Security Basics mailing list archives

RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse?

From: "Carlos Thompson" <thompson () digiware com co>
Date: Thu, 3 Jul 2008 11:08:22 -0500

Most of the details I can tell are from mass media and declarations by
government and military officers, and be the freed, so I might be wrong and
partial in many details.

The social engineering part of the operation begun something like a year
ago, by infiltrating both the keepers and the Central[1] Command of the
FARC.  For the infiltration they might have used both outsiders that gain
trust, and prospective desertors from the FARC that already were in such
trust possitions.

Infiltration might have other purposes than just this operation.  The
killing of "Raúl Reyes", the killing of "Iván Ríos" and the confirmation of
the death of "Manuel Marulanda" were possible by such infiltration.

Infiltration at that level might not have been possible without some
technological intel.  Internal communications in the FARC are mostly broken,
and the main reason is that radio communications are rutinely intercepted
and localized, and followed by bombings, so the FARC is keeping their
communications to a minimum.

[1] Some have proposed that it would be incorrect to use a term such as
Central Command to the power structure of the FARC now-a-days.  Their
command structure would be pretty much broken by now.

Now, with broken communications, the infiltrated personell should gain trust
into the FARC command, and then prepare the trojan horse.

A supposed NGO would transport the kidnaped from their current location in
Guaviare province to some other location where one of the Chiefs, probably
"Alfonso Cano", were.  First, the FARC should know that the Government has a
far superior control of air space than any kind of control an NGO or the
FARC could use.  The operation was not supposed to be a liberation
operation, or a humanitary medical aid operation, covered by diplomatic
channels from a neighboring government, or the Red Cross, or some other kind
of legitimacy.  So the FARC leaders should have been convinced that 1) an
NGO would be willing to transport the kidnapped from one captivity to
another rather than trying to free them. 2) The operation would be safe
enough.

Probably, and this is just speculation from my part, the FARC is living in
self-delussion, that they have enough support from foreign organizations and
that they still can win the war, otherwise is hard to me to explain they
would trust their most valuable assess to such a risky operation.  The other
possibility is that infiltration has directly reached the captor's leader
"César", or his luitenant "Gafas" (who were suposedly captured inside the
helicopters).

Anyhow, this was indeed a social engineering attack.  Details are still to
be known.


-- Carlos Eugenio Thompson Pinzón
   Investigador
   thompson () digiware com co

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Jon Kibler
Sent: Thursday, July 03, 2008 7:57 AM
To: security-basics () securityfocus com
Subject: The Greatest Military Social Engineering Attack Since The Trojan's
Horse?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

By now I am sure you are all aware of the Columbian military's freeing of
the FARC hostages. What I find most interesting is that this appears to be a
purely social engineering attack.

The English language media have not provided that much detail thus far about
the social engineering aspects of the operation. If anyone has more
information regarding how the rescue was social engineered, please post it
to this thread.

Just based on what I have seen thus far, this may turn out to be one of the
greatest social engineering attacks in military history.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhszJIACgkQUVxQRc85QlOU8gCfY0mZpxg+Bv2VG3+Vu3Ip7eec
zEAAn3/QlrgzrhkSMlXC8e1fIccOE8C4
=QZ9T
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Current thread:

The Greatest Military Social Engineering Attack Since The Trojan's Horse? Jon Kibler (Jul 03)
- RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Carlos Thompson (Jul 03)
- RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Daniel I. Didier (Jul 03)
  - RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Daniel I. Didier (Jul 03)
  - RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Rivest, Philippe (Jul 03)
  - RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Jairo Pantoja Moncayo (Jul 11)
- RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Harrison, Jonathan (Jul 03)
  - RE: The Greatest Military Social Engineering Attack Since The Trojan's Horse? Ken Kousky (Jul 03)