overwraith Posted July 26, 2018 Share Posted July 26, 2018 A while back I discovered that elicitation could be used in order to protect the company from intrusions from unscrupulous employees. I do believe that one of Mitnick's books or someone else's describes how a savvy net admin discovered a chat box on his computer and used elicitation to make the hacker believe he was one too. On doing this the hacker revealed how he had broken into the company using some sort of VPN vulnerability. One method in a pharmaceutical company is to have a Vikodin trap. Essentially people are informed as to the whereabouts of unsecured vikodin, for example using an encrypted document that has a few developers, and therefore only a few possible recipients, loose talk around the office, and or water-cooler talk, or any other means of targeting specific people. The manner in which you reveal the information is the manner in which the employees will find out. Obviously the trap is monitored by unobtrusive security, like a camera etc. Anybody caught stealing the cardboard box of vitamins is summarily let go from the company due to the fact that it is cheaper to let them go than to navigate tort law. Vikodin could be replaced with anything of value at your workplace, but you should in fact be leaving out fakes or just cardboard packages rather than the expensive items. This would not be considered entrapment if sufficiently bland, for instance you do not actually dominate the person in order to make them fall into the trap, or otherwise trick them. It has to be their own decision as opposed to trickery. You want to demonstrate a clear and willful act that can't be refuted. Quote Link to comment Share on other sites More sharing options...
overwraith Posted July 26, 2018 Author Share Posted July 26, 2018 Another aspect of this could be if somebody was not supposed to be looking in your desk drawer as per company policy, and you happened to acquire a fake grenade (Training Grenade Blue, no explosives already spent fuse). You stick the fake trainer in the desk drawer, and some point later in the day the bomb squad gets called and you know exactly who is snooping. Probably give the bomb squad and police a courtesy call first along with your address etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.