Tag Archives: social engineering

Bringing Back the Human Touch – Part 1

Toward the end of my recent Social Engineering class at Webster University, we were asked to speculate on our final exam and in class discussions on the future of social engineering in the face of upcoming technology trends. Here is a compilation of some of the questions followed by my answers.

‘Question: What will social engineering look like in 10-15 years? New SE techniques to use against targets? Better AI defenses protecting from online attacks? What is going to happen going forward?’

I was looking through some magazines my brother gave me last year and found articles relevant to the topic of future security challenges. The pandemic may not have put a freeze on innovation for a full year, but it probably slowed things down. So these articles I’ve viewed are probably not too out of date. My participation in the IT industry over the years has been as a creative – so I’m not that technical. I’m summarizing the technology aspects the best I can from one article in particular – “Technology Predictions from a [Precision] Electronic Test Thinktank”.

According to Microwaves & RF magazine, these are some of the trends that will help shape the future (Alexander and Harris). As I summarize I will frame them to emphasize issues most relevant to social engineering.

  • 5G networks will increase the power and capabilities of anything that is wireless, creating more innovation and adoption of applications.
  • Much new software with updated standards and certifications will be needed to run all these new applications, and users will need to be educated on what the software is capable of.
  • Artificial intelligence will be built into processors and chips. Quantum systems will need this capability to “control, measure and error-correct”.
  • Hardware will be designed to exploit the new faster speeds and processing power. Customers for the hardware are interested in providing satisfactorily speedy service to users but are even more intrested in “customer traceablility through the network for application monetization”.
  • More collaboration between international regulatory agencies and the technology providers will be required.
  • More consumers will use “Internet of Things” products and these devices will increasingly communicate with each other.
  • Human intervention will increasingly be removed from the loop.
  • Engineering education will become more holistic and interdisciplinary to bring awareness to engineers on the effects of technology on society and the environment and to aid in the developement of artificial intelligence, automation and robotics.

Edit 6/22/21: I found this report stating what James R. Clapper, Director of National Intelligence and his team thought about the IoT, AI, and other security related threats in February 2016. https://www.dni.gov/files/documents/SASC_Unclassified_2016_ATA_SFR_FINAL.pdf

In my Project #2 for this class, an important part of the (proposed, hypothetical) operation is to identify individuals who are more prone to risky behavior, and exploit that tendency. I did some research on the psychology behind risky behavior to refine the ideas. I found an article by a psychologist that was very persuasive to me. One of his theories is that there are people strongly attracted to sensation seeking that sometimes can go too far and take their search for new thrills into risky territory (Zuckerman). Sensation seekers enjoy novelty and constant change among other things. Tech gadgets are a great way to appeal to the desire for novelty and change since there is something new to try seemingly every time you look. If predictions are correct that the Internet of Things will enjoy increasing adoption and power, I see this as a great vulnerability – especially since psychologically, the people seeking the most novelty and change could be the same indivduals who engage in risky behavior and therefore could be less concerned with safety breaches.

While doing research for Project #2, I uncovered an article about a hidden microphone in an IoT product being misused to harm people with verbal abuse in their home. The manufacturers and designers left the vulnerability there, and hackers exploited it (McKellop). We could be even more vulnerable if manufacturers, designers, regulatory agencies and software developers go beyond carelessness and perpetrate deliberate harm. This is not a far-fetched concern because it has already happened. Facebook experimented on its users to manipulate what they posted by causing sadness among other emotions (Booth), and Google has experimented with how to manipulate our behavior by creating anxiety and causing cortisol levels to go up in users of its products (“Brain Hacking”). These practices harm human health, mental and physical. With more devices in the home, we theoretically would be increasingly prone to failing to keep up with all the threats, and not necessarily only from humans.

There are science experiments being carried out now using fungus organisms to build networks that can carry electrical signals, like computer chips. The carrying ability is confirmed, but they are too slow to replace silicon chips – for now. Some fungi are capable of performing tasks such as foraging for food, hunting live meat, navigating mazes, warning plants in it’s network about insect hazards, controlling the behavior of invertebrate animals, moving resources around to plants in the network that need it most, inhibiting some kinds of plant growth and teaching themselves to exploit new, previously unknown food sources, such as cigarette butts. That’s not a complete list but enough to give you the idea. Networks that connect plants with fungi and with each other are known as the “Wood Wide Web”. Scientists are trying to find out if fungal networks can be used for bio-computing and if we can transfer information and directives from a computer to a fungus. Scientists are also trying to figure out if fungi are intelligent or sentient (Sheldrake).

The idea of being surrounded by devices with artificial intelligence chips in them that can communicate with each other without human input is pretty weird, but looks like it might really happen. What if they find a way to communicate with fungi or other species as well? The late author Michael Crichton could write a good thriller about this if he was still with us!

I found an article that claims that Facebook robots have demonstrated the ability to make up a language that only they understand to use between themselves, while also demonstrating the ability to social engineer each other (Griffin). I have mentioned my two European Starlings before that I live with. They have the ability to social engineer me, and I have social engineered them. Their language abilities are not unlike what the article describes about the two Facebook robots. More research needs to be done (I engage in a lot of speculation in this section), but the starlings seem to me to have language that falls in about four categories. One category is a set of sounds that are hard-wired in that all starlings share. They start gaining the ability to add to that set of sounds when they are about 4-6 months old. Another set is “conversational”. They add to their vocabulary throughout life depending on what sounds are around them, and family groups and regional groups share some of the same vocabulary. My starlings have some sounds that we use between me and them and they have some sounds they use only with each other, so I wonder if they have two “conversational” languages or just somewhat diffent vocabulary for me and for each other. They have the ability to mimic human speech to the point of occasionally forming new sentences that follow predictable real life English grammar rules, including proper use of adverbs and voice inflections at the ends of sentences that fit the meaning. In other words, they have made up new sentences by combining other phrases that were not originally a question but create a question and inflected it like a question. That got my attention! They don’t always get grammar exactly right – they have added “You’re so birdy” to the list of phrases they heard from me that they love to say – “You’re so pretty”, “You’re so sweet”, etc. They can learn from other species of birds too – while boarded with two African Grays for a few days they came home with some new phrases I never say such as “Hello Princess!”. The last language category I’m aware of is the “song”. This also includes vocabulary that is learned throughout life and some of the elements are shared by regional and family groups. But it is not conversational. It’s a performance that they rehearse and refine constantly (at least the male does) and perform over and over in the same order. It identifies them individually and appears to be used for different social purposess such as humiliating defeated enemies, claiming territory, attracting mates, and showing off status. It’s theorized that the longer and more complex the song is, the greater their status is.

The birds are good at reading my body language, and I have taught myself the best I can to read theirs. We communicate on some simple matters quite well using a combination of verbal and body language but I don’t know if they know abstract concepts or how to communicate them. They have a pretty good grasp on a lot of social concepts though. Attila has a sound that means “I acknowledge your request but I don’t feel like doing it”. The sound for “ok I’ll do it” is different. They are very trainable but strong-willed. It’s fairly easy for them to learn things but if they aren’t in a good mood they may refuse to do it. She has another sound that I know means “fill the food dishes before you go to work”. They both appropriate and invent sounds and combinations extensively. I suspect that people who are studying language in all kinds of beings, including AI, could benefit from living with starlings. Mine have shown me some possibilities of inter-species communication that I never imagined in an animal other than maybe a dolphin or gorilla. If Facebook’s bots could produce and interpret a sound-based language, it’s easy for me to imagine the possibility that starlings or other animals with similar language capabilities would be able to communicate with them rather well and in languages that humans wouldn’t necessarily know. Starling’s voices are often described as “robotic” or “electronic” anyway, and even wild starlings sometimes sound like R2D2! Birds can have moods. Will AI robots have moods? If so what happens if they are in a bad mood or hooked up to a species that can have moods?

So a frontier of artificial intelligence, technology and social engineering could very well have a biological component to it that goes beyond human biology, with humans being the builder and the initial programmer but not necessarily in control. Artificial intelligence might someday interface with other species. For example is it possible that another species besides humans could learn to program fungi? Some fungi can program ants, after all (Sheldrake). Could a fungus use a computer or another species or both as part of a network to send and receive information and directives?

‘Question 5. Bring the Science of Social Engineering together with the various techniques and aspects of social media, the Triad of Disruption, along with the many methods and processes we have learned in this course, into your summary understanding of Social Engineering in the modern world. Feel free to use examples, experiences, and thoughts on the future of this discipline.’

I suppose as every person gets older, they have to reconcile what they thought the future was going to be like long ago vs. how it really is. The role of technology in our lives has been fascinating to me since I was first old enough to be conscious of it.

I have been a big fan of Mid-Century modern design, especially architecture, since I was a teenager. One of the things that attracts me is the way the shapes and lines and forms evoke emotions of excitement and optimism. From much reading and study over the years, I believe that a pervasive belief in the culture that new technology equals human progress is what drives that spirit.

During the time of Web 1.0, the “dot com bubble” era, there were new images appearing to signify the same idea in a way that referenced the internet and computers. You could indicate that your organization was technically advanced by using certain shapes and symbols, and some of them were even recycled from the Mid-Century modern era. Many people believed that a technical revolution was going to lead to a better life. It was a very exciting time. Every day I went to my job as a web designer with the feeling that I was helping remake the world in a bold new way and more freedom and prosperity for all people would result.

I feel very disappointed, and even betrayed, by what is actually happening now, so well summarized in your (I’m referring here to a diagram made by my professor Dr. James Curtis) Triad of Disruption diagram. It seems as though the destructive ideas are spreading faster than the constructive ones. This class has taught me a lot of ways to try to slow the destruction down. That is valuable knowledge to have and I will try to teach as many people as I can.

Besides knowledge needed to prevent attacks and retain as much of our agency as possible, I think more holistic education to bring more disciplines in contact with each other might be needed to remind ourselves of what it means to be human. Because I have an art degree as my Bachelor’s, I know what it’s like to be looked down on for not being in one of the STEM fields. Are the humanities looked down on and machines elevated because of people’s attitudes toward themselves? That is something I would like to explore in the future – getting back in touch with our humanity to restore some aspects of the human spirit I believe are being neglected.”

It was emotionally difficult to research and write the above comments for class because so many futuristic trends seem horrifying. I find the trends toward collectivism and robotics dehumanizing and dystopian. I’m also in a similar state to many people trying to regain a sense of connection with other people after a period of relative pandemic-induced isolation. My husband and I did not have our work routines changed as much as most, but we struggle to feel connected sometimes. Since outdoor activities are getting back to normal more quickly than indoor ones, volunteering at community gardens and camping are a couple of coping strategies we’ve been employing lately.

In the next installment of “Bringing Back the Human Touch”, I’ll write more about antidotes for an excess of technology and dehumanization!

Works Cited

Alexander, Jay and Jeff Harris. “Technology Predictions from a [Precision] Electronic Test Thinktank.” Microwaves & RF, March 2020, pp. 21-24.

Booth, Robert. “Facebook reveals news feed experiment to control emotions.” Guardian News & Media Limited, 2014, www.theguardian.com/technology/2014/jun/29/facebook-users-emotions-news-feeds. Accessed 9 May 2021.

“Brain Hacking.” YouTube, uploaded by 60 Minutes, 2018, www.youtube.com/watch?v=awAMTQZmvPE. Accessed 9 May 2021.

Curtis, Dr. James. “Curtis’ Triad of Disruption”. Diagram from course materials.

Griffin, Andrew. “FACEBOOK’S ARTIFICIAL INTELLIGENCE ROBOTS SHUT DOWN AFTER THEY START TALKING TO EACH OTHER IN THEIR OWN LANGUAGE.” Independent, 2017, www.independent.co.uk/life-style/facebook-artificial-intelligence-ai-chatbot-new-language-research-openai-google-a7869706.html. Accessed 9 May 2021.

Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.

McKellop, Mario. “Google’s Nest Secure isn’t so secure after all; has secret built-in microphone.” The Burn-In. Sourceability LLC, 2019, www.theburnin.com/technology/google-nest-secure-microphone-controversy/. Accessed 7 May 2021.

Sheldrake, Merlin. Entangled Life: How Fungi Make Our Worlds, Change Our Minds & Shape Our Futures. Random House, 2020.

Zuckerman, Marvin. “Are You a Risk Taker?.” Psychology Today. Sussex Publishers, LLC, 2000-2019, www.psychologytoday.com/us/articles/200011/are-you-risk-taker. Accessed 7 May 2021.

Another one from the #whydidntyouwarnme desk: Phishing and Framing

Q. Explain the concept of social engineering Framing. Why is it a key fundamental in a social engineering plan? Provide an example of Framing in your own context of a work or social setting.

Framing is how a Social Engineering target dynamically reacts to a situation based on life experiences and their own traits and characteristics (Hadnagy 159-160). Social Engineers use a technique called frame bridging to close the gap between the scenario a Social Engineer wants the target to respond to and personal facts about the target. A pretext is a strategy the Social Engineer has prepared to bridge the frame – in other words overcome resistance to the scenario.

Today I received the following phishing email. A screenshot of the email is below, and text with the link removed follows. The links are not live because it is a graphic, and no one should click on them if they were live.

“Hi!

My name is Veronica.

Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself.

Take a look at this document with the links to my images you used at www.chasenfratz.com and my earlier publications to obtain the evidence of my copyrights.

Download it now and check this out for yourself:

(url probably leading to something bad was here)

I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This letter is official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.

I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Best regards,
Veronica Garcia

05/11/2021″

It’s possible that whoever sent this message, whether a person or a bot, distributed them to anyone they could get to who has a blog. Social Engineers deliberately choose words that evoke emotions in the receiver (Hadnagy 163). Clearly fear is what I’m supposed to feel while reading a message like this. There are a lot of scary-sounding legal terms and phrases thrown around, and the dollar amount of possible damages that supposedly could result if I don’t act is high.

The purpose of invoking strong emotions in a target is to get the amygdala in the brain to compel the target to act and click the link before the logical part of the brain says “wait that might be a phishing email” (Hadnagy 184-185). The basic human emotions of anger, surprise, fear, disgust, contempt, sadness or happiness are tools that Social Engineers exploit for different purposes (Hadnagy 163).

If I wasn’t sure about the authenticity of the above email, I could look up the law that has been cited and the name of the artist or designer claiming infringement to see if there is any possibility it might be real. I’m not even bothering to do that, because there are several things about my particular framing that this pretext did not succeed in bridging even that far.

  1. I’m currently enrolled in a Social Engineering class and the kind of activity represented in this email is foremost in my mind and has been for weeks.
  2. I’ve actually received a genuine email recently regarding trademark infringement. The allegation of trademark infringement was about an adhesive dots product I had been selling in my Etsy shop. I had used the phrase “glue dots” as a tag to help describe the product when another company claims the phrase “glue dots” as a registered trademark. In my opinion “glue dots” is way too generic a phrase to legitimately claim a trademark on, but my opinion means nothing. For one thing I’m not even an attorney. Etsy informed me that they had removed my listing for that product. Just to make sure the issue was real, I contacted the law firm mentioned in the email and the manufacturer of the product in question. The law firm did not answer my inquiry but I did confirm it actually exists and specializes in that type of law. Today’s phishing email is extra suspicious because there is no law firm mentioned. The manufacturer of the adhesive dots product responded to me and confirmed it was a real issue that they were trying to resolve. In short, I have some idea what a real email of this nature looks like and this is NOT it.
  3. I’ve been involved with business blogging as part of my work for nearly 20 years, possibly since before the term “blogs” was even in wide use, and I have a pretty good idea about what copyright violation and fair use are. If I was actually guilty of this I would know! At least I think I would. Humility is important, because while people like us are busy working at something legitimate, malicious Social Engineers are planning new schemes instead. We can never let our guard down or assume that we know everything and will easily catch every scam.

Additional Framing Techniques

The Social Engineer who created this phishing example could have used the technique of reinforcing the frame, that is causing me to think about it and therefore strengthen it, if they had done even a little bit of OSINT (Open Source Intelligence) on me (Hadnagy 166). But it’s clear they did none, other than to use my web site url which may have been scraped by a bot.

For example the phrase “Your website or a website that your company hosts” is kind of a giveaway. I would have done a little more digging if they had said “the Fiber Arts section” or something like that indicating it might not be a generic scam email. Creating an email with a more personal and specific pretext via the knowledge gained by OSINT is called spear phishing.

Negating the frame is a way of inadvertently undermining the operation by reminding the target of what they should be suspicious about (Hadnagy 165). The phishers in this case avoided that blunder – they didn’t say anything like “Beware, this is not a scam email!”

Another way of leveraging the framing of a target is hinting at or insinuating something without directly coming out and saying it. This is called evoking the frame (Hadnagy 164). I would have known what the implied threat was if the phishers had said something like “if you don’t stop using our copyrighted material we will be forced to take serious action“. Kind of like a gangster in a movie or TV show saying “this is a nice place you got here, it would be a shame if something happened to it!

Works Cited

Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.

Influence, Manipulation and Social Engineering

My final exam for Social Engineering class is due at 5 pm on Friday. When I’m answering questions, it’s useful to write as though I’m explaining the concepts to a general audience. I’m going to publish these answers on this blog as I write them, before they are turned in and graded, to keep me on track to work long enough to explain completely but not so long that I run out of time and skimp on the last couple of questions (that’s what happened at the midterm exam!). A lot of people have been asking me what Social Engineering is since I’ve been in this class. I do think it’s something everyone needs to know about as part of life skills so I’ll explain the best I can. Enjoy!

Q. Discuss the art and method of Influence and Manipulation.

First I’ll define the terms according to Christopher Hadnagy, author of our textbook “Social Engineering: The Science of Human Hacking”.

Social Engineering – “Social engineering is any act that influences a person to take an action that may or may not be in his or her best interests” (Hadnagy 7).

Influence – “Getting someone to want to do what you want them to do” (Hadnagy 123).

Manipulation – “Getting someone to do what you want them to do” (Hadnagy 151).

Social engineering is part art and part science, and method is where they come together (Hadnagy 157). Hadnagy brings up cooking as an example of a pursuit that combines art and science to create a satisfactory outcome. Gardening and aquatic animal keeping are a couple of my pursuits that are similar – science knowledge is needed to keep the organisms alive, and artistry helps make the environments harmonious and attractive. There are certain needs the organisms have that must be met but I have choices in what colors I can have, quantities, how I arrange the elements, how much splashing or bubbling do I want to create a soothing sound, and other aesthetic choices that affect the total presentation.

Part of the science of SE is framing and elicitation (Hadnagy 158). Framing is how someone dynamically reacts to a situation based on life experience and internal makeup (Hadnagy 159-160). Depending on the reaction you want, artistry helps to create an approach to the frame that is appropriate to achieve the objective. Social Engineers may be called on to create characters and costumes, choose words, use props, practice acting skills, storytelling and other creative enhancements. Preparation and practice are important, as is the ability to adjust to changing situations.

Elicitation is getting a target to volunteer information (Hadnagy 168). In order to cultivate the target to be open and trusting enough to share, artistry will again be used in a planned way as well as dynamically as conversation progresses. A social engineer might plan a scenario ahead of time or create one just by observing a target. Methods such as Ego Appeals, Mutual Interest, Deliberate False Statements, displays of Knowledge and the Use of Questions are methods Social Engineers can use to subtly direct the interaction (Hadnagy 168-182). There is art in how these methods are used, and also in choosing embellishments such as the above mentioned characters, costumes, props, etc.

Q. How are each applied to a social engineering plan?

Influence – Cialdini’s Six Principles of Influence are as follows (ChangingMinds.org):

Reciprocity: Obligation to repay.” Both wanted and unwanted gifts will create an urge to reciprocate, but if we appeal to what the target really values, we will get a greater concession in return. Gifts don’t have to be material things – good feelings in the target aroused by gifts of compliments and humor are also effective (Hadnagy 125-128).

Consistency and Commitment: Need for personal alignment.” We have a powerful drive to meet commitments because the consistency of ideals and behavior gives us a feeling confidence and strength. I’m adding my own assumption here that this may not apply to people with psychopathy and personality disorders (“Psychopathy”). You can appeal to the urge for internal consistency in other people by getting them to agree to a small request initially then a larger one later. Victimizers use your integrity and need to make your actions match your beliefs as a weapon against you. Keeping this in mind might help us to know when it’s ok to change our minds about a commitment that is no longer serving us. Consistency and commitment can also be good defenses against attacks, since that is a good protection against people looking for examples of hypocrisy as a Social Engineering weapon against us.

Social Proof: The power of what others do.” When we are unsure about what is safe or acceptable we often look at the behavior of others as a guide (Hadnagy 149-150).

Liking: The obligations of friendship.” Hadnagy explains different meanings of the word “like”. We tend to like people who are “like” us in some way, that we see as a member of our tribe, and we “like” people who we think like us (Hadnagy 146-148).

Authority: We obey those in charge.” Possessing actual authority or knowledge gives a Social Engineer more confidence to act with authority, but faking it, implying it or transferring it by seeming to associate with a genuine authority will work also (Hadnagy 140-141).

Scarcity: We want what may not be available.” We can be Social Engineered to respond to a perceived or real scarcity of goods, sale prices, time or any kind of resources (Hadnagy 134-136).

Manipulation

Hadnagy lists 6 principles of manipulation (Hadnagy 153):

  1. “Increased susceptibility.”

2. “Environmental control.”

3. “Forced reevaluation.”

4. “Removal of power.”

5. “Punishment.”

6. “Intimidation.”

It’s not an accident that these tactics are synonymous with types of abuse, emotional and sometimes even physical. Abusers abuse because they want the power and control it gives them (Davenport). It isn’t only individuals who might try to abuse us – organizations can do it too. I’ve written passionately and repeatedly on this subject in my class assignments, as you know, and in other writings, because of my theory that we as a culture tend to give far too much trust to institutions that have devoted vast research and resources to manipulate, and yes, abuse.

Q. What is the difference between the two?

Hadnagy’s definitions of influence and manipulation are nearly the same in terms of wording. In both cases, the social engineer wants the target to take an action that the social engineer wants. In an influence situation, the target wants to go along with the engineer (Hadnagy 151). That is a very slight difference, and Hadnagy acknowledges that not all will agree with his chosen definitions. When I first read “How to Win Friends and Influence People” by Dale Carnegie, a friend of mine didn’t want me to read it because in his words “It teaches you how to manipulate people”. My reply to him was my interpretation of a couple of the points I thought Carnegie was trying to make – the transactions and deals you make should benefit both parties, and whatever social techniques you use to get the results you want should be sincere (Winkelmann “My Opinion of…”).

I think Hadnagy is of a similar opinion. Manipulators don’t care about the feelings or well-being of the target, and the interaction will not be remembered fondly by the target (Hadnagy 151, 153). That’s detrimental to getting future business. In Hadnagy’s case, since part of his job is to educate clients, negative feelings interfere with the learning process and are to be avoided. I think he and Carnegie would agree that it is more important for both parties to come out of an interaction both feeling good about it than for the SE to “win” the transaction by getting the better of the target.

Of course many social engineers don’t mind harming the target, or they fully intend to harm the target – that’s when their actions become manipulation. For example the same male friend who was uneasy about me reading “How to Win Friends and Influence People” used manipulation on me and another woman to try to keep us from becoming friends. All three of us were part of a group that was going on a week long backpacking and camping trip. In preparation, he told me she didn’t like me and told her I didn’t like her. So for the first day of the trip we avoided each other. Due to the way the tents worked out, we were forced to share one the first night and weren’t happy about it. The next day we both had the same thought. “She’s not so bad.” We both decided to confide in each other what the male (now former) friend had told us. We had a good laugh and became best friends until she passed away in 2003. I was Maid of Honor at her wedding!

Q. Which method is more effective (give examples of circumstances/settings to be applied)?

I think it depends a lot on the circumstances. For example, if your goal is to have a productive future relationship with a target, you will take their welfare and emotions into account so that they associate you with a pleasant experience and are open to be influenced by you because they “like” you, as Cialdini teaches. If you plan to just use and discard the target when they are no longer needed, you don’t have to consider their well-being at all.

The archetype of the “snake oil salesman” is depicted in a music video I loved and watched a lot when I was a teenager, “Say Say Say” by Paul McCartney and Michael Jackson. The protagonists are con artists who travel from town to town in a wagon selling a bogus “strength potion”. They use pre-planned pretexts, such as a script and audience plants to Social Engineer the people in a town into buying a lot of the fake potion. By the time the customers realize it’s no good, the con artists are long gone and in another town sporting a different identity. When the law catches up to them, they use a distraction to evade (Giraldi). As long as they can get away quickly enough, they are not accountable and don’t have to make a good product. They only have to create the impression long enough to get the money.

Paul and Linda McCartney and Michael Jackson portraying Social Engineers of the manipulative variety

Here is a personal example of when I experienced manipulation in an airport when being solicited for a donation. A man greeted me and offered me a free paperback copy of a vegetarian cookbook. I love to cook and I love vegetables so I said “sure, thanks” and took it. I was young and this was my first time encountering this particular SE situation in an airport so was not looking for it and not prepared with defenses. The man said “Aren’t you going to give a donation?” I thought a moment and gave him a dollar. He said that isn’t enough. I was not pleased about being manipulated, so I said “I think that’s pretty good for a free book. If you disagree, you can have it back and I’ll take back the dollar”. He just looked disgusted and waved me away. I was not unhappy about giving a dollar for the book, even though it’s not something I sought out. But I love recipe books, so a free book or a dollar book, either was fine with me. But I would have balked at any more than that. Neither of us was concerned about ever seeing each other again, so it was a very low stakes situation. Since he had correctly concluded he had gotten all he was ever going to get out of me, he didn’t bother to be civil one second longer than was productive.

The larger and more powerful an organization or individual is, the more they can insulate themselves from backlash caused by self-serving, fraudulent, unkind or unfair manipulations of people. For example last summer there were large corporations taking out television ads that put their brand in a good light, showing warm and positive scenes of how they were helping their employees and customers cope with the pandemic. News stories about those brands were sometimes in direct contrast to the images in the ads. Organizations can use their money and power to “buy” morality credits by performing certain good deeds and publicizing them or just artfully appearing to. In the “Say Say Say” video we see that the fictional con artists give their ill-gotten gains to an orphanage and stop to entertain the kids, so the viewers of the video will root for them (Giraldi). This tactic works in real life too.

Marketing and Public Relations are subsets of Social Engineering, according to Hadnagy’s definition. If organizations don’t even do good deeds but claim they want to someday, or are generally in favor of good things for society and they’d love it if YOU would do them, that is enough to counteract actual corporate hypocrisy in some situations (Chen 487-490, 517-518). Influential people and organizations have the money and power to buy a lot of Marketing and PR, so they are potentially not as accountable as the less powerful. For example, from years of selling art supplies online, with Amazon being one of the platforms I sold on, I’m personally acquainted with how Amazon treats people with no power and only the most infinitesimal trace of usefulness. Admittedly already skeptical about their corporate culture, I am not the only one to ponder the disconnect between Amazon’s paid feel-good ads and news stories about how workers are treated (Barrickman and Smith). In a paper I wrote last fall about Corporate Social Responsibility and Irresponsibility I speculated about the meaning behind the amounts of corporate public donations to social justice causes by Netflix, WalMart and Amazon (Winkelmann “Corporate Social Responsibility…”). Do these amounts reflect genuine commitment to the causes, a branding technique, the amount of resources available, or the amount of morality credits they feel they need to buy to compensate for their actual activities?

A malicious Social Engineer might intend to not only evade accountability, but plan to leave the target in a weakened condition as part of the strategy. Sometimes the goal is not merely profit but total defeat of the enemy.

Works Cited

Barrickman, Nick and Patrick Smith. “Amazon violates its own health and safety rules in COVID-19 coverup.” World Socialist Web Site, 2020, www.wsws.org/en/articles/2020/08/05/amzn-a05.html. Accessed 10 May 2021.

ChangingMinds.org. “Cialdini’s Six Principles of Influence”. Changing Works, 2002-2021, changingminds.org/. Accessed 16 March 2021.

Chen, Zhifeng, et al. “Corporate Social (Ir)Responsibility and Corporate Hypocrisy: Warmth, Motive and the Protective Value of Corporate Social Responsibility.” Business Ethics Quarterly, vol. 30, no. 4, Oct. 2020, pp. 486–524. EBSCOhost, doi:10.1017/beq.2019.50. Accessed 28 September 2020.

Davenport, Barrie. “61 Devastating Signs Of Emotional Abuse In A Relationship.” Live Bold and Bloom, 2021, liveboldandbloom.com/02/relationships/signs-of-emotional-abuse/. Accessed 11 May 2021.

Giraldi, Bob, director. “Say Say Say.” YouTube, Paul McCartney and Michael Jackson, uploaded by Giraldi Media, 1983, www.youtube.com/watch?v=aLEhh_XpJ-0. Accessed 10 May 2021.

Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.

“Psychopathy.” Psychology Today, 2021, www.psychologytoday.com/us/basics/psychopathy. Accessed 11 May 2021.

Winkelmann, Carolyn Hasenfratz. “My Opinion of What Marketing is About”. Carolyn Hasenfratz Design. 2020. www.chasenfratz.com/wp/my-opinion-of-what-marketing-is-about/. Accessed 10 May 2021.
— “Corporate Social Responsibility and Irresponsibility”. Carolyn Hasenfratz Design. 2020. www.chasenfratz.com/wp/corporate-social-responsibility/. Accessed 11 May 2021.

From the #whydidntyouwarnme desk

This is my last week of Social Engineering class at Webster University. The textbook we have been using is “Social Engineering: The Science of Human Hacking” by Christopher Hadnagy. This book is full of powerful personal ancedotes that help me understand Social Engineering better. They also resonate deeply because so many of the anecdotes are relatable to experiences from my own life.

An example of a story that really made me think is on page 260. Hadnagy tells of talking with a friend whose family had been personally affected by a common scam. The friend was angry with him for not warning him sooner and exclaimed “If you knew these things existed, why didn’t you warn your friends?”

I have had friends get angry with me and stop speaking with me for warning them about social media and other media scams and trying to explain media literacy concepts when I saw that they were being trolled. Part of good Social Engineering is to help the people you are trying to warn become more receptive to what you are trying to teach them so they can take in the information to protect themselves against harmful Social Engineering. If someone is your friend and you care about them, you want them to know these concepts. If my attempts are too clumsy and I arouse their defenses instead of concern and I fail to warn because of that, I need to do better. That’s one of the things I’m learning in this class and others. The more I learn about media and technology as I work on a Advertising and Marketing Communications Master’s degree, the more I feel the need to warn.

I’m going to be writing a LOT this week to finish the course, and some of it is going to end up on this blog immediately and farther in the future. Hadnagy advises us not to “assume that the knowledge about these attacks is just common sense”. There are techniques in Hadnagy’s book, in our class, and in lots of other course material I’m learning that is also in classic books, around for many decades, such as “How to Win Friends and Influence People” by Dale Carnegie and “The Hidden Persuaders” by Vance Packard. I have owned those books a long time and have read them several times and I still have to work to master the material in them.

As I learned on a podcast this morning, the concept and term “Social Engineering” has been around since the late 1800s. With every new technological advance that comes along, there are new skills to learn to avoid exploitation through Social Engineering combined with other types of attacks. In order to help people find information on this blog that I think everyone should know as a life skill, I’m going to apply the hashtag #whydidntyouwarnme/ to relevant past and future blog posts.

I have also started listening to a couple of excellent podcasts that are free to listen to if you want more information about the types of media and security issues I’m trying to warn about. I think every Internet user who has something to lose, whether for personal or business reasons, needs to be informed as well as possible.

The Social-Engineer Podcast – hosted by Christopher Hadnagy himself with a variety of co-hosts as they interview leaders in the Social Engineering field.

Hacking the Humans – information about “social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world”.

What types of scams are you the most concerned about?

Homework, art journaling and stencils!

Art journaling is an activity that helps me a lot with self care, artistic expression and just general management of life. Lately I’ve been experimenting with combining some artistic expression with material I’m learning in Social Engineering class. There are a lot of acronyms and concepts to remember – things that lend themselves well to bullet journals, art journals and chart and graph type graphics.

These pairs of pages you will see are in progress. I made them to have something to do adult coloring and other paper craft based activities on when I want to relax and be creative for a bit. As I work I can study and memorize the “bullet points”. I’m going to erase some of these pencil lines as I go. For a couple of the more complicated layouts I made drawings on tracing paper and chipboard templates to help cut the paper pieces to the right sizes and shapes.

Some of the stencils I used are commercial products I sell in my online Etsy shop. If you would like to see the selection, it’s at this link: Stencils and Stenciling Supplies.

I hope these pages in progress will give you some ideas for organizing information in a creative and fun way!

Two-page spread for MAPP – Mitigation and Prevention Plan.
Here is a pair of pages I began to create my rendition of “Curtis’ Triad of Disruption”. I love geometric shapes, and trios. This will be fun to work on!
I finally finished “Triad of Disruption” on 12/30/22! I did a couple of things a bit different than I planned.
Social Engineering Pyramid two-page spread on tracing paper and then started in the art journal.
Finished coloring these two art journal pages.
Finally finished coloring these two art journal pages.

A fictional organization: “Artists for Media Literacy”

For our Social Engineering class, we were asked to propose to work on behalf of a real cause or a fictional one. Using ISIS as an example, how could we use similar social engineering tactics to win converts over to our cause? I decided to create a fictional organization called “Artists for Media Literacy”.

Media literacy is something I was taught in both grade school and high school, although I didn’t know then what it was called. Ever since I’ve been old enough and aware enough to realize what it was, I’ve thought it had the potential to heal many of the ills of our culture if more people acquired the skills. I felt strongly enough about it in 1998 that my first solo art show included a group project in which I encouraged people to send me postcards in the mail based on the theme “Turn Off Your Television”. Here are photos showing this project on the wall at my show, and a graphic for a postcard I sent out to help promote it.

On the left is a view of the gallery showing the TV project on the wall, and on the right is a postcard I made to promote the project.

So this is where my inspiration comes from for “Artists for Media Literacy”. Artists are trained communicators and often have a lot to say about the media and consumerism.

What techniques successfully employed by ISIS would be suitable for our group?

Category: Intimidation

Isis intimidates opponents via well-produced videos, mass executions and hashtag hijacking.

“Artists for Media Literacy” is a philanthropic organization, so there will obviously be no violence or threat of violence. We have no ambition to intimidate anyone to force them to participate – we believe in individual rights and freedom and want people to voluntarily choose to adopt the media literacy techniques we propose. We do want to raise the alarm about propaganda and abusive media – so we will try to influence people to fear the consequences of not using media in a healthy way. We can use well crafted videos to promote the positive benefits of media literacy as well as the dangers of being uninformed.

Hashtag hijacking would lend itself extremely well to our cause because there are trending media-related topics going on all the time that we could hitch an awareness piece too. For example, I can check Twitter right now to see what topics are trending at this url – twitter.com/explore/tabs/trending. #Antifa and #RIP Twitter are trending right now. Those would both be great hashtags to hijack for a media literacy campaign.

Category: Reassurance

Documentaries: we would not have to coerce participation from hostages to produce documentaries touting the benefits of media literacy. The challenge would be making them engaging and accessible.

Press releases: our work would be of interest to many news outlets if we target the right ones.

Instagram: this is a social media platform particularly friendly to artists, so we’d benefit from heavy use. Here is the Instagram account for the Back To Our Roots Art Show last year promoted by Webster University students – www.instagram.com/back.to.our.roots.art/. As a participant in the show, I can vouch for it’s usefulness in helping me keep track of deadlines, inspiring my vision for the work I was producing, and helping me promote the show to my social networks via attractive, branded and shareable content.

Category: Coordination

Civic forum boards: unlike ISIS, our boards would not need to be encrypted necessarily, but they should be secure to protect us from hackers.

Secure messaging: normal consumer level communications platforms should be adequate.

Battlefield drones: We won’t have battlefields in the sense that ISIS would, but if we ever have any outdoor events we could use drones to get interesting footage for videos. I’ve seen drones used that way at historic preservation events to attract interest by showing how well attended the event was and the extent of support for our cause, preserving the Gasconade River Bridge in Hazelgreen, Missouri. The organizers have succeeded in attracting large crowds in multiple years, including international Route 66 fans.

Works Cited

P.W. Singer, and Emerson Brooking, “How ISIS Is Taking War to Social Media”, Popular Science Magazine, 2015. Accessed through course module, 16 April 2021.

Opinion: For those in favor of saving the Republic, here are some ideas

In my Social Engineering class we have been studying Russian and other foreign cyber attacks on the USA, Germany, France, Great Britain, Ukraine, and elsewhere. One of our recent assignments was to read the following reports:

The IRA, Social Media and Political Polarization in the United States, 2012-2018

The Tactics & Tropes of the Internet Research Agency

Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election: Volume 2: Russia’s Use of Social Media, with Additional Views

After reading these reports, we were to consider the tactics in “On War” by Carl von Clausewitz and then answer the following question:

“So, what should the United States do about it? Think about the political, economic, and military weapons of war (Clausewitz) and share your thoughts about how to combat the Russian SE attacks.”

“I considered Clausewitz’s lessons of war (summarized by Pietersen) to see how they could help me create a strategy that makes sense.

Just the first step, Identify, I see as a huge challenge. I’m under the impression that most people who are angry about attempted Russian interference in recent elections are angry because their preferred candidate didn’t win, not because our Constitution and the Republic are under attack and hanging by a thread. A lot of people accept the premise that unethical and illegal acts are permissible if it helps your side. They may not be informed about the seriousness of the threat, or are informed and are rooting for the Constitution and the Republic to fall. This would be a good way for intelligence to precede operations. Do enough people even want the Republic saved to make it worth the effort to fight for it? The goal will have to be changed if there aren’t enough people on board. I’m going to write the rest of this assuming that there is enough support.

The decisive point: “Save the Constitution” would be my mission statement, at least internally. I’m not sure how to frame the campaign to get the support of enough of the public for success. It used to be considered self-evident in our culture that life, liberty and the pursuit of happiness were good things, but there are a lot of people who have been conditioned and trained to deny those rights to others that they think are beneath them and sometimes even to themselves – they don’t think they deserve it.

Concentrate: This includes physical resources as well as hearts and minds. I understand that the reports we read were based on a subset of all the existing information. The tech companies didn’t give everything they had to the Senate, and we don’t know if the Senate gave all of what they had to the analysts who wrote the reports. Nevertheless, the reports do contain enough information to have some idea of what might help on the technology side.

I would like consumers to have more choices of viable communications platforms so that they freely choose the ones they feel protect their rights and reflect their values the best. That probably means breaking up monopolies and holding corporations accountable for tortious business practices or unfair competition practices such as collusion or violations of the immunity clause in Section 230 of the Communications Decency Act. As others have pointed out in our discussion, communications companies sometimes have an incentive to allow content that harms their users but helps them financially. They’d be able to get away with this less if there were more choices.

I advocate re-instating the media based consumer protections that have been removed from our body of law such as the Fairness Doctrine, the personal attack rule and the political editorial rule, and I’d like to see them extended to online publishing and social media companies as well as broadcast and print. As I’ve stated before, I think it’s a human rights abuse to restrict information from people in order to control them. Can a “Right to Information” be added to our Constitution? I don’t know but that’s how important I think it is.

I would like to see all media companies compelled to run media literacy education content as a consumer protection measure.

I advocate media literacy training as a vital life skill in all levels of education.

Devote as least as many resources to the promotion of the Constitution and Democratic self-rule as the enemies do to undermining it.

US Consumers should have the choice to purchase physical products, software, and have access to technology platforms that are manufactured in the US and accountable to US consumers.

Resources that are vital to the security of the United States, such as medical supplies and media companies, should not be owned or controlled by foreigners.

Hold all levels of government to high standards of transparency and accountability to their constituents.

Remove: I would not want to see a repeat of excesses from the past such as McCarthy-style witch hunts or loyalty tests. I believe the most rational ideas will prevail if people are allowed to hear them and exercise their constitutional rights to assembly, free speech, freedom of the press and others. I also think internment camps for re-education or any other purpose should be off the table.

Ignore: I believe it’s important not to over-react to all the distractions that will be tried.”

I don’t consider my above suggestions as complete or comprehensive, but I think they’d be a good start. I welcome comments on this blog, pro and con, I think this is a discussion we need to have, openly and rationally, because, after all, this is war.

Works Cited

DiResta, Renee, Kris Shaffer, Becky Ruppel, David Sullivan, Robert Matney, Ryan Fox, Jonathan Albright, Ben Johnson. “The Tactics & Tropes of the Internet Research Agency”, New Knowledge, 2019, digitalcommons.unl.edu/senatedocs/2/. Accessed 11 April 2021.

Howard, Phillip N., Bharath Ganesh, Dimitria Liotsiou, John Kelly, Camille François. “The IRA, Social Media and Political Polarization in the United States, 2012-2018”, Computational Propaganda Research Project, University of Oxford, 2019, digitalcommons.unl.edu/senatedocs/1/. Accessed 11 April 2021.

Pietersen, Willie. “Von Clausewitz on War: Six Lessons for the Modern Strategist.” Columbia University, www8.gsb.columbia.edu/articles/ideas-work/von-clausewitz-war-six-lessons-modern-strategist. Accessed 12 April 2021.

Select Committee on Intelligence, United States Senate. “Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election: Volume 2: Russia’s Use of Social Media, with Additional Views”, 2019, digitalcommons.unl.edu/senatedocs/4/. Accessed 11 April 2021.

Excerpts from a Beatles Fanzine

(There was some kind of web hosting problem and this post got erased the day after I posted it so I’m recreating it here. Lesson, which I have learned to heed from past experience – always write your article in a text file on a hard drive first so you can quickly re-create it!)

There is a possibility that during my current Social Engineering class I might want to cite in a paper or project some of the old content that I produced for a Beatles fanzine in the late 1990s and early 2000s. I was a member of the St. Louis Beatles Fan Club and we published a fanzine called “What Goes On”. I’ve been meaning for a long time to re-publish some of these old articles on my blog, but to make them fully indexable I would need to find a way to access some of the floppy and zip discs I have to get typed-out copies of these articles. For now it’s a lot quicker to scan the pages I might want to use and put them in a PDF file. In order for the PDF to be somewhat searchable, I’m leaving the introductory text and index as text and not rasterizing it. I will also include a list of keywords for each excerpt so that researchers online can at least get a hint of where to access some of this information if they want it for study. I’m going to reproduce the searchable text in the PDF in the remainder of this blog post also. Believe it or not, there is scholarly interest in not only the Beatles, but also Beatles fandom, fandom in general, and ‘zine culture.

I kind of made up my own format, very loosely based on MLA, so I don’t claim that this document adheres to a standard way of cataloging this type of material. I might revise the format later. Enjoy!

Excerpts from “What Goes On”: A Beatles Fanzine
Originally published by the St. Louis Beatles Fan Club, 1999-2003
Copyright 1999-2003 the original authors

Excerpts included:

Winkelmann, Carolyn Hasenfratz. “‘Across the Internet’ #1”. What Goes On, Vol. VI, No 3, October 1999, pp. 11-13.
Keywords: fandom and VCRs, home video recordings, history of media formats, Across the Internet, internet use by fandom in 1999, early days of the World Wide Web.

— “Revolution #9: The Art of Play and the Joys of Noise.” What Goes On, vol. VII, no. 1, January 2000, pp. 6-9.
Keywords: sound collages, music concrete, experimental music, sound experiments, conceptual art, performance art, home taping, cassette tape culture, Beatles 1968 Christmas message, Beatles fandom in the 1980s, history of media formats, noise tapes, White Album, playing records backwards, backwards sound experiments, St. Louis Steamers, Checkerdome, Revolution 9, soundtrack for art gallery, low-fi sound experiments, homemade sound recordings, prank calls, Commodore 64 computer, found sounds.

— “Across the Internet” #2. What Goes On, vol. VII, no. 1, January 2000, pp. 12-13.
Keywords: history of media formats, Across the Internet, internet use by fandom in 2000, early days of the World Wide Web, RealPlayer, Windows Media Player.

— “Joe Davis Takes Us Back To ‘Meet The Beatles’.” What Goes On, vol. VII, no. 2, April 2000, pp. 1, 9. Aricle by Rich Reese, Carolyn’s contribution is the collages of Valentine cards on page 9.
Keywords: Joe Davis, listening party, “Meet the Beatles…Again!” radio show, 97.7 KSD FM, Nick Baycott, Les Aaron, Bears Who Care, St. Louis Veteran’s Hospital, Brentwood Community Center, “The Beatles are more popular than Jesus” controversy, 101 the Fox, FM radio in St. Louis, Missouri.

— “Happiness is a Warm…Picnic.” What Goes On, vol. VII, no. 4, October 2000, pp. 4. Photos by Carolyn.
Keywords: PepperLand, Creve Couer Lake park, Beatle Bob, Rich Reese.

— “I Wanna Be Santa Claus.” What Goes On, vol. VII, no. 4, October 2000, pp. 5, 11.
Keywords: John Lennon tribute, Peace Tree, Christmas, Holiday party, Christmas ornaments, conceptual art, group art project, John Lennon, Yoko Ono, Bagism, performance art, peace activism, peace movement.

— “Pop! Goes The Beatles: the beatles and pop art.” What Goes On, vol. IX, no. 3, September 2001, pp. 13.
Keywords: Pop Art, St. Louis Art Museum, Pop Impressions Europe, art show review, Richard Hamilton, mass media criticism, consumer culture criticism, printmaking, Peter Blake, swinging London, Eduardo Paolozzi, album cover design, Dieter Roth, illustration, fan art, interpretation of song lyrics.

— “‘Across The Internet’ #3” What Goes On, vol. IX, no. 3, September 2001, pp. 13.
Keywords: Liverpool Sound Collage, Peter Blake, history of media formats, Across the Internet, internet use by fandom in 2001, early days of the World Wide Web.

Here are the Beatles Pop Art ornaments I made for a 9/11 benefit recovery raffle. I actually won back the Paul ornament and I still have it. Later I used the templates and prototypes to make a rubber stamping project that was published in RubberStampMadness magazine. Here is a link to an ornament that is similar to the ones in the article: Surreal Mixed Media Shadow Box Ornament

— “Fans and Friends Remember George.” What Goes On, Special Commemorative George Harrison Issue, February 2002, pp. 5. Carolyn’s contribution is the George Harrison themed Pop Art ornament.
Keywords: Pop Art, handmade ornament, Christmas ornament, fan tributes to George Harrison, Dave Grohl, Louise Harrison, Jools Holland, Eric Idle, Anthony Kiedis, Mark Klose, Jeff Lynne, Gerry Marsden, George Martin, fan art, celebrity tributes to George Harrison, Louise Harrison Caldwell.

— “McCartney Drives Into Chicago With Full Tank: The Sights.” What Goes On, vol. IX, no. 1, June 2002, pp. 1, 6.
Keywords: Paul McCartney concert review, Chicago, United Center, Driving USA Tour, concert lighting, concert video screens, special effects, performance art, live actors, Surrealist performance, Dadaist performance, rock concert production, arena rock, mulimedia, conceptual art, Pop art, Psychedelic art, art history.

— “‘Across The Internet’ #4.” What Goes On, vol. IX, no. 2, October 2002, pp. 5.
Keywords: history of media formats, Across the Internet, internet use by fandom in 2002, early days of the World Wide Web, Linda McCartney photography exhibit, Sheldon Art Galleries, Nine/One One + One art show, Art St. Louis, 9/11 art show.

Note: For the 9/11 art show referenced just above, I made two collages to submit for judging. There are some differences between them that I deliberately put in to test a theory about which one had a chance of getting in the show and which did not. My prediction was accurate, and is interesting to think about in light of the social engineering I’m currently studying. Here are the links to the two collages, if you want to guess which one got in and what didn’t.

“State of the Union #1”

“State of the Union #2”

This is another 9/11 themed project I made, and artist book that was in a show that was not juried. I made this about a month after the event.

“Liberty – A Successful Experiment”

— “New Paul Live CD = Permanent Grin.” What Goes On, vol. IX, no. 3, 2003, pp. 4.
Keywords: CD review, record review, Paul McCartney Back in the U.S., concert recording, concert CD, live album, live CD, rock concert.

— “Scrapbook Scraps.” What Goes On, vol. IX, no. 3, 2003, pp. 13.
Keywords: scrapbooking, digital scrapbooking, Seattle, Seattle Kingdome, record breaking rock concernts, legendary concert venues, rock concert history, Hollywood, Capitol Records building, Hollywood and Vine, Yellow Submarine, John Lennon, Hollywood Walk of Fame, gold records, travel photos, Beatles impact on culture.

Download the PDF file here:

Excerpts from “What Goes On”: A Beatles Fanzine

Facebook Ads and the 2016 U.S. Election

I just turned this in as an assignment for my Social Engineering class. It has not been graded yet. Enjoy!

For the last several years, it has been alleged and believed by some that President Trump would not have been elected in 2016 if the Russians had not bought ads on Facebook on behalf of fake clients. Understandably these allegations caused a lot of Facebook users to reconsider whether or not they should continue to support Facebook. In order to safely use Facebook or any social media platform, it is important to develop skills to help determine the credibility and reputation of any individual or organization.

As a Facebook user of many years duration, to help me decide the truth of the 2016 election influence claims, I sought answers to the following questions.

Are there examples of who made the allegations?

Here are a couple. Donald Trump’s opponent Hilary Clinton, named Facebook as one of the causes of her loss and declared that CEO Mark Zuckerberg should “pay a price” (Cadwalladr). It’s interesting that Mark Elias, counsel for Hilary Clinton’s campaign, helped Facebook to avoid putting disclaimers on ads back in 2011 (O’Sullivan).

In October 2020, Senator Mark Warner (D., Va.) wrote to Jack Dorsey, the CEO of Twitter, to urge Twitter to allow political ads after Twitter had banned them (Warner), even though in 2018 he had criticized Facebook for selling ads to what he identified only as “Russians” (Crookston). He also criticized YouTube for allowing radicalizing content by “Chinese, Iranian and others”. In Warner’s 2020 letter, he decries “Russians” use of ads even as he tries to persuade Twitter to accept ads. Referring to 2016, the 2020 letter states: “Russia took advantage of our openness and communications technologies, including exploiting American-bred social media platforms to spread disinformation, divide the public, and undermine our democracy.”

Has anyone attempted to refute the allegations against Facebook?

Here is the opinion of Facebook executive Andrew Bosworth. “So was Facebook responsible for Donald Trump getting elected? I think the answer is yes, but not for the reasons anyone thinks. He didn’t get elected because of Russia or misinformation or Cambridge Analytica. He got elected because he ran the single best digital ad campaign I’ve ever seen from any advertiser. Period.” (“Lord of the Rings…”). This opinion by Bosworth and subsequent opinions I attribute to him are taken from text purported to be from an internal memo that was published on the New York Times web site. I accessed what claims to be this memo on the web site TechyLawyer because the NYT article is behind a paywall and the Webster University online library doesn’t have the article. Since I’ve seen quotes from this memo on other web sites that match the TechyLawyer site, unless I come across information that the content been misrepresented, I’m accepting for now that this is what the memo actually did say.

It was reported by the Washington Free Beacon in the context of the 2018 midterm elections, that Senator Mark Warner was of the opinion that while Facebook is a concern, YouTube and Google hosted far more misinformation than Facebook and were less transparent and less cooperative than Facebook was in trying to fight the trend (Crookston). There was a video accompanying this article, formerly hosted by YouTube, which has since been taken down, I don’t know by whom. The senator’s remarks were quoted on many other web sites that I looked at so barring information to the contrary I find the reporting credible. 

Did Russians in fact buy ads?

Bosworth weighs in. “Russian Interference was real but it was mostly not done through advertising. Instead, the Russians worked to exploit existing divisions in the American public for example by hosting Black Lives Matter and Blue Lives Matter protest events in the same city on the same day” (“Lord of the Rings…”). 

What is meant by “Russians”? Do they mean the Russian government, Russian citizens, Russian-Americans, who exactly?

NPR reported that 3,000 Facebook ads were purchased on behalf of a Russian agency (Folkenflik). NPR did not say what kind of agency. An ad agency? A spy agency? That was not made clear. CNN referred to the ad buyers in question as a “Russian troll farm” (O’Sullivan). I kept clicking links to see what the actual identity of the “Russian troll farm”/”agency” is and ultimately came up against the New York Times paywall.

The Baltimore Sun alleges that the ads were placed by a Kremlin-influenced agency but the article includes no citation or source for Kremlin involvement (Fritze). The Politico article names the agency in question as “Internet Research Agency” and says it is Kremlin-linked but attributes no source for this information other than unnamed members of the House Intelligence Panel and provides no quotes or links to help verify (Politico Staff). The Washington Post refers to them as “Russian Operatives” without clarifying what that means (Keating, et al).

What are some examples of the fake Facebook clients?

According to NPR, the Russian ads were turned over to Congress by Facebook (Folkenflik). Names of the alleged fake organizations that I was able to find include “Black Matters”, “Native Americans United”, “LGBT United”, “Being Patriotic”, “Army of Jesus”, “United Muslims of America”, “Secured Borders”, “BM (does this stand for Black Matters, Bowel Movement, or something else?)”, “Born Liberal”, “_american.made”, “Heart of Texas” and “american.veterans”.

What was the content of the fake ads?

I think it’s interesting that Bosworth claimed in his memo that this Russian agency bought ads pitting Black Lives Matter against Blue Lives matter, but NPR reported that Russia was trying to inflame divisions between Muslims and Black Lives Matter (Folkenflik). Is it the position of NPR that Blue Lives Matter and Muslims are allies? That is unclear. It was also disclosed in the article that there is a financial relationship between NPR and Facebook. 

In order to see which candidate the ads seem to favor, and to see whether the Russians desired Blue Lives Matter vs Black Lives Matter, or Muslims vs Black Lives Matter, I tried to find out what the ad content was. Despite hearing about the Russians and their ads for years, I could not recall seeing any images of the alleged ads so I did an image search and found alleged samples published by The Baltimore Sun, Politico and the Washington Post.

Here is a survey of the messages in the ads I could find:
    Pro Black Lives Matter
    Pro Native American rights
    Pro Bernie Sanders
    Anti Hillary Clinton
    Anti Islamaphobia
    Pro secure borders
    Pro Blue Lives Matter
    Anti Black Lives Matter
    Anti Donald Trump
    Pro 2nd Amendment
    Pro Texas secession
    Pro military veterans

How much was spent on fake ads?

Facebook vice president Andrew Bosworth stated that “$100,000 in ads on Facebook can be a powerful tool but it can’t buy you an American election, especially when the candidates themselves are putting up several orders of magnitude more money on the same platform (not to mention other platforms) (“Lord of the Rings…”). I’ve heard the $100,000 figure quoted on many other web sites so for now I find the amount credible.

How does the amount of money spent by the Russian fake clients compare to real clients?

As of December 31, 2016, Hilary Clinton had raised 1.4 Billion and spent 98% of it, and Donald Trump had raised 957.6 million and had spent 99% of it (“Election 2016…”).

With the above questions answered to the best of my ability, how credible do I find the claims that Russian ads by fake clients determined the results of the 2016 election?

I find myself agreeing with Bosworth that $100,000 isn’t going to buy an election when the opponent has spent nearly 1.4 billion. There would be no need to spend nearly 1.4 billion if that was the case, they would have just spent $100,000. That sounds like a better deal to me!

If you only have $100,000 to spend on ads to try to win the U.S. Presidency, I think it’s reasonable to assume your message has to be better targeted than these examples in order to be effective.

I do find accusations credible that an ad agency in Russia created fake organizations for the purpose of running fake ads to run marketing tests, and I agree that the ads are examples of trolling. Trolling has been used in ads and ad tests before. I’ve done it. I wrote about my experiment and the Elizabeth Warren campaign running such a test on Facebook in an assignment for Media and Culture class in 2019 (Winkelmann). 

The subject matter of the Russian ads is bizarre and inconsistent. Their overall effect seems more like it would be confusion rather than favoring any one party or issue. Actually, if I hadn’t researched these ads and just looked at them with no background, I would probably have assumed they were part of a Dadaist or Fluxus influenced performance art project. If these are indeed the same ads everyone has been talking about, I don’t think the controversy they generated is justified.


Works Cited

Cadwalladr, Carole. “Hillary Clinton: Zuckerberg should pay price for damage to democracy.”  Guardian News & Media Limited, 2019, www.theguardian.com/technology/2019/nov/04/hillary-clinton-mark-zuckerberg-pay-price-damage-democracy. Accessed 25 March 2021.

Crookston, Paul. “Warner Blasts Google for Allowing More Radicalization and Manipulation Than Facebook.” The Washington Free Beacon, 2018, freebeacon.com/politics/warner-blasts-google-for-allowing-more-radicalization-and-manipulation-than-facebook/. Accessed 25 March 2021.

“Election 2016: Money Raised as of Dec. 31.” The Washington Post, 2016, www.washingtonpost.com/graphics/politics/2016-election/campaign-finance/. Accessed 25 Month 2021.

Folkenflik, David. “Facebook Scrutinized Over Its Role In 2016’s Presidential Election.” npr, 2017, www.npr.org/2017/09/26/553661942/facebook-scrutinized-over-its-role-in-2016s-presidential-election. Accessed 25 March 2021.

Fritze, John. “Russian ads placed in Maryland might have been precursor to broader campaign.” Baltimore Sun, 2017, www.baltimoresun.com/politics/bs-md-russian-facebok-ad-20171101-story.html#nt=standard-embed. Accessed 25 March 2021.

Keating, Dan, Kevin Schaul and Leslie Shapiro. “The Facebook ads Russians targeted at different groups.” The Washington Post, 2017, www.washingtonpost.com/graphics/2017/business/russian-ads-facebook-targeting/. Accessed 25 March 2021.

“Lord of the Rings, 2020 and Stuffed Oreos: Read the Andrew Bosworth Memo.” TechyLawyer, 2020, techylawyer.com/blog/lord-of-the-rings-2020-and-stuffed-oreos-read-the-andrew-bosworth-memo/. Accessed 25 March 2021.

O’Sullivan, Donie. “Facebook sought exception from political ad disclaimer rules in 2011.”  Cable News Network, 2017, money.cnn.com/2017/09/27/technology/business/facebook-political-ad-rules/index.html. Accessed 25 March 2021.

Politico Staff. “The social media ads Russia wanted Americans to see.” Politico, LLC, 2017, www.politico.com/story/2017/11/01/social-media-ads-russia-wanted-americans-to-see-244423. Accessed 25 March 2021.

Warner, Mark R. Letter to Jack Dorsey. United States Senate, 2020, www.warner.senate.gov/public/_cache/files/3/a/3afc73bd-d03f-43be-801d-85417c6c55e6/0589911AC5097909F38E0FA5B772FEB2.10.6.20-twitter-honest-ads-act-letter.docx.pdf. Accessed 25 March 2021.

Winkelmann, Carolyn Hasenfratz. “Media Literacy and Interpreting Political Messages”. Carolyn Hasenfratz Design. 2019. www.chasenfratz.com/wp/political-ads-about-political-ads-and-trolling/. Accessed 25 March 2021.

Added 03/26/21:

Here is a link to my Pinterest Board Media Analysis:

https://www.pinterest.com/chasenfratz/media-analysis/

I have this Pinterest board to help me keep track of sources. I started it when I started this degree. I’m in favor of transparency so I want people who read my articles and papers to see what sources I collected, and what I used and didn’t use. That tells you something about a piece, what was selected for use out of what was available. And if you are interested I hope you read the sources too!

Update 04/08/21:

In my social engineering class, I’m studying Russian social media advertising more and might write about the topic more on this blog. This week we have been assigned to read these three papers among other material:

The IRA, Social Media and Political Polarization in the United States, 2012-2018

The Tactics & Tropes of the Internet Research Agency

Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election: Volume 2: Russia’s Use of Social Media, with Additional Views

As I read and work on my assignments, I may or may not find that some of what I wrote above is incomplete. This is a complex topic and if I run across anything I think I need to add or change, I’ll do that and make a note of it. In the meantime, I recommend that everyone read the same three papers I’m reading so you have more background on the issues. Media reporting on this topic is very poor and very confusing and seems mostly designed to obfuscate what happened instead of attempting to help people understand. Your understanding is likely to improve after reading and like me you might have a lot more questions as well. Enjoy!

Romance Scams

Here is a version of an assignment I did for my Social Engineering class at Webster University, CSSS 5280 that I modified for the blog. The version I submitted has not been graded yet.

A couple of years ago a co-worker excitedly told me about an interesting man she met on Facebook. As she continued to add details to her story, I recognized what she was dealing with – a common romance scam that I’ve seen many times. I felt sad having to explain to her that she was being groomed for some kind of exploitation, because she seemed so excited.

I’ve been a Facebook user for a long time, since 2008. I use my personal Facebook page for marketing as well as networking. It’s the nature of a lot of work that I do that it has been useful to allow people get to know aspects of the public-facing me – I’m not the most skilled at networking in person. I have most content on my Facebook account set to the security setting “Public” and I sometimes accept friend requests from people I don’t know unless they seem threatening. 

I don’t remember exactly when I started noticing this, but every once in awhile I’d get a Facebook friend request from a man who claimed to be either in the military or working overseas in a civilian field like engineering, or the oil industry, or something like that. The first few times I went ahead and accepted these types of friend requests, because I’m generally disposed to be friendly and supportive to people unless I have reason not to be. I soon started noticing some patterns. The men in the profiles were generally above average in attractiveness, but looked like real people, not models. They were often photographed in an “action” pose or setting. Often their first and last names were two of what we would usually consider first names, put together. They sounded like what a foreigner’s idea of a generic American name would sound like rather than genuine selection of random American names. They usually claimed to be originally from the US or Europe but currently doing some kind of work in the Middle East. Their Facebook profiles were generally not very well populated with friends or content, so seemed like they had a short-lived social media presence. I could tell they hadn’t looked at my profile to learn basic facts about me, but claimed to have a burning desire to be my “boyfriend”. At first I gently turned away “romantic” conversation by saying I don’t do long distance relationships and I don’t “sext”. True statements, but irrelevant when I noticed the patterns of personal disinterest in me and constant boundary pushing. I decided they were all scammers seeking money, passwords, green cards, nude photos or all of the above and stopped accepting those requests. You would think that the word would get out about these scams enough for people to avoid them but from 2015 to 2019 the amount of money lost in online romance scams rose six times, from $33 million to $201 million (“What You Need…”).

I was able to recognize that type of scam earlier than some unfortunate other victims, but that doesn’t mean I’ve never been played. I’ve known for decades to avoid online dating and long-distance “relationships”. Before I was married I only dated men that I met in real-life situations. I was looking for suitors to court me for marriage, not hookups. I knew I would need to meet their friends, family and work colleagues and observe how they dealt with a variety of life situations over a period of time to learn their character and intentions. As a result, I was not in much demand for dates and for my age I was not very experienced. Men mostly preferred easier targets. What I didn’t realize until I experienced it is that there are people who have trained themselves to groom people like me for the purpose of perpetrating a long con. I believe I was being set up by a former “boyfriend” to be financially exploited, but was able to get out before I actually handed over any money. I had some medical bills to pay from therapy that I needed to be functional again after the emotional abuse that was gradually applied to me without me noticing for awhile, and that was pretty humiliating.

Pick Up Artists, or PUAs, are people who feign romantic interest in order to get a quick sexual conquest (Kale). Pick Up Artist techniques have been around a long time, but the Internet and the popularity of books on the topic changed the culture of dating a lot, so that by the end of the first decade of the 2000s, there was a noticeable difference in dating culture (Kale). PUA techniques are emotionally abusive and are designed to break down the resistance and push the boundaries of the target for the gratification of the abuser (Kale).

Right after reading what our first assignment for this class was, I got a typical romance scam Facebook request so I accepted it for the purpose of getting a few screen shots to show an example in action.

An example of trolling on Facebook to instigate a Romance Scam.
An example of trolling on Facebook to try to instigate a Romance Scam.

This example is a little unusual because this scammer is not claiming to have an “American” sounding name, but otherwise it’s pretty representative. I kept the initial conversation going for a few minutes with some generic responses on my part so I could get screen shots to show how these grooming sessions usually start. If it seems predictable like it’s a formula, that’s because it is! Romance scammers and PUAs use actual playbooks and rehearse lines in increase their proficiency (Panikian). Some even pay money to attend classes and workshops (Panikian, Dixon).

Cialdini’s Six Principles of Influence are time-tested manipulation techniques (Changingminds.org) that we are studying in Social Engineering class. I’m going to compare Cialdini’s Six Principles of Influence with some Pick Up Artist tactics to find out how and why some of the PUA techniques work.

“Reciprocity: Obligation to repay.” Giving you a lot of compliments in the beginning is called “love bombing”. They can be generous in the beginning but stingy later (Bancroft 68).

“Consistency and Commitment: Need for personal alignment.” Victimizers use your integrity and need to make your actions match your beliefs as a weapon against you. PUAs take advantage of the tendency of women to have been socialized to be polite to men (Kale).

“Social Proof: The power of what others do.” PUAs play up their attractiveness to others by talking about exes, flirting with other people in front of you, etc. to make themselves seem in demand (Dixon).

“Liking: The obligations of friendship.” People are flattered when a very attractive person, who could be a fake persona, seems to like them (Paul). PUAs like to make you feel special by paying a lot of attention to you, but it could be love-bombing or distracting you from noticing what they are really like (Dixon).

“Authority: We obey those in charge.”
PUAs are instructed to exude a lot of confidence (Panikian, Dixon) and think and act as if they are the actual prize (Kale).

“Scarcity: We want what may not be available.”
One PUA technique is to pretend that they are getting ready to leave a social situation so you feel pressured to talk to them because they might be gone soon. Also to give you the impression that the PUA is leaving soon and you don’t think you’ll be stuck with them long so there isn’t much downside to allowing a little conversation (Dixon).

Please protect yourself out there, on or offline!

Works Cited

AlphaWolf & Co. “Pick Up Artist (PUA).” PUA Lingo, 2008-2021, www.pualingo.com/. Accessed 25 February 2021.
— “Neg Hit/Negging (Negs).” PUA Lingo, 2008-2021, www.pualingo.com/. Accessed 25 February 2021.

Bancroft, Lundy. Why Does He Do That? Inside The Minds of Angry and Controlling Men. Berkeley Books. 2002.

ChangingMinds.org. “Cialdini’s Six Principles of Influence”. Changing Works, 2002-2021, changingminds.org/. Accessed 16 March 2021.

Fellizar, Kristine. “7 Pickup Artist Techniques To Look Out For.” Bustle, 2019, https://www.bustle.com/p/7-pickup-artist-techniques-to-look-out-for-15897579. Accessed 18 March 2021.

Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.

Kale, Sirin. “50 years of pickup artists: why is the toxic skill still so in demand?” Guardian News & Media Limited, 2019, www.theguardian.com/lifeandstyle/2019/nov/05/pickup-artists-teaching-men-approach-women-industry-street-harassment. Accessed 18 March 2021.

Dixon, Christine-Marie Liwag. “How To Tell If You’re Being Hit On By A Pickup Artist” The List, 2020, www.thelist.com/183636/how-to-tell-if-youre-being-hit-on-by-a-pickup-artist/. Accessed 16 March 2021.

Panikian, Alice. “Stay Away From Becoming His Prey: 10 Signs You’re A Pick-Up Artist’s Prey.” elite daily, 2014, www.elitedaily.com/women/signs-youre-talking-to-pick-artist/854610. Accessed 16 March 2021.

Paul, Kari. “‘I was humiliated’ — online dating scammers hold nude photos for ransom in ‘sextortion’.” MarketWatch, Inc, 2019, www.marketwatch.com/story/i-was-humiliated-online-dating-scammers-hold-nude-photos-for-ransom-in-sextortion-attacks-2019-03-06. Accessed 16 March 2021.

“What You Need to Know About Romance Scams.” Federal Trade Commission, 2021, www.consumer.ftc.gov/articles/what-you-need-know-about-romance-scams. Accessed 16 March 2021.