Reverse Social Engineering

Reverse engineering is slightly more complicated than the previous examples, but it is effective nonetheless. Reverse social engineering (RSE) is composed of three steps:

In reverse engineering, the roles are reversed. Here, instead of calling in for help as in the previous examples, the attacker gets the users to call him for help. You begin by sabotaging a network, perhaps with a denial-of-service (DoS) attack. Then you advertise to the company your services as a network security engineer who specializes in securing against DoS attacks. After the company employs your services, you begin to offer support and fix the problem, all the while installing backdoor applications that allow you to gain access into the network at a later date.

The best way to be successful at RSE is not to attempt an attack first, but wait until a new virus is propagating across the Internet. Advertise your services as specializing in virus protection and, when you are in the building acting like you are fixing the company problem, create a way for you to enter into the network from the Internet through opening up the firewall or installing a backdoor application.

As a penetration tester, this becomes especially difficult because after the first test, the IT staff comes to recognize you. You should obtain written permission from management to attempt this the next time a new virus is traversing the Internet.

Regardless of how reverse social engineering is accomplished, the key is that the company calls you. A person has far more trust when he is making the contact and not you.