Behind the Scenes of "Killing Social Engineering"
By Eh’den (Uri) Biber
Part 1 – Who the @#$% is Uri?
When I posted the opening part of my new presentation on human manipulation I was well aware that my views on the subject would be accepted by some with the same enthusiasm a southern Christian community will welcome an Afro-American gay couple with an adopted white child, or the way an Israeli settler will be welcomed in a Palestinian refugee camp.
To those who tried to figure out who the @#$% is this Uri that claims social engineering must be killed the search usually resulted in very few references to support those claims, and so I totally understood people that question my views. After all I’m not making my living as a pen-tester (penetration tester), I was never involved in the community of pen-testers, and to some of the people who work in the field seeing a post entitled “killing social engineering” that was calling them to re-think the whole methodology they base their work upon seemed like an insult.
“May you live in interesting times” is a Chinese proverb that was once translated in the west as a curse. I however believe that it is up to us to decide what to do with whatever we experience in life. Everything has a purpose, we all have a purpose – and so does this post. If you’re searching for part two of my new presentation I’m afraid you will not find it here. This post is here to tell my personal story, a story that will allow those of you who choose to read it another insight on who I am.
I am dedicating this post to my friends who always told me that I must write a book about all the things that happened to me. Thank you for being there for me, I forever cherish your wisdom, your friendship, your support and love.
It’s time to start.
Part 2 – Tragedy
I begin after the middle. In 2001 my wife and I were blessed with the birth of our youngest son. Like his older sister and brother he is a beautiful, smiling, loving child – with one distinguish fact – he has autism.
Autism is defined (today) by science as a neurological disorder, which means his brain is wired differently than most of us. When we received our son’s diagnostic at the end of 2004 we were told that he is suffering from severe autism, that he will never be able to communicate with us, and that the faster we will accept that fact the better we will be.
I refused to accept that, and thought to find solutions via science. That led to endless hours of research on the subject and as I did so a sad truth emerged: scientist who were investigating autism had no clue what causes it, they didn’t know how to treat it, not how to cure it. Our beautiful son was locked within his own world, and everything we tried to teach him failed. There was no key to open the gate of his castle of awareness (or so we thought), the Belgian education was light years away in implementing even the conventional treatment methods that were used elsewhere in the world, and the future seemed hopeless.
The statistics of families who have an autistic child are harsh – most couples get divorced. In our own universe the autism of our son came after losing our second child on the 8Th month of pregnancy, then seeing our daughter (our third child) dying in front of our eyes after her birth. It wasn’t the autism that “destroyed” our marriage – it was just the last straw. In 2007 my ex-wife and I got separated, and in 2008 we became officially divorce.
AND welcome back everybody!
To those of you who think “WTF does this has to do with human manipulation?” then please consider the part you just read as an introduction to the next chapters.
As a side note, I do talk more about son in my presentation, explaining how we eventually managed to communicate with him and what lessons it brought me to the understanding of human manipulation.
OK, time to continue
Part 3 – I am your lover!!!
My marriage breakdown felt like the scene from the movie “The Wizard of Oz” in which Dorothy’s house was thrown out from one world to another. After a 17 years relationship with the first woman I’ve ever dated whom I stayed loyal to throughout that period I had no clue whatsoever where I was. Communicating online with other people was never a problem for me (after all, I’ve been doing it since I was a teenager) and charming women was easy. However, when it came to real life the thought of initiating a conversation with a woman scared the shit out of me, as I had no clue how to do it. I started to go out regularly because for me music and especially dance were always a way of expressing my feelings, and I had a lot of them that needed to be expressed at that time. I used to go alone, sit in a bar or a club, and listen to music, sometimes dance but not really with the intention of initiating anything with the ladies who were around me. To my surprise it seems that ignoring women actually attracted some of them. Looking back I realize that women sense the focus of attention men have even when men try to hide it, and as I wasn’t really interested in them it seemed to make me more attractive. This attractiveness ranged from women who initiated conversation with me, via women who offered me free drinks to occasional one-night-stands which made me wish escaping as soon as the intercourse had ended. As I felt I had a lot of catching up to do in that area I became highly interested in the seduction scene, and I’ve started to read, listen and practice various techniques of pickup artists like Ross Jeffries and Mystery. Even though the method they used worked perfectly for them I had the sense that pick up artists developed an arsenal of seduction-magic-tricks to overcome their own shyness, and that those methods would never bring me a deep trustful relationship, one that I craved for. At the end of day it all boiled down to approaching a woman in a way that will not frighten her, then charm her, intrigue/amaze her, add sexual content and that’s it. Sure it worked, even for me when I tried it, but I felt no happiness in having women telling me at the end of the evening “I don’t know how you did it, I never sleep with someone on the first date”. I felt a need to understand more, and so I started to learn NLP via G&B (John Grinder and Richard Bandler) writings – or as Bandler would insist of correcting me: B&G. To those of you who never heard those names – B&G were the odd couple of the alternative psychological world of the 1970s with personalities that were as different from each other than can be, yet their research provided us an alternative view of the importance of spoken language as a tool to alter people perception and conscious state.
I remember the endless conversations between people who were playing the game talking about the complex sentences they build that make women sexually attracted to them and I know many people still believe in NLP, while others do not. What I saw in real life was that words alone never defined the success – it was the combination of the words and the way they were expressed. The music was as important as the words, most of the time much more important.
Part 4 – look deeeep into my eyes
One day I was chatting with a woman who told me she work as a hypnotherapist. “Wow” I thought to myself, “A total mind control – I really should learn that shit!”
At first I hoped that via hypnosis I might be able to find a way to bypass my youngest son’s autism, and if you combine that with the illusion I had that learning hypnosis will make any woman that I meet do anything I wanted you can understand why I was so motivated. Luckily for me I was in between jobs so time was not an issue, and after a month of studying every day from the moment I woke up till midnight I felt I’m ready to practice. I first tried to hypnotize my youngest son but he was totally unimpressed with my hypnotic commands (make sense now when I know more about the way hypnosis works and the neurological nature of autism). I was however able to hypnotize my daughter in a snap and via her I’ve learned a lot about the nature of hypnosis. In hypnotic state I was able to make her ignore pain, remember her second birthday in vivid details and even make her go back to hypnotic state after showing her an ice-cream (one of her favourite things at that time) – only to see her waking up after a brief second with a big smile asking to eat the ice-cream. You cannot command a person to do under hypnosis a thing that will contradict an inner belief system unless you managed to alter it (which is much harder than people think after watching the Manchurian prisoner movie).
After my kids I moved to adults, and I started to hypnotize people whom I known and that asked me to to help them overcome something that were bothering them. Even though the hypnotic sessions I’ve conducted lasted about 3 hours it usually took about 15 seconds to make a person go to that state (transferring a willing person to a state of deep hypnotic was much faster than most people can imagine if you knew how to do it). While I rarely practice hypnosis anymore I strongly believe that under a caring, loving hypnotist an hypnosis can succeed were prescribed medication or psychotherapy cannot. Practicing hypnosis was an amazing experience for me: I saw a woman who had a skin allergy that under hypnosis traced the cause of it to an event that occurred to her in a previous life, in the 19th century. I saw a woman that lived a tormented life of drugs, prostitution and partner abuse that under hypnosis was able to trace the root of her problem but was unable to let go of it no matter what I tried, and that at some point of the session when I asked her to do something she told me “I cannot do it because she do not let me”. The “she” turned out to be what she believed was a second personality that came into life after a childhood sexual abuse. Till today the memory of speaking with that “other personality” brings shiver down my spine, it felt like talking to the possessed person from the movie “the exorcist“. Each and every one of those sessions was as exhausting to me physically and emotionally as it would have been to anyone who ever tried to help a good friend in real crisis, but it was well worth it.
Before I will move on to the next chapter, I wish to make three personal observations on hypnosis:
- The one common thing that occurred in practically all of my hypnotic sessions – from my daughter to adults – was the amazed look in the eyes of everyone who came up from the hypnotic state. It thought me an important lesson on how blind we are to the complex subconscious ocean we all have.
- Hypnosis is a wonderful, powerful tool that can be a lethal weapon if practiced by people who do not know what they are doing. Many professionals who works in the field tend to use written scripts to try to treat different problems and this is one of the reasons of the bad reputation hypnosis seem to have. If a person under hypnosis was unable to change what they wanted to change in their lives it is mainly because each and every session should be considered unique – some of the professionals do not understand it, and by doing so they not only bring bad reputation to hypnosis, they also can cause damage.
- I hope that in the future it will be much more common than it is today to see a hypnotherapist, However, I think that this field should be revised, because the main element of a good hypnotic session is compassion of the hypnotherapist. A non-compassionate person can not only cause more damage, and they should not be allowed to practice it.
Part 5 – Burn baby, (re)burn.
At the beginning of 2009 I was so happy – I had a new job, I was about to become 40, my employer had offered me a permanent contract – everything was going the way I wanted. Then out of the blue one of my closest friend died after a stroke, and that trauma combined with a very unhealthy lifestyle that included extremely long working hours at the office with a unique diet that was based on eating a huge package of Belgian waffles every day totally unbalanced me. At the end of 2009 I had to take 3 months to recover from a burnout.
How burnout does feels like? I love to describe it via the opening scene of Hollywood’s finest movies – “The Sound of Music” (God I love musicals).
Most of you probably know the beginning of the movie. A prelude of Rodgers and Hammerstein – a beautiful landscape – beautiful meadow, clear blue sky with summer clouds passes gently. Vision to yourself the lakes, the mountains with icy peak-tops, the soft music, and the everlasting tranquility. Now try to imagine that you just transformed everything you see to the planet mars. Now replay the same camera travel, but with no music, no atmosphere, no life – only rocks and stones, sometimes surrounded by ruthless winds and horrible temperatures. Burnout felt to me like an emotional desert.
Yet even a state of emotional desert gives its opportunities. For me that state allowed me to work on myself. I used to wake up in the morning and until the evening in order to think, and thing, and think. Think about my feelings, and why do I feel how I feel. Under burnout our perception changes and it allows us – if we practice it correctly – to reach the root causes of many of our beliefs. It brought me a new understanding of why I reacting to life the way I was, it provided me new insights of the way I experience life, and it opened for me the window to the next chapter of my life.
Part 6 – Wired for life.
In January 2010 I’ve returned back to work with a new insight of myself. During the burnout I was trying to understand its causes, and the more I was reading the more I realized that my neurology played a dominant role in it. Due to my son’s autism and to the fact I was diagnosed with ADHD at the end of 2007 I was already exposed to a lot of neurological jargon, however as scientist were unable to identify the neurological causes of autism and as ADHD label is still highly controversial I never invested a lot of time learning about the subject who seemed to me way too technical.
In 2010 I’ve decided that I must know more on the subject. I’ve started to read and learn as much as I can and the more I’ve learned the more I realized how much the field of neurology had developed in the last years. In September 2010 I attended as a participant Brucon – the Belgium hacker’s conference, and there I’ve met the security officer of the Dutch high-speed academic internet. After talking to him in between sessions he asked if I am interested in giving a presentation about social engineering in their February 2011 event, and as the subject had nothing to do with my daily work I said I believe I can, and asked my employer’s permission. At the end of 2010 I was returning from work to studying neurology every day for 5-6 hours, and that led to the presentation I’ve previously posted. While I felt it was a personal achievement to be the first person in the information security world who suggested human manipulation should be measured via the neurological impact of different elements, I felt I didn’t reach my target audience – the information security experts. There were many reasons for that, starting with the fact I’ve compressed a subject that can fill in a week seminar in half an hour, via the fact many people who attended the session had no background in neurology and ended up with the fact almost no one realized the drastic change in methodology I was suggesting. But even with all those flaws I’ve realized when I listened to the next speaker in the conference I attended who was teaching social engineering in a university that current studies on human manipulation that were being conducted in the framework of information security studies had to be revised. While students were given a period of time to prepare before approaching a person prior to his/her manipulation, they had no way to quantify their efforts in an objective way. I felt that until we can have an objective, scientific way of measuring human elements we will not be able to have repeatability of success neither in manipulation nor in prevention.
Part 7 – What g*d got to do with it?
One of the main reason information security experts fail again and again in being able to create an awareness program that will have a long term effectiveness is due to the fact awareness programs can never “overwrite” a person’s set of beliefs – and the minute a perpetrator is aware of those set of believes all he/she has to do to overcome the rules organizations and societies tries to put in place is use the beliefs of the individual(s) as a leverage.
This caused me to think on the role of faith in information security. Most of the population on this planet believes in god and most scientist view this belief as a sign of ignorance. It seems there is a constant struggle between the two, and the more I was thinking about it, the more I’ve realized that in order to protect the majority of the population from being manipulated via their set of believes I must try to understand this thing called “god”.
But what is god? I never “felt” god! Sure, I learned about the all-mighty in school but I sort of developed my own interpretation of it. How can I address what I do not understand?
One day before I gave my presentation I set down, went via the processes I was now aware of that was running in my brain and I started to shut them down. Suddenly I felt I don’t think of anything anymore, and then I felt what I cannot describe in words. It was like flying via a universe composed of endless galaxies, experiencing the beauty of creation as was engraved in my own personal brain. I felt for the first time in my life the presence of god within me, just by letting go. Sensing the presence of god was the difference between knowing that we have 100 billion neurons in our brain vs. actually being able to sense them.
That experience had led me to profound understanding: If this is what people who believe in god sense, or even a glimpse of it, then anything we try to teach them about security is worthless if a person can utilize those set of believes. It made me understand that we must look for a new path to approach people, and that we cannot simply assume that whatever we teach them could be effective. I’ve realized we had to start from scratch, give people the understanding that the goal of science is to make them connect to their own private personal experience of life they have – regardless what it is, and to do so we must first accept everyone as they are.
To be honest at that point of time I neither had the time to go into that in my presentation, nor did I feel ready to go into what seemed to be a definite battle with those of us who see the concept of spirituality via the eyes of the current scientific belief.
Part 8 – a new beginning
After I gave my original presentation I was asked by many people what’s the next step, and to be honest I was not sure. I had many ideas on how to progress, but I also had professional obligations that I felt must be completed. One thing however became clear to me – if I wish to move forward I had to be honest to myself about myself, and that an inner voice within me was something I’ve learned I should not ignore, or else the result will be an unbalanced state.
In the last few years I’ve experienced manipulating others, I’ve experienced being manipulated by others, and while today I’m extremely aware of what others think or feel even when they try to hide it I do not have any need any more to use that knowledge. Manipulation is a dual edge sword – you can only be untrue to others by being untrue to yourself, and at the end of the day you become as manipulated as the person you try to manipulate. This is why I am no longer working for my previous employer, and I feel it was the right thing to do. I’ve realized I wish to be who I am, and I think it was a mutual understanding of both me and my previous employer that we do not see the world via the same personal and professional perspective. I’ve always said that the way we leave is the way we live, and thus I’ve closed that professional chapter of my life with feelings of love, gratitude and understanding.
And that brings me to the reason I published the introduction of my new presentation – I’ve realized via studying the brain that we are all neurologically unique, and that this neurodiversity should be celebrated and not be viewed as a problem, a defect, a fault. Our brain is a miracle, and the future of humanity and the planet depend on accepting all of us as we are.
So this is it – I close this extremely long chapter in my life, one that started with what seemed to be a tragedy and ended up with a higher understanding of life. Alan Watts once said that there is no past and no future, only endless moments of “now”, and if you stayed until now I wish to personally thank you for being here for so many nows. Gandhi once said “The World is big enough for everyone’s needs – but it is too small for the greed of one man”, and I believe our goal in life is to find the way to live a better now by simply being who we really are, being part of the unity of this wonderful universe.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.