated general as quickly as possible. The hacker then goes silent, giving the victim ample time to stammer into the phone and build up his fear level, while listening for clues from the victim as to how best to proceed. Eventually, the hacker suggests that the tech create a temporary account for the general, or change the general's password to that of the hacker's choice.

The hacker would then have gained access to a classified military computer. It is important to note that this technique would not work any more, in no small part thanks to Headley's teaching of the military agencies about such methods during the 1980s.

Scientific methodology

While pretexting methods and so-called social engineering are based on on-the-fly adaptations during a phone call made to the victim with very little pre-planning or forethought, the practice of PsychSub is based on the principles of NLP and practical psychology. The goal of the hacker or attacker who is using PsychSub is generally more complex and involves preparation, analysis of the situation, and careful thought about what exact words to use and the tone of voice in which to use them.

Classified thesis

Headley's thesis entitled "The Psychological Subversion of Trusted Systems" was classified by the DOD in 1984 and so far has not seen the light of day. As a result, further information about PsychSub is generally unavailable outside of Headley's own seminars on the subject during the 1980s at CIA technology and spycraft-type seminars such as Surveillance Expo.

References

  1. DEF CON III Archives

(1) Headley's talk at a hacker convention in Las Vegas

This article is issued from Wikipedia - version of the Friday, March 28, 2014. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.