What are elicitation techniques for the intelligence professional?
Elicitation is a set of techniques and methods used by intelligence and cyber intelligence professionals to covertly gather information. Essentially, an intelligence professional engages in a conversation with the target and uses elicitation methods to gather the information they need without the target realizing that they are being exploited for information. When it comes to social engineering, cybercriminals often use elicitation to gather the information that can later be used in a large-scale social engineering campaign.
Flattery – #1 elicitation technique
Even though it may seem like using flattery to elicit information from somebody will be too obvious of a move, it’s actually a great technique that can provide lots of information to the social engineering attacker when used skillfully. In the West, bragging is considered to be very bad form, so when a person is complimented on their achievements at work or their status, he or she will often be compelled to do one of two things: either elaborate on their achievements and involvement in important projects, often revealing important information in the process, or try to downplay the compliment, which can also be used to find out the necessary information.
Providing false statements – a powerful social engineering elicitation technique
Using false statements can get a social engineering attacker incredibly far if the target isn’t on high alert! One simple trick criminals use is grossly overstating the facts in hopes that the target will correct them, revealing important information in the process. For instance, a criminal might say that they’ve heard that a bank branch has 10 armed officers on-site at all times in addition to 42 security cameras, while in reality, the security is much less rigorous. The target might then correct the perpetrator, stating that there are only two security guards and 6 cameras, which is exactly the information the perpetrator is looking for.
Artificial ignorance – another effective elicitation technique in intelligence
As you’ve seen from the examples above, social engineering perpetrators try to exploit universal human traits and flaws to gather information from targets and the use of artificial ignorance is another great example of this. Many people have a natural need and desire to educate others, this works especially well when one person has a deep knowledge of a subject, while the other person knows virtually nothing about it. Social engineering experts often pretend like they know nothing about a topic and ask the target to explain to them how something works. This elicitation tactic works especially well when combined with flattery.