Difference between revisions of "Elicitation"
From Gender and Tech Resources
(Created page with "That person you don't know and tries to develop a relationship with you? He or she can be genuine, can be an intelligence agent, can be a role player, ... Elicitation means '...") |
m |
||
Line 17: | Line 17: | ||
* Information Elicitation via Social Engineering http://capec.mitre.org/data/definitions/410.html | * Information Elicitation via Social Engineering http://capec.mitre.org/data/definitions/410.html | ||
* Social engineer: elicitation http://www.social-engineer.org/framework/influencing-others/elicitation/ | * Social engineer: elicitation http://www.social-engineer.org/framework/influencing-others/elicitation/ | ||
+ | |||
+ | === Underminers === | ||
+ | * Chapter Two – Undermining the Tools of Disconnection (Part 1) http://underminers.org/the-book/chapter-2/chapter-2-part-1/ | ||
+ | * Chapter Two – Undermining the Tools of Disconnection (Part 2) http://underminers.org/the-book/chapter-2/chapter-2-part-2/ | ||
=== Examples === | === Examples === |
Revision as of 17:35, 20 August 2015
That person you don't know and tries to develop a relationship with you? He or she can be genuine, can be an intelligence agent, can be a role player, ...
Elicitation means To call forth, draw out, or provoke (a response or reaction, for example): "Interrogators were reportedly frustrated by their inability to elicit useful information from him" [1] and a much used tool in doxing and reconnaissance. Why jump through all kinds of technological hoops if we can just ask? It is low risk and hard to detect.
Elicitation seems to work well using these general human "vulnerability" key factors:
- Most people have the desire to be polite, especially to strangers.
- Professionals want to appear well informed and intelligent.
- People that are praised, will often talk more and divulge more.
- Most people would not lie for the sake of lying.
- Most people respond kindly to people who appear concerned about them.
Make an assessment of your vulnerabilities to protect yourself, but don't "overdo" it, as in, if *always* appearing invulnerable to a particular type you may be giving away as much as if you are vulnerable. You can also do some simulations with trusted others to see how vulnerable you are to what elicitation by whom.
Resources
Social engineering
- Information Elicitation via Social Engineering http://capec.mitre.org/data/definitions/410.html
- Social engineer: elicitation http://www.social-engineer.org/framework/influencing-others/elicitation/
Underminers
- Chapter Two – Undermining the Tools of Disconnection (Part 1) http://underminers.org/the-book/chapter-2/chapter-2-part-1/
- Chapter Two – Undermining the Tools of Disconnection (Part 2) http://underminers.org/the-book/chapter-2/chapter-2-part-2/
Examples
- The Real Hustle https://www.youtube.com/user/TheRealHustleA3M