The art of ghosting

What is the art of ghosting?
Ghosting means to establish invisible presence, and gain invisible access, where you should not have access, getting information which you should not have, and trust, to make the environment, to work for you, without raising any suspicion, while being hidden where no one will ever look for you – in plain sight – in front of everyone’s eyes.


What is a ghost?
Ghost is a person who is skilled at social engineering, skilled in long term planning ahead of time, able to collect information and assemble the pieces of the puzzle using current line of events and circumstances as a layout to assemble the pieces of the puzzle.


What a ghost is capable of?
Well developed and well established ghost is capable of ALMOST anything at his will and convenience. Well ALMOST anything.


What skills a ghost must have?
A ghost has the skills to access, where he should not have access without being seen, sensed, raise an alarm, or detected by any other means. His behavior pattern is complex, and adaptive to circumstances, but always has a clear guideline in his behavior pattern, which is repeatedly shown as his natural behavior, usually reinforced by body language.


How does ghost become a ghost?
This is VERY slow process. A ghost must be VERY patient person. Gaining levels of trust in large enough number of people, to become invisible is not an easy task. A ghost must be able to read through people’s minds using knowledge of body language, being able to fake body language, and use it to reinforce his/her words, in an attempt to be more convincing than usual.


Is there any limits a ghost must obey?
Hell yeah. More than you can imagine. A ghost is walking on a very, very thin ice, one wrong move, and the ice cracks, one push to hard might be his point of failure. Failing of a ghost usually means a ghost is discovered, all trust he gained is lost, all gained access is revoked, turning a well-controlled environment which serves him, into hostile environment, which basically stands against the ghost. At this point the ghost is not only, no longer a ghost, but failed miserably in ghosting, like the last fool, becoming laughing stock for everyone else!


How long a ghost need to become one?
Basically it depends on the environment a ghost wants to penetrate. How willing are people accept new person in their social structure, how you try to invade the structure, are you there in person or via social network via Facebook/twitter/Myspace/google plus. It might take months or years, for a ghost to reliably establish it’s presence. This is VERY, VERY slow process.


How a ghost maintains his/her presence?
It is a game of the mind. You should never attract any unnecessary attention to you, remember you are hidden in plain sight in front of everybody’s eyes. If you attract any unnecessary attention, you will become visible to everybody, and everybody will see the mess you did. In terms of benefits and sacrifices, you should have clear idea what benefit you want, and what you can give in return. In size of equal magnitude, as one big action, or a number of smaller actions with cumulative value of equal magnitude, in return for what you want, in order to get even. The ghost must learn NEVER to byte more than you can chew. Do not pick up fights and argues, it attracts unnecessary attention to you. Do not get involved in argues or situations, where you might argue with the people you try to blend in. If you have to get involved, because of no other choice, try to get the side of the people you want to blend in, try to react calm, say less, say it calm, say it straight to the point, do not yell and scream, Do not chase your target. Remember your goal is to stop the argue, not to win at all costs. Frequently, you will need to be beneficial to them first, before they are to you. This is good strategically position, and if you believe that you can win a benefit without giving something in return, forget of ghosting. You will blow it into pieces, long before you stand any remote chance to blend in. Benefits will return to you with time, slowly.


Why the ghost should be careful?
Invisible access can also raise suspicion in some people. Who is he, why is he there, does he have access there? Be careful what you do if the environment which you want to blend in has motion trackers and security cameras. Never do anything obvious that might raise suspicion. If you are so stupid, to do that the motion trackers will alert your position and movements, including location of the raised alarm.  If you run away, direction and speed of movement, cameras you will have visual record which will match motion sensor’s data. Now you are busted, you are no longer a ghost. Such obvious way to catch you, suggests, you have never been a ghost, and your blending has failed.


How the ghost is not visible?
You are hidden in plain sight, in front of everybody’s eyes. No one will look for you there, even if they are at first suspect you, you have plausible deniability. Now the Security system serves you and in your purpose. Cameras never saw you there, where the trouble is, motion tracking sensors, raised alarm  – there is trouble, time serves you. You are in front of everybody eyes, they saw you laughing, goofing off, they can confirm it is not you. The Cameras saw you to do something else, at the time. Good. Few hours earlier, personnel saw you in other places, and since there always someone kept watchful eye on you, seeing nothing wrong with you. Good! Keeping the same way will build you trust, that you do not cause trouble. Trust, in time will grant you access. Once trust grants you access, your access will be invisible. No one will see your presence, or entry, as something wrong, or some place where you should not be. Never EVER abuse gained trust and access. Abusing it will blow your ghosting to pieces.


How the ghost collects information?
Now you have Trust, trust granted you access, now you must start to gather information. In the beginning of your ghosting rely on what you overhear,  what you see, do not make sounds or show face expressions that might compromise your cover. Body language talks more than your mouth. Try to go near the place, as near as safe. Pretend that you are looking at the merchandise there, reading labels put some in your cart, or if you want escape do not run. Use the personnel to get invisible. Ask for item they do not have. I like this model of football (football jersey), do you have in blue? Klerk will say no, and I ask will you have new balls any time soon, because I hope with the new balls to be blue one somewhere. If the clerk asks why exactly blue, DO NOT panics, DO NOT get aggressive, be sneaky and say something like – my son has birthday in few days and loves to play football, so I thought blue football jersey will be good gift for my boy.  Now you retreat, causally being polite saying thanks and excuse me for the inconvenience. Go some place else or exit – perfect escape! If your body language was good you were never something else than a customer asking for certain item. If you saw what you wanted or overheard what you wanted – good job well done.  At first, do not discard anything, even if it does not make sense now, it might start making sense later. Remember the circumstances and the line of events for this piece of the puzzle. Go slowly and patiently, collect more pieces like that, with their line of events and circumstances, start assembling the puzzle, using the circumstances and the line of events as a layout how to place the pieces. In time show friendly behavior, make the personnel like you, ask them for items, and when a manager ask you for feedback tell them you are happy how personal guided you, and the items recommended actually helped you, or being the right one for you. If there is a large selection, or as close as possible, if there is small section of items. Be nice to everyone, to try engaging then in friendly conversation. Try to make them relax, use some causal jokes, sense of humor, but do not get too far in the beginning, before you get close to them, not to spook them away. It is NEVER a good idea using close and personal jokes when you are not like close friends. Regardless if you are joking like this or the personal does with you, if you are not that close yet, it is not a good idea. Change subject, ask for item, then escape. You might lost this round, this is not a problem the fight is well ahead, you still have more places to blend in so big deal, let it go, get over it and move on. Blending is slow at some point, some personal will start talking to you straight to the point, as them directly, but be careful where and when. Most personal know movement pattern and behavior patterns of their colleagues. The fact that this one is willing to talk, does not mean all are. Many will still refuse to talk. Be patient, this happens slowly. If the talking one seems worried do not ask anything just move on, there is a reason for him to be like this – manager is nearby, authorities are in the store for some reason, a lot of his colleagues move around frequently, now it is not the time. Be patient, wait for better time, remember ghosting is slow process and requires patience. As a basic rule, the deeper a ghost has established himself, the more can ask, and more straight questions can ask. As a Safety rule always assume you are established a bit shallower than you really are in order to prevent yourself from crossing the lines and get caught, instead of assuming you are established presence deeper than you really are and cross lines which will lead to your uncovering.


How the ghost can hack a system and stay safe?
Via proof of concept, during responsible disclosure. This happens after deep enough establishment, and solid information gathering. Use your own http server, in order to “play it safe” under the condition I will wipe once I get home. If you wish to export data, use the question mark data leak.
Another good use is If email is not sanitized, exchanging email for some reasons make it look like plain text and use the Data:// protocol, to load the entire code locally from the computer, getting execution rights from local machine. You should not abuse the trust with too much tricks. If you do this, you will get caught fast. Suggest calling the IT to fix the problems.
Now after the IT is here, explain the vulnerabilities, such as url data leak, or non-sanitized email, and let him fix the problems. If he asks just tell him to kill all urls which have ? in them and sanitize incoming email to plain text. Use the moment to hack them for real while showing them the vulnerability. Hack them invisible and unnotable. The Ghost must remain hidden. If other problems happened, or If the problem is found, be cool, act cool, explain that you are not aware of the problem and you can’t be of good help diagnosing the problem, using corporate policy as good excuse. You suggest to call the IT, and let him deal with the situation. You do not want to uncover yourself by knowing too much. Never bust yourself by knowing too much.