Remember Ted Mosby from the sitcom How I Met Your Mother? This fictional TV character inspired a pretext for social engineering in an actual investigation.
Not all investigations can be conducted solely online. Sometimes, information that is discovered on the internet has to be verified in the real world. Many of these cases then require certain social engineering skills to obtain access to otherwise restricted areas. One of the most important aspects of social engineering is the pretext used to present oneself. This is more than just a quick and simple lie, it requires the creation of a complete identity to impersonate someone that will be able to gain the trust of whoever you are using it against. A large portion of the pretexting process is actually OSINT: Gathering the relevant information in order to appear credible.
A while back, I was working on a case in which I had to verify the location of a certain company and try to figure out if the company actually did business there or if this address was just used as a mailbox. Google Street View was not helpful, as in most cases in Germany, and a quick walk-by revealed the address was a large gated town villa. No information on the target company was visible on mailboxes at the gate. To be completely sure, I had to gain inside access and in this particular case, my customer asked for conclusive evidence of my findings. The challenge was finding a way inside that would enable me to snoop around and even take pictures. Further research revealed that the town villa also accommodated a law firm, an advertising firm and an investment management company. I initially thought of posing as a parcel courier to gain entrance and then use a hidden camera to document what I found. However, this pretext came with lots of downsides. I would require a uniform, have to deliver a fake parcel (which would surely strike attention as soon they opened it) and using hidden cameras has always proven tricky in the past when trying to get quality images.
I did a little more OSINT research and found out the estate itself was designed and built by a famous German architect. It was one of his early works. At the time, I was just watching some old episodes of How I Met Your Mother. In one of the episodes, the main character Ted Mosby was giving an architecture lecture as a professor, boring his students with architectural facts. That gave me the idea to pose as a young architecture professor preparing a course on the style of architecture the town villa was built in. Of course, I would also need pictures of the house to point out certain style elements of the villa. With this idea in mind, I spent the next couple hours doing research and preparing my pretext. I learned quite a bit about the German historicism architecture of the 19th century and of course about the famous architect himself.
The next morning I approached my target. Rather than ringing a doorbell and trying to gain access through the intercom, I choose to linger around the house and initially take pictures from the outside during a period in which I assumed people would be entering the estate to commence work. I planned to approach the first person I saw, tell them my cover story and hope to gain full access to the estate without raising suspicion. After all, I was just there to take a couple of pictures of the building itself. At this point, luck was on my side. The first person I encountered turned out to be the owner of the villa, who was in fact a direct descendant of the famous German architect that had built the place. This gentleman was so excited that a young professor wanted to use his estate as an example in class, that he happily invited me inside and allowed me to take as many pictures as I wanted. I received a complete tour, inside and out. I was able to take pictures of mailboxes inside the villa, have a peak into the office spaces and he told me about the current tenants, as well as answering my questions. During this phase, I used all the architectural terminology I had learned to keep my cover upright.
In the end, I did not find any direct trace of the company I was looking for, nor was any office space for rent or any tenant moving out. However, I did see and take pictures of the internal mailbox belonging to the investment management company. This mailbox listed around 15 additional company names. Subsequent research linked one of those companies to the CEO of my actual target company and this proved to be a starting point for a whole network of letterbox companies.
That is the story of how I became Theodore Evelyn ‘Ted’ Mosby for a day and of course I did not use that name for my character. When I was a child, I remember my grandmother complaining about how harmful TV was and that what I watched was useless in real life. This one time, I guess I proved her wrong.
(By the way: No need in geolocating the villa in picture, it’s not the one from the actual case. However, it does look very similar)
Matthias Wilson / 09.01.2019