Here at HX, we’re beginning some exciting work on the effects of the SCARF model, amongst other psychological theories, and how the theory can be assigned to ethical (and not-so-ethical) hacking. Our work with Stefan Leipold delves into the ways psychological principles such as these may be used to gain access to confidential information.
The SCARF model, created by David Rock, is the description of the way we see ‘threats’ and ‘rewards’ in a social situation. We categorise any potential threats or rewards to our social standing and determine whether a situation will help or hinder us within these categories.
There’s STATUS- whether we feel it may help us in our popularity.
There’s CERTAINTY- how well will your predictions hold true?
There’s AUTONOMY- will we be able to feel freedom in this situation?
There’s RELATION- How well will this situation allow us to relate to others around me?
And finally, there’s FAIRNESS- will the rewards from this situation be fair in comparison with my contribution?
At HX, we hypothesised that these principles, if understood well, could be a leading technique in social engineering and in-person hacking.
Understanding these ideas, and designing situations in which an individual feels their SCARF considerations will be appropriately fulfilled, it may be possible to extract information from a target through seemingly innocent conversation.
It can be easily demonstrated that, through innocuous conversation and idle chat, you could be giving away vital or important information without noticing; information such as email addresses, security questions and personal-info may be offered up without you realising what’s happening. Should a psychology- savvy individual carefully craft a conversation using the SCARF model, for example, to make you feel as though all your social reward are being met, it can make it far easier for somebody to gather this information.
Our work focuses on discovering ways to guard against these types of information-fishing attempts and social engineering attacks, and we aim to determine exactly how you can keep from letting-slip that one piece of vital info before you’ve even realised what’s happening.
Stay updated with out work to see the benefits of learning about these possible methods that social engineers and unethical hackers, and definitely check out Stefan Leipold’s work on cyber security for any-and-all tips on keeping your data safe, both online and in-person.