Hi there my name is Chris Hadnagy. I am the Chief Human Hacker for Social-Engineer, LLC a company devoted to helping large organizations stay safe from malicious hackers. I am also the CEO of The Innocent Lives Foundation, and organization devoted...

What are the best ways that parents can protect their children from predators and still allow them to use social media?

ohhhh u/R0u53_ this is a wonderful question.

There are a few steps.

1. First and foremost - talk to your kids. Explain to them in age appropriate conversation, the dangers out there and help them to see how you want to help them
2. Ensure them they will have freedom and privacy, as they need that.
3. Then monitor them openly. A parent would never give their child the keys to a car and say "teach yourself to drive" so you can't hand them a phone and say "Stay safe online". Get involved, stay involved and you may keep them safe.

There are a lot of apps you can use to monitor your kids and help them stay safe.

Hello and thank you. What are the most common tactics used by social hackers to reach their goal ?

u/IZiOstra nice question! Phishing the biggest risk right now, then vishing (voice phishing). They are using social media to get details on you and breach data, then using those details to attack. It is a scary world out there right now.

Chris

With the current Covid crisis, have you seen an increase of malicious attacks such as the two you cited ?

u/IZiOstra another great one. So COVID has opened the attacker surface to astronomical proportions. Think of this- when tsunami's hit Japan, or the earthquake in Haiti, etc, attackers used those event to try and hack localized targets. Japanese people or those who have family.

COVID is effecting the world. So here in USA we are seeing unemployment scams, work from home scams, see who has covid scams and across the globe government assistance scams are growing in number.

Covid has made it easier for people to fall victim to these attacks.

Chris

Yeah that was my understanding. With company’s leadership teams being home and feeling safe in there I guess it has been easier for attackers to bypass VIPs assistants and get sensitive information. Thank you for your time. Cheers.

100% true. Sad but true.

Cheers!!

Chris

Are you one of those guys in the UK that catches paedophiles trying to meet children online? Those videos are great.

Hi there u/mbt20 - I am in the USA and we do catch pedophiles but we follow strict rules in doing so. We do not make believe we are a 13 year old child to entrap them - we try and locate them using open source resources and find out who they are. If we interact it is with those who have already committed a crime not trying to entice them to commit a crime.

Either way our goal is to stop them from hurting children and spreading child abuse material.

Chris

Hi Chris,

In the era of social media, do you find it easier to conduct social engineering than in the past? What are some of your favorite methods to gain a persons trust for human hacking?

This is an interesting question u/Security_Chief_Odo

In some cases it is easier and in others it is not. For instance, thanks to the media there is more chatter about phishing, vishing, SMiShing and impersonation. So people know more about these attacks which makes it harder.

but on the other side of that coin is that people are working more hours and more jobs than ever before. That busy lifestyle, mixed with the disconnection of our society thanks to social media makes people less aware of nonverbals, less aware of their surroundings and less aware of potential danger - and that all makes it easier.

So the answer really is yes and no - it just depends on the type of attack and the skill of the attacker.

Chris

Do you use any machine learning / artificial intelligence tools to help you with SE engagements or discovering predators? Or, forbid it, people who put pineapple on pizza?

u/Levitannin we have created technology to hunt pineapple pizza eaters. It is pretty bad to be honest.

Kidding.

We do not use machine learning or AI for predator hunting. Mainly because of what we are doing - we find people who have already committed crimes against children and then we unmask them when they try to hide online and that is all manual work.

We do use some tools in the SE side, but mostly it is a very human centric work.

Chris

In your opinion, does the cybersecurity industry as a whole do enough to adequately handle social engineering threats to security? If not, then what kind of changes should be considered to better protect people?

u/Digbyte WOW such an amazing question at the very end.

No we do not. So there are a few problems. One is that SE is easy to get into but hard to master. Since there is no defacto way of authenticating someone is qualified we have a lot of different methodologies that are being used.

The focus in SE is on the SE not on the client and education. It seems lot of people are in this because it is fun and cool not about educating the end user.

In addition, very few SE's take the time to educate themselves on psychology and other aspects of human behavior that can help them to be better at their job.

There is a lot more we need to do and must do in order to help. This is a great topic.

What would you most like to tell us that no one ever asks about?

Ha u/Chtorrr what do you want to know?

Assuming your line of work puts you face to face with some of the worst images humanity can generate, how do you compartmentalize some of what you may encounter (child pornography) from your day to day life?

u/eveningsand this is such a profound question - thank you for this.

So there are a few things we do collectively, then i can tell you what I do.

As an org the first person we "hired" was a therapist to manage wellness for all volunteers. Then we mandate that every volunteer must see her at least 1x per month. More if needed. This ensures everyone is staying mentally safe.

Now that is all well and good but it doesn't mean you don't get affected. So we created a tool that blurs all images and videos so the researcher does not have to deal with the images. With that said, reading what these people say about children is often times worse. So for me I do a few things:

1. I make sure i spend tons of time with my family
2. I remind myself of the mission importance and how we are helping save kids
3. I ensure i spend time away from the work so that is not all i think about

Even with all of this there is no way to fully stop these things from being in your brain.

It is not something everyone can do so it takes a strong person to know you cannot handle it. Thank you for asking this question.

Chris

Do you do any online SE engagements -- not vishing or phishing but interacting with targets in forums/chatrooms or on social media in order to gather information about malicious activity or to infiltrate a malicious community?

u/Levitannin YES! We have done a number of chat SE engagements as well as tech support lines online. We do a ton of social media OSINT and interaction too.

When it comes to predator hunting - yes all of it is online forums and chats to infiltrate those communities. That is basically the way the work is done.

Chris

Thank you, Reddit! I hope you enjoyed this AMA as much as I did. If you have more questions, please direct message us at u/SocialEngineerLLC on Instagram, u/humanhacker on Twitter. Thank you!!

Time is up! Thanks!

What’s the stupidest way you’ve seen a social engineer blow an assignment, maybe an early lesson from one of your own failures?

u/mpcampbell i have so many failures its not even funny. HA. Ok so let me think of one in particular.

Well there was this one time i was going to try and get info from a target but I approached him too aggressively and i startled him badly. He literally fell back in his seat and the chair tipped over. Out of fear he was hurt i ran around to lift his chair and ended up putting too much force and flung him face first into the floor and another seat.

He thought i was beating him up and started yelling and a bunch of people ran to his aid. regardless I failed really bad on that one.

I let excitement and nerves get the best of me.

LOL

Chris

What are you thinking about the future of social engineering? Do you think, it becomes easier or harder in times of digitization? And are there some „101“ for learning SE? Thanks for the answer ahead!

I think attacking is much easier now, protection is harder. We have lost good communications and live in a world that is online.

Do you prefer pizza with pineapple on top OR circular slices of pineapple topped like pizza?

Pineapple does not belong on pizza. Pineapple is a great fruit but it doesn't belong anywhere near a pizza, it is a cardinal sin. I do not endorse the ruining of innocent and good pizza with such a thing.

Pineapple is the perfect fruit and compliments pizza perfectly. It is the sweet to the savory of the rest of the pie. This is not debatable and, I have even had pineapple pizza, right off the menu, in the heart of NYC's Times Square, therefore your arguments are invalid.

The innocence of pizza on the other hand can be debated

Is any pizza innocent? Pizza shows up in a lot backgrounds where dangerous things could be going on! Then again, pineapple pizza should be considered innocent until proven guilty, as with all pizza outside of gross chains which are guilty by proxy.

Pizza is innocent but its innocence was ruined by adding pineapple to it. Like adding 7up to wine, or coke to whiskey... why... why i ask? Cause you hate life? Cause you value nothing? Cause you don't have tastebuds?

No, Pineapple on pizza was started by a Greek man in Canada, not an italian. It is an insult.

One should not speak ill of the dead whom brought delicious joy to many people across the pizza-eating community sir.

Starting to sound like you might be afraid to get out of your comfort zone and try something new! Shouldn't SEs constantly try to understand and get into the mindset of a client/target? What if a cover for an engagement needed to like pineapple pizza to get the intel? Are you going to refuse a job for this?

I have refused jobs for things that break my morals - so yes. And I have tried pineapple on pizza to solidfy my seething hatred for it.

BUT... oh my god you will enjoy this... on July 25th we are doing a charity twitch stream for ILF and if we raise 25K I will MAKE and EAT my own pineapple pizza on camera. SIGH

Just because some fake fans in NYC put pineapple on pizza to appease some poor people who don't know better is not a valid argument. That is like saying, "well they sell boxed pizza at walmart in NYC so it must be good"

No sorry sir, you have failed.

Love ya

Chris

Are you one of those social engineers who enjoys pineapple on pizza?

I am not. Most intelligent people on earth, like all of Italy, does not prefer to ruin the perfect food of pizza with something like pineapple

Who is better at their job, your or the Chief Robot Hacker?

I have never went up against a Chief Robot Hacker so i cannot answer that honestly. If we are competing against humans I think i would win, if we are competing about coding, i am sure he would win.

Chris

How do you become a social engineer? Is there training you can recommend?

u/R0u53_ a self serving answer but yes there is training we offer at www.social-engineer.com. There are really no other practical courses that cover how to become a social engineer while keeping with the motto of "leave them feeling better". So other courses focus too much on tools, which is a fraction of what being an SE is, or on the malicious side, which is not what we are to be.

Interesting, can you tell from my current Reddit account, as well as several other accounts if possible found, and use your hack skill to tell what I really am or what crimes I've committed?

u/TheD1v1s1on5 well it is not that easy. Could we? Maybe in time. I can't say for sure. This type of work is not easy or quick it is time consuming. So could we locate your whole life? Maybe. But that would depend on a number of things.

5 more minutes folks - ask me anything

Glenfarclas for the win and of course pineapple on pizza is the best :D.

Now that I have your attention, have you ever been hacked or fall victim to a social engineering attack?

u/jrmscooter you are 50% right. Glenfarclas is by far the best Scotch on the green planet. It is like the tears of an angel have been bottled for consumption.

Pineapple should never be put on pizza its true. Ask any Italian.

Now for your question. YES. I fell for a phishing email, that really got me. oof, it was bad. An Amazon order phish. Mainly because i am an amazon junkie, it got me hook line and sinker.

So embarrassing but it happens. being a hacker doesn't mean i am hacker proof - i am still human.