Final Social Engineering Task

1.         I decided to do a task where I will “get home address and date of birth of a fellow player and deliver some token gift (flower/chocolates)”.

2.         I chose CricketLime as my target and started to add people linked to her Facebook account to get more information about her. So far, to accomplish various social engineering tasks, I had to create a more than a couple of fake social networking accounts and connect to unknown people. I have done online and offline research about people and tracked them down. I am keeping my social networking sites active even after completing particular tasks associated with that. I kept adding unknown/ people around our fellow players on that fake Facebook account.  I am not thrilled about going after another player but this one, I felt like is due because she targeted me during first couple of tasks. I wanted that in a positive way though. To begin with, I managed to add some people connected to her on my fake Facebook account. After couple of weeks of setup, finally I sent her request to access her account. She never responded back, probably too alert about this Social Engineering game and I was required to reveal my task in our class. However after going through numerous profile and timeline postings of our common contacts, I was able to determine her birthday with some additional effort. Her LinkedIn account was also kind of helpful to cross check that. Her address finding wasn’t that hard because I knew people surrounding her that popped up in various people search websites like anywho.com, spokeo.com, pipl.com. When I got all the necessary information I needed, I headed to her home to deliver birthday token gift bag with chocolates (even though we are not there yet - too early celebration!!!) for her.  I reached there and quickly left that gift bag on her front door with a note on it and returned back. Task completed and I’m just glad I made it. 

3.         My strategy was well planned, sound and thoughtful. I carefully prepared for this task and tried to apply whatever I used, learned throughout the course. I knew it’s going to be hard for me to get necessary information from her but I guess all the people surrounding her aren’t aware about these games. I chose somewhat familiar background for my virtual Facebook persona so that I could easily get connected to her and people around her; that paid off.

4.         It involved some moral stakes, even though I didn’t intend any harm, I had to surf through her various online social profiles and people around her. I did extensive online research on her which wasn’t that cool.

5.         Acquiring address and date of birth is really a serious thing, we can achieve so many things with name, address and date of birth. If somehow that could involve social security number that’s it... Then anybody will be able to create a whole other persona, get credit cards and do so many not so good stuffs with that persona. We need to be alert to protect our privacy and at the same time educate people around us about the importance of information security.

6.         Doing this I really felt good, I just felt like a lot has changed since the day I attended our first class of this Ethical Hacking. At that time, I didn’t like this game and the way it was being conducted (kind of spying and deceiving each other). After being part of last 9 tasks and other additional sessions, I felt comfortable. Not because I wanted to harm anybody or revenge like that but being involved and thinking about task from various different angle and perspective. I am really happy now because there are no more social Engineering tasks left for this course and we could get along with fellow classmates without worrying about targeting/deceiving each other… cheers!!!