Commentary by Mark Wahl
Organizing principles for identity systems:
Mail order selective disclosure of organizational role (2005/11/30)
One reason social engineering attacks continue to occur is the ease by which victims can misinterpret the attacker's role/intentions, which can lead to fraud based on the victim's trust of that role.
When meeting someone in person, the determination of whether that person fills a particular role is often based on that person's appearance, particularly on their clothing, should the role require or be associated with particular clothing. Historically, some societies have enacted sumptuary laws which had, among their other goals, the intention of reducing the risk of someone appearing 'above their station'.
There are many contemporary examples of the importance of clothing indicating organizational affiliation in a social engineering attack, including:
- Frank Abagnale Jr, subject of the movie Catch Me If You Can, improved the effectiveness of his check fraud scam by wearing an airline pilot's uniform, pilots being regarded as "generally credible and respected professionals" and so be less likely to be cashing bad checks.
- US Dept. of Homeland Security warning of Potential Terrorist Use of Official IDs and uniforms although reports that terrorists were buying up surplus delivery company uniforms was a rumor.
- the stereotypical social engineering hacker infiltrates an office in the
costume of a telephone company field technician, dressed in work boots
and carrying a tone and probe kit and/or handset:
On the other hand, some individuals may need to conceal their organizational affiliation.
During this holiday shopping season, one of the mail-order clothing catalogs I received was a distributor of clothing for first responders. Along with the typical boots and windbreakers, this catalog included a line of specially-designed plainclothes (undercover) clothing.
Examples of the 5.11 Tactical Undercover Jackets include the Undercover Casual Jacket, the Undercover Jean Jacket and the Undercover VIP Blazer:
Another retailer describes this line as
Jackets that actually look REAL, not like an 'undercover' jacket!
In science fiction author Philip K. Dick's novel A Scanner Darkly, the character Fred, an undercover narcotics agent, would wear a "scramble suit" all the time that he was not undercover. This suit protect's the wearers identity by preventing visual identification: it would encase the wearer and project onto itself random images derived from 1.5 million possible elements of human representations:
As the computer looped through its banks, it projected every conceivable eye color, hair color, shape and type of nose, formation of teeth, configuration of facial bone structure--the entire shroudlike membrane took on whatever physical characteristics were projected at any nanosecond, and then switched to the next.... the wearer of a scramble suit was Everyman and in every combination (up to combinations of a million and a half sub-bits) during the course of each hour. Hence, any description of him--or her--was meaningless.
This suit appears in the trailer for Richard Linklater's film adaptation of A Scanner Darkly, in Quicktime from Yahoo or other formats from Ifilm, following commerical.