Social Engineering Defense Contractors on LinkedIn and Facebook 2: Selecting the Targets

The next phase of Jordan Harbinger’s social engineering study involves joining the environment with potential targets who have top secret level clearances.

The question is: was this just some face-to-face magic that social engineers, or myself, can work in person that was getting this type of result, or is this something that I can replicate over the Internet with people that I don’t even know, on a larger scale especially?

So, I decided to run a little experiment.

Step 1: Locate a target-rich environment

Infamous mugshot of Nick Nolte

Infamous mugshot of Nick Nolte

Where do you go when you’re trying to meet people? Guys, if you’re trying to meet girls, there’s one place that comes to mind pretty much instantaneously where you should go: a yoga class, or the bar, whatever. And when you’re looking for a bunch of people with top secret level security clearances, it’s a different story. I kind of figured that walking into the Pentagon in a Hawaiian shirt and announcing my request was not a good way to go.

So, I asked some government contractor friends which social networks they were on, and everybody was like: “I’m not on Facebook, I’m not on Twitter, it’s so trackable and hackable and all this stuff. But I’m on LinkedIn, you know, just to connect with colleagues.” So, how many of you guys are on LinkedIn? Pretty much everybody, practically, except for the guys in the back, who are like: “Social media is for kids,” which is maybe true.

LinkedIn login And honestly, while people were trying to hide themselves on Facebook and Twitter, they were all over LinkedIn with their updated resume and their headshots, where they’ve got a fist underneath with lasers in the background, like a yearbook photo.

And I called LinkedIn, I called the connection at LinkedIn and I said: “Alright, how do I search for people? I don’t really use this, I’m on Facebook, because I don’t need a real job anytime soon, so I don’t really know how to use LinkedIn.” And they said: “Well, actually, if you’re going to hire someone or if you were looking for a specific qualifier, you can just give us a couple thousand dollars and you can search for any field that you want, you can search for all of the resumes, even if they’re on ‘private’; and you can contact them directly through this thing we’ve got, called InMail.”

This is a legal way for me to go; I want to search for everyone with the top secret level security clearance and I want them to be a ballistics engineer for maybe one of these 10 companies, and they go: “Ok”, and as soon as the check clears, I can search from my house, I don’t have to verify anything, as long as they’ve verified that their bank account swelled up a little bit. And I have access to all that data. Now, of course, they say: “Well, you don’t have access to my personal name and email”, but I can still reach out and touch you, and that’s the key.

For a little bit of cash I can search for people with clearances and expertise that I want.

Yeah, at LinkedIn they don’t care about any verification. Basically, I could walk into the office with a stack of cash and be like: “I need to use that search function we talked about.” They did not care; I asked if there was some sort of verification process, and they were like: “You mean for the credit card?”

So, to sum up: for a little bit of cash I can search for people with clearances and expertise that I want, and I can contact them directly using LinkedIn or InMail. And basically, that means I can go around their work email, I can go around their HR department, I can go around their security department. And the site is designed to function in that way, because the point is: sometimes, when you’re looking for a new job, you don’t want your employer to know, so LinkedIn goes: “Don’t worry, we’ll totally help you with that by making it really easy for other people to get in touch with you.” Sweet!

Step 2: Gain access to the targets

I thought about starting some sort of group on LinkedIn with all the top secret guys, but then I ran into two problems: first, how do I find people who are willing to join a group of people with top secret level clearances? That sounds like the dumbest thing ever. And who would be dumb enough to join that group? Who’d be dumb enough to be like: “Oh, I totally have one of those?”

Well, fortunately, that problem was solved, because I discovered that there was already a group of people on LinkedIn with top secret level security clearances. And I thought: alright, there’s probably a handful here, it’ll be great for this test, and I looked and there were 7,700 people in the group. And I checked later and there were even more, so every day people are like: “Oh, I have that, I want to be in this group.”

So, there were intelligence analysts in there; there were scientists in there; engineers of every foreseeable field: ballistics and aerospace and stuff I can’t even pronounce, and even a couple of congressmen. So, some of the people in the group were congressmen from Ohio, engineers from Lockheed Martin, Northrop Grumman, Raytheon, Homeland Security officials, federal business development and sales, Air Force guys and program directors, and even the commander of something called the 412th test flight squadron – I thought: “Ok, this is probably a guy who knows lots of cool stuff”, I didn’t mess with him though, I’m not stupid.

So, I had this entire list, as well as access to pretty much everyone in it from my iPhone – again, right from the phone and from any laptop from anywhere in the world. And I did most of this from Starbucks, just in case. You see the suits walk in and you’re like: “I’m not thirsty anymore, I’ve got to go.”

LinkedIn group of people with top secret level security clearances

LinkedIn group of people with top secret level security clearances

So, there’s the group (see image), and you can see Joshua Reese there, he’s got an active security clearance with some science stuff and blah-blah, and he’s leaving the Army, so he’s looking for a place to spill the beans on everything he worked on while he was there. Alright, so how many of you guys are in this group, or a group like it? You can just admit it, I recognize, like, half of you guys. Your secret is safe with me.

So, how the heck am I going to join this group though? I can’t join it; I don’t have a top secret level clearance. This is going to be verified, obviously, they’re going to look into this, right? Does anyone have a guess how I joined this group? I clicked ‘Join’!

And then of course they were like: “Well, you need to send an email to the moderator for verification purposes.” So I thought: it’s gonna ask for a photograph of some kind of certificate thing you probably get when you have this. So, I sent them an email and I was like: “Hey, I have a top secret level clearance and I want to join the group, and here’s the email. Tell me what else you need from me.” And 10 minutes later he was like: “You’ve been approved.” So, the verification process is clicking ‘Join’ and telling him: “Oh yeah, I meant to click Join”, so, sweet, awesome, I’m in. 24 hours is the usual verification process, probably, slightly less time than it takes to actually get a top secret level clearance.

Read previous: Social Engineering Defense Contractors on LinkedIn and Facebook

Read next: Social Engineering Defense Contractors on LinkedIn and Facebook 3: Associating with Targets

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: