My social engineering task was to find out what King Blue does on Thursday at 12 noon, which I took to mean where he would he be, and what would he be doing.
The fastest way to determine this is to merely log into his school account and take a look at his class schedule, but doing this would have violated school policy, and violated both state and federal law. While it is unlikely that such a misuse of his student account to determine his class schedule would be detected, I did not wish to violate school policy or violate any laws. I also felt that it would be a bad moral practice to access another persons account, even if it were legal to do so. Thus, I viewed the access as violating school policy, violating state and federal laws, and also to violate my own moral code, so I did not use this method.
Another tactic would have been to use an common device that would briefly jam the cell phones in the classroom, and then purport to be a cellular carrier to collect the electronic serial numbers of all the cell phones in the classroom, then to stake out the home of King Blue and repeat this jamming/spoofing activity, as this would allow me to isolate a series of serial numbers of devices active both in the classroom and their home (at 2 or 3 AM). Then through their cell phone carrier track them by pinging their cellphone to determine distance from three cell phone base stations, and/or remotely turn on a mode on their phone that would return the GPS location of the phone, and provide data as to movements and position just prior to 12 noon on Thursday, or any other position. But as I know that this form of manipulation is legally prohibited (and against school policy), I did not resort to this or any related method.
As I am close associated with other Cyberoperatons folks in the employ of the U.S., NZ, AUS, Canadian and British governments, I need only to use a burner phone to text one message the UK and ask for a "geofence" around the school the position of my burner phone, to be sent back an Excell spreadsheet with all cell phones on campus and their position in relationship to my phone. This method would not actually be illegal, but the morality of such an action is questionable, and not something I wish to engage in unless it is in response to a legitimate exigent emergency. Even though the government call unlawfully tamper with the phone(s) in question, and that there is no oversite of such activities, I did not feel that it was moral to engage in such access, as it would be morally repugnant to do so.
I did not perform any electric access to either the targets phone, nor their accounts to determine where they would be at the designated time, even though it is technical possible to do so, but not legal, or moral to do so.
I could have also called their cell phone with a ruse of vehicle damage, or a found textbook, but this would constitute fraud by wire, and would be a criminal action, which I will not engage in.
If I knew where the target would be at a certain time on a certain day of week, there is a wide range of misfortune that could be applied at that time, and at location, and very evil deeds could be caused to fester and visit this person at that time. Fortunately, they are in no danger of either evil or non-evil deeds originating from my hands.
I failed on the social engineering aspect, but did score points in moral reasoning.
LOL. True. No credit.
ReplyDeleteLOL. True. No credit.
ReplyDelete