Kevin works with social engineers, people who use psychology to bend
situations to their advantage. For example: if you need a new laptop, why not call up a
company and trick them into giving you one? Would you call these people thieves? Scammers? Con artists? In Kevin’s opinion he’s just a programmer who happens to work with gifted liars that are pretty good at getting whatever they want.
I used to sell the beginners guide to e-whoring on socialengineered.net. E-whores are scammers that trick people into thinking they’re a girl and when their victims desire to see some flesh, they’d have to pay.
SE.net is a low-level forum for kids, youngsters who have no clue what they’re doing. It’s not really what I normally get involved with but for a time I was helping out this guy who was live streaming his e-whoring methods. In my eyes he wasn’t doing that great. He lured people by posting “XXX SEXY GIRL VERY HORNY ADD ME ON SKYPE”; who believes something so blatant?
I messaged him and said I could help get enough traffic for the next nights if he paid me a small percentage of what he’s earning. So I put 5 posts in different popular areas on craigslist written as if I was a nineteen year old girl. I invented the story that she was supposed to be going to the club with her friends. Unfortunately they bailed on her and now she’s home alone looking for someone on Skype to keep her company.
That’s one aspect in which you can use social engineering. Trying to pinpoint what kind of story
makes a person tick. Eventually this guy got involved with credit card fraud, scamming people, and flat out just disappeared from the face of the earth. Not someone I would work for in the future.
To me credit card theft is straight up stealing. It’s 100% involuntary to the victims. The majority of
social engineers I work with wouldn’t be a part of that.
I don’t call myself a social engineer (SE); I’m just a programmer that works with a few of them.
Hacker wouldn’t be the correct term either. Mainly I write programmes based around methods others have discovered and which I can add to. SE’ers can be involved in legal or illegal activities. Legal would be trying to convince a girl to come with you. A more or less illegal form of SE’ing is trying to convince a company to send you their product for free. This might include pretending that you have their product, that it broke, and now you want a new one.
My introduction to the whole scene came through my friend Jay. I was tutoring programming on
HackForums where he noticed my work. I was making an encrypted messaging system. He asked me to see how it worked and tried it out. Afterwards he donated a nice sum of money because he liked it so much. For him it was a safe way to communicate sensitive information.
Jay is a big time SE’er, the kind of guy with an abundance of stories and enough confidence to bend the world in his own way.
Now we hang out on an exclusive forum where the big cons get posted. Not everybody is allowed on but through Jay I got a referral and went through a long application process. I didn’t pretend to be an SE’er or hacker. I was honest and said I was a programmer working with an SE’er.
It’s a nice community to be a part of: You don’t have to be doing bad. I’m just sharing my knowledge and writing programs which can be used for privacy; which, as you can imagine, they’d probably have a good use for.
People post things on the forum that could potentially lead to a good SE’ing scenario. A good
example is when the Xbox One came out. We heard that when someone’s console broke, Microsoft would send a replacement while the broken one gets fixed and only charge one dollar to the credit card. Me and Jay saw an opportunity we couldn’t pass. In order for this to work I needed one valid serial number. But that’s easy to get ahold of. Just search online for somebody who’s selling an Xbox One and ask for the serial number in order to verify the warranty or whatever. If you really need to, you can go to a shop and copy one from an unsold console.
Once I had a serial, we were in business. Microsoft uses the same algorithm for all their products (Xbox 360, Kinetic, Surface, Surface 2) so I made a script that popped-out
serial numbers. Jay absolutely loved me. The majority were working — 1150 true serials from a
single original one.
It’s not even a big script, simply twenty lines of code. All I’m doing is messing around with ones and zeroes and Jay would sell the replacement consoles for twenty dollars a pop. I sold the serials individually. People pay money for just a bunch of numbers. Can you believe that?
I didn’t have to do anything, only write the programs and in came the money. Jay paid me fifteen percent of the earnings and on top of that a free Xbox One.
I can guarantee companies like Microsoft know what’s going on. But how can they combat something like this? It’s not a flawed system, it’s just easy to mislead customer service. For example: If a customer is on a business trip in another country and needs a replacement because their laptop broke, they can call up the company and say: “Hey, I’m in England right now, I need a replacement”. Or even better: “I’m about to go to England, and I need a replacement before I leave”.
You ‘d have to go through all the different checks and when Microsoft or Dell or Apple is sure everything is real, they’ll send you a new laptop before they even get the old one back. They are concerned the customer is trapped and can’t do anything. He or she doesn’t have time to get a new laptop and is definitely not going to pay for another. SE’ers are the guys that get through all these check points and walk out with five Macbooks.
Tricking Microsoft into giving us those Xbox Ones was the biggest thing me and Jay ever social engineered. Now we mostly browse around the forum talking about the things that get posted. But we’re not doing it much anymore. We became good friends in real life, which is something rare in the SEing world. I’m still just a regular member and that means I’m not allowed on the VIP section where the higher up methods get posted, or projects that need a lot of collaboration. At the moment I’m sending in my application though. You don’t need to prove all the things you’ve SE’ed to be considered. You simply need to show what you’ve been contributing.
A big part of the philosophy behind SE’ing is not to go against individuals but target large
companies. How much money does Microsoft have? Enough to give out a shit ton of free Xboxes
without even making a dent. Sometimes people post on how you can get for free stuff from
small companies, but people will reply that they don’t want it. Why put a small sized company out of business? Amazon on the other hand is an easy target. Order a flash drive from
their website right now, wait it for it to show up, and then call and say it never showed. They’ll
send you your money back without even changing the order. I did this with my school books
because I couldn’t afford them. It’s referred to as refunding, and it isn’t even considered SE’ing anymore because of how simple it is.
I’m currently in college studying computer science. Some of my friends at university know what I do, but I see very little reason to let those who don’t in on the SEing world. Occasionally I might
drop information on how to get certain things for free. It helps everyone out. Recently a friend of
mine’s Xbox 360 broke so me and Jay sent her a nice surprise in the mail.
In the future I see myself in a position where I don’t need to get free stuff from companies, where I can support myself financially, and am a college graduate and who is a professional in the field of programming. I learned a lot from Jay and the community I’m a part of. Even at my
student job in a sandwich bar, if people complain about their food taking too long, I give them a
free cookie. We sell them for fifty cents but in reality they cost us next to nothing. I’m good with
customers; I know how to keep them happy. I attribute a lot of this to the fact that I kinda know
how to social engineer. And hey, it never hurts to be social.