Episode Transcript
[00:00:00] Speaker A: This show is not a substitute for professional counseling and no relationship is created between the show host or guests and any listener. If you feel you are in need of professional mental health and are a UA student, we encourage you to contact the UA Counseling center at 348-3863. If you are not a UA student, please contact your respective counties crisis service hotline or their local mental health agency or insurance company. If it is an emergency situation, please call 911 or go to your nearest emerg.
[00:00:42] Speaker B: It's 6:00 and time again for Brain Matters, the official radio show of the UA Counseling Center. We are broadcasting from the campus of the University of Alabama. Good evening. My name is Dr. B.J. guenther. I'm the host of the show and along with my colleague and producer Katherine Howell, who is not here tonight but she'll be back next week. And in case you don't know, the show is about mental and physical health issues that affect college students and in particular UA students. So you can listen to us each Tuesday night at 6pm on 90.7 FM or you can listen online at WVUAFM UA. Edu. You can also download some apps and I like the MyTuner radio app and you just type in WVUAFM 90.7. Also, don't forget I always say this every week, but we probably have about four more shows left in this semester. We don't do shows in the summer and we'll be back in the fall. So we do about 13 or 14 shows each semester. So if you have any ideas for upcoming shows, please email those to me@brain mattersradiovuafm ua edu and of course I'll consider using your show topic. Nothing is really off limits and I feel like in the I don't know how many years it's been. I started in 2013 and I feel like we've done so many topics, but like I said, nothing is really off limits and I feel like sometimes we need to revisit some topics, especially like stress management or sleep issues or depression.
And so if you think we've already done that, we may have and it may have been five or six years ago, but we could do that again. And there's always trends in college so I might come up with some new ideas if you send me the show topic. So I appreciate that and I'll try to remember to give out the email address. But again, it is Brain MattersRadioJuafm ua edu and tonight's topic. I was just speaking with our Guests before I started the show. This is. I know what this is, but I've never really delved into it. Is that a word? Delve into it. And so it's a very scary topic to me. I feel like this generation who's in college now and maybe up to a certain age knows more about this of course, than somebody of my generation. But I feel like it's something that everybody should really be educated on because anybody can get tricked or hacked or whatever. But tonight it's social engineering, the art of human hacking. Social engineering techniques are the most common way of committing cyber crimes through the intrusion and infection of computer systems. Cybersecurity experts use the term social engineering to highlight the human factor in digitized systems as social engineering attacks aim at manipulating people to reveal sensitive information. Enough said. It's scary as everything to me when you talk like that. My guest tonight. Wow. Chris. Chris and Chris. I didn't even ask you how to pronounce your last name, so I'm going to go for it and you correct me if I'm wrong. Hagnagi.
[00:03:42] Speaker C: Okay, very close. It's had naggy.
[00:03:45] Speaker B: I'm gonna mess that up.
[00:03:46] Speaker C: So I'm just gonna go buy anything. Just call me Chris.
[00:03:49] Speaker B: Chris is a trailblazer in the realm of social engineering and a master hacker, which I can't wait to hear about. His vast experience in the field, from training law enforcement professionals to speaking at renowned events, highlights his authority and he is a best selling author of several technical books on security, including Social Engineering, the Art of Human Hacking. You can find out more about Chris through his website, socialengineer.com, and humanhackingbook.com and get social with Chris on all the social media platforms. Thank you for being on the show.
[00:04:20] Speaker C: Thanks for having me.
[00:04:21] Speaker B: Yeah, tell us more about yourself, like tell the listeners more about. That was a. That was a mouthful right there of an introduction. But what are your credentials? Why are you interested in this topic and how long have you been doing this? You know.
[00:04:35] Speaker C: Okay, so this is a fun story.
This is going to actually sound a little weird since I'm talking to a university, but I went to college for about a month and I wrote a. Something called a war dialer by mistake back in the 90s. Things weren't malicious, you know, people weren't hacking stuff to destroy it.
[00:04:53] Speaker B: We were ignorant.
[00:04:54] Speaker C: I was ignorant and I created a program that would dial a phone, it would play a tone that was supposed to tell the phone to just reboot, but instead I shut down Sarasota County's phone system and I got booted out of college.
[00:05:09] Speaker B: Was this publicized? Like, if I Google it, would it come up?
[00:05:12] Speaker C: That's a good question. I'm not sure I should actually try to find it. I don't. There was no. I didn't get. You know, the cops came and they said, hey, who did this? And I said, that was me. And they went, yeah, it was kind of annoying. Can you not do that again? And I'm like, yeah, sorry. I was just messing around with the modem and didn't know what I was actually doing. Right.
[00:05:28] Speaker B: So this is starting to sound like War Games. You remember that?
[00:05:31] Speaker C: Okay, I do. That was old school.
[00:05:33] Speaker B: That's old school.
[00:05:33] Speaker C: Yeah, it was very old school. So moving forward now, many, many years, I'm working with a company and I'm doing something called exploit writing. So exploits are like malware, viruse, but were for the good guys.
[00:05:45] Speaker B: Yes.
[00:05:45] Speaker C: We would find flaws in software and we would write these exploits and then publicly disclose them so they could be patched. Right. And I wasn't good at that. I really was. I mean, I loved it. I loved the network pen testing, but I had more of a knack for people. So I started reading all these books on. You can see behind me here if you have the video psychology, neuroscience, influence, persuasion, non verbals, like, you name it. I was reading all these things and I was reading these books about con men at the same time. And I was noticing that a lot of the skills that are taught, like in sales and stuff Kahnman would use. So I said to my boss at the time, I said, hey, why don't we try doing some of the social engineering stuff for our clients when we get a test? He's like, we could try. So we would ask, hey, can I do some phishing emails or can I call into the place and see if I can get someone to give me a password? And they would always say, yeah, sure, you could try, but I don't know why it would work. Right.
[00:06:44] Speaker B: So I bet it's easy.
[00:06:46] Speaker C: It was way too easy. Way too easy, right? They'd be spending 50 hours trying to write an exploit. And I come back in 15 minutes like, hey, guys, I got the admin password, right?
[00:06:53] Speaker B: Oh, wow.
[00:06:54] Speaker C: So this was the changer for me. This is kind of where we get to the answer of your question. I had a CEO say to me, so, Chris, you did it. How do I fix it? And I went, beats me. Got no clue. And he said, you know, if I went to my auto mechanic and I asked him, hey, what's this noise? And he said, that's your brakes. And I said to him, fix it. And he said, I don't know how. I'd never use that auto mechanic again.
[00:07:16] Speaker B: Exactly.
[00:07:17] Speaker C: And I'm like, that's a great analogy. And I'm like, you're 100% right. So I went back to those same books I was reading, and I started to write notes in the columns and say, okay, if I use Cialdini's principle of influence, let's say authority, why did it work? And how can you defend against it? And I built a framework. This is 2008 time. And it was just supposed to be for us and the company. And my boss is like, hey, you got to put this on the Internet. Like, this is amazing. This framework. Unbelievable. Like, no one's ever done this. So I bought social-engineer.org I put it up on the. On the. On the Web 2009. At the same time, I started a podcast all about social engineering. And three months later, Kevin Mitnick's publisher calls me and asked me to write a book. Now, Kevin Mitnick is one of the most famous social engineers in the world. He went to prison for social engineering, the FBI, and, oh, my gosh, evading them and stuff like that. He ended up getting reformed. He passed away recently, sadly. We were good friends, but his publisher called and said, will you write a book? And I'm like, no, I'm not an author. I don't know how to write a book. She's like, oh, we'll help you.
Just say, yes. This framework needs to be a book. So I wrote it. It came out in 2010. It was the world's first book that wasn't just stories about someone going to prison, but about how to actually use the science behind these things. And it was then that I said, I got to make a company out of this. So I made Social Engineer LLC in 2010, and I've been doing this ever since. Then jump forward a few years. I become a professor of social engineering at University of Arizona, if you can believe that.
[00:08:54] Speaker B: Another ua.
[00:08:55] Speaker C: Just ridiculous. And I started the nonprofit eight years ago that helps law enforcement find people who traffic children and create child abuse material on the dark web. So that's me.
[00:09:08] Speaker B: I mean, this is blowing my mind because I feel so ignorant when it comes to this. I have students who have major who are majoring in criminal justice, and I have had a few students who want to do cybersecurity, like that's what they want to do, but not many And I'm surprised, you know, because I feel like this is a field that needs as many people as possible. Because let me tell you, when they. We had the department here at the university come over and train us probably about. It probably was about 10 years ago, because I've been here a while, and that was the first time like we had ever had any kind of training.
And at the same time, Chris, something happened to me here at the university. And I'll tell you in a minute what happened, because I think I might have been one of the first ones on campus, just the way that it was treated. And I'll just give you an example. But when our person for cybersecurity came over, when he started talking about how fast it happens, how much it's happening, how much they are doing to combat it, in my mind, I'm like, there's no way we're going to be able to keep up, you know? Do you know what I mean? Like, I'm not articulating myself because I don't know the language like you do, but I was sitting at my desk one day and this had to have been maybe more than 10 years. Maybe I don't. It was within the 10 years because I know where we were at the time because we've moved and I was working on something and all of a sudden I had never seen this before. Nobody had. Nobody really knew much about ransomware. I didn't know what it was. It was. A few people knew what that was like in the industry. Nobody else really did. And all of a sudden it popp. And it said, basically, it held me hostage. I've got basically everything on your computer is locked down unless you pay us this many bitcoins. I was like, what is going on? I call. I didn't do anything. I called our OIT immediately because I know him. I was like, oscar, what is going on? He said, I'm coming over there right now. So he came over immediately and he thought that he would be able. I don't know how he thought. You know what I'm talking about? He thought he'd be able to, like, get out of it and get me right back on track. No, it had infiltrated our system. It had not gone through the university system yet. But when he came over and started piddling with it, the blood went out of his. I was sitting on my sofa across from my own desk, and the blood literally drained from his face. And he said, oh, my gosh. He said, I don't think this has gotten into the university system yet, but I need to make some calls. Chris. The FBI came and got my computer, and I thought, oh, my gosh, what happened? Lost everything. I've been here 20 years. Lost everything. He was able to get back most of my stuff. Up until three years prior to that event happening. I still lost templates of letters and, you know, you can work stuff. I cried. It was devastating. And I never saw my computer again. I never heard anything else about it. And not long after that, let me tell you, you can Google this. It was a major news story. Our hospital system here was hacked just like that. And they ended up having to pay.
I don't think any amount was ever discussed, but nobody could figure out how to undo it, and it was a disaster.
[00:12:38] Speaker C: Yeah, well, ransomware and encrypts everything and encrypts it with a key that the hacker owns. So there is no way to decrypt it unless you can get the key from them, and that's what you pay for.
[00:12:50] Speaker B: When I saw Bitcoin, I knew it was overseas. I knew it probably was not here. I mean, I knew a little bit about it, but it made me think, oh, gosh, I knew it was bad. Yeah.
Well, explain the concept of human hacking. When I read that, I don't really know exactly what that means. Social engineering. Little bit more. And I've read, I've done a little bit of research before the show, so I would at least be able to know what you were talking about for a minute. But what is that concept? How does it differ from the negative connotations associated with hacking?
[00:13:25] Speaker C: Sure. So both social engineering, human hacking, they're kind of interchangeable phrases. So what it means is understanding how, as humans, we make decisions and then using principles of influence to adjust that decision the way you want it to go. The difference between the good and the bad is your intention. So if it's bad, then I'm going to get all the benefit. I don't care what happens to you. I don't care if you're hurt like that ransomware. I don't care what occurs in your life. If it's good, then it benefits you and me. So the intention of how these skills are used is really what changes its trajectory.
[00:14:01] Speaker B: Wow. And so, you know, one of the. I was looking over one of the email questions, and I'll just go ahead and ask you what. Hold on, I'm pulling it up. How easy or difficult is it to prove these crimes? When there's a crime?
[00:14:17] Speaker C: Yeah. So that's a good question, by the way. It really depends, and I hate saying this, so like let's talk about the four vectors that are used in these kind of crimes. We got phishing, that's email, emails. Now, as far as proving that it was a crime, easy, because you have an email, you have, you have a basis, you'll have something there. Like in your case, that ransomware probably came in through an email. That email sits on the server. So you have proof that this occurred. Now, finding the attackers through the email, sometimes not easy. Most of the time they're using, you know, dark web tools and they're, they're obusicating all of their, all of their content vishing, it's just voice phishing. So that's phone calls that come in, those are a lot harder because you don't have much physical presence to prove anything. You, you know that spoofing a phone, that means you don't know where it's coming from. We're usually not collecting a lot of data on phone calls. So if someone were to get your bank account or get you to install something over the phone, you don't have a lot of proof that of the, of the call, you might have a call record, but that's it. Nothing really there. Solid smishing, which is SMS phishing is a lot like phishing with emails. You have, you have an actual sms, you have the, you have the proof there. So if your phone's not destroyed, usually you have something. But again, we're back to the point of can you prove who it was? Probably not, right. And then impersonation, which is anything from online impersonation, like using LinkedIn and creating a fake account, or actually someone coming to your job and infiltrating the facility physically, you know, that is if the person gets caught, you have the person, you have the physical proof, Right. If they get away with it, a lot of times it's very hard to prove. You know, you have, you might have cameras, you might be able to see things that occurred, you have proof that the crime occurred. But again, when we come back to, and I'm not sure if I understand the question fully, like we could prove the crime was committed, but can we prove who did it? A lot of times the answer is no. Without real good investigation, no.
[00:16:17] Speaker B: I don't think there's a way to have consequences for it necessarily. Do you know what I mean?
[00:16:25] Speaker C: Yeah. In a lot of cases what happens is if the feds get involved, they'll do a lot of research because they've built cases, probably know this kind of ransomware is used by this particular group. And then they'll spend a lot of time undercover. Right. Trying to infiltrate these groups or find one person who maybe has bad, what we call OPSEC operational security.
Like the, the guy who ran Silk Road for so long, he got caught because he took some of his bitcoin out and bought something on Amazon. Now it became traceable.
[00:16:56] Speaker B: That's right.
[00:16:57] Speaker C: And then they got the address from his shipping and they were going to arrest him. So when and when the bad guys make mistakes like that, it allows law enforcement to catch up with them.
But like an average you and me person being able to look at a crime and say, oh, I can find out who this is, that's going to be much harder.
[00:17:14] Speaker B: How common is it, you know, you mentioned people actually going physically to a place to commit this kind of crime. How common is that? Because I would think that would be so much more risky, you know, because of what you just said. It's easier to see them on a camera or something like.
[00:17:32] Speaker C: Yeah.
Impersonation attempts usually are saved for things like nation, state, so government terror activity or high volume. How value. Right. If you want to break into a rocket company and steal plans or Boeing and steal the plans for a new jet or something like that, that's what those kind of attacks are saved for. They're usually not small companies and they're usually not companies that, you know, like, you're not going to see someone trying to physically break in the bank of America. Right. You know, it's not.
Yeah, it would be dumb.
So those kinds of attacks are saved. Now online impersonation, that's. That's a lot. We see that a ton.
We see that a lot. People are doing impersonation, especially now with AI. I mean, for the, you know, since this is geared towards college kids, one of the, one of the biggest problems we have in this country right now is sextortion of our youth. And they're doing it using artificial intelligence and by impersonating people.
[00:18:37] Speaker B: I need to do a show on that. I need to do a show just on that. We've done sex trafficking shows, especially on college campuses and had our police officers, some of our representatives here locally on the show. And that's been a while, but that would be another good show, you know, to kind of piggyback on this show. But what about, like you mentioned, we're doing this show for college students mainly, but other people can hear it too. What about this age group? Do you know anything about the statistics of this may be a weird question, but the Statistics of this age group doing a lot of the hacking.
[00:19:20] Speaker C: Well, you know, here's the, here's where the idea of this hacking comes from. It's not necessarily just a particular age group. When the economy stinks, when it's hard to find a job, when maybe you live in a third world country and you think everyone in America is flowing with money.
[00:19:36] Speaker B: Yes.
[00:19:37] Speaker C: Or you're in this country, it happens in this country too. And you're just down and out and you got fired and you have no hope. All of a sudden it looks pretty attractive to send a couple emails or make a couple calls and make some money. I mean, there was an ad, it's easy. There was an ad on the dark web. This group was looking for females to do phone calls for social engineers. And they offered them $30,000 for every compromised account. So if they were successful, I mean, you think of that. If I'm a young woman down and out, I can go work as a waitress.
[00:20:07] Speaker B: And you do two.
[00:20:08] Speaker C: Yeah, you do two. And you have your yearly salary and, and all you're doing is calling like these big banks and just trying to get them to give over passwords. You know, if you're successful, you made 60k. That's right.
[00:20:19] Speaker B: And if you're not successful, just like you said a minute ago, they're not going to know who you are.
[00:20:24] Speaker C: Yeah, they're gonna give you, they're gonna give you fake phones and spoofed phones and stuff to do the work. You're gonna get a burner phone at some 711 or something like that. You know that you're not. The risk of getting caught is low and the reward is high.
[00:20:37] Speaker B: So what happens when people get caught?
[00:20:40] Speaker C: So they go to prison and depending on, on like we just, I was just working a case with my non profit on sextortion and they extradited the guy who, who, who, who, who did it because he, the young man killed himself. So he'll go to prison for a very long time.
And he was extradited to this country. So he'll go there for a very long time.
[00:21:02] Speaker B: So he was out of this country?
[00:21:04] Speaker C: Yeah, he was in the Ivory coast area. Africa. Yes. Then sometimes you have things like the, one of the. When the MGM got hacked, if we heard about that. MGM hotels out in Vegas got hacked.
[00:21:14] Speaker B: Oh yeah. Shut down everything, didn't it?
[00:21:16] Speaker C: Yeah, shut down everything. They caught one of the young men who did it. He lived in tampa. He was 18, 19 years old. He'll be in prison for quite a few years that some of those charges can go as terror activity. Right. So nowadays when you hack something maliciously, they actually can put terror charges on you. So it can get pretty serious pretty fast. Right. And depending on the amount of loss it can get, it can get pretty bad for the person who gets caught. Caught.
[00:21:43] Speaker B: So it does depend on like how much is involved.
[00:21:47] Speaker C: How much is involved. What was the damage? Yeah, yeah, you know, what was the damage? Not as a monetarily, but what was the damage? You know, you have these. I don't think they've been caught yet, but the people who hacked change Healthcare, that took down healthcare system around the U.S. the ability for doctors to bill and, and charge for pharmacies to get prescriptions, it was down for months. Yeah, I mean they were going back to paper and Pennsylvania. So I mean, you know that if that guy, a gal or whoever they are gets caught, that group gets caught. That's going to be a big deal. I mean, they, they, they damaged, they took, possibly took lives of older people or sick people who couldn't get their medication.
[00:22:23] Speaker B: You have to kind of, you have to look at it like that, not just act of doing it. How is it, you know, what is it affected? Yeah, yeah.
[00:22:30] Speaker C: Right. So hospital you mentioned got hacked. And what if someone died on the.
[00:22:34] Speaker B: Or I wonder when you said that, that's what I thought. I was like, oh my gosh, what happened up here?
[00:22:39] Speaker C: Now it's a murder charge charge. Right. So now it goes from, it goes from just hacking to now a murder charge.
[00:22:43] Speaker B: Yeah.
[00:22:44] Speaker C: Because your act created a situation where someone died.
[00:22:47] Speaker B: Well, and how many people, how many law enforcement people is it taking to find all these people and bring them down? And I mean, that is a whole nother. Yeah, it is.
[00:23:01] Speaker C: That's a whole nother show.
[00:23:03] Speaker B: Gosh. Because it's not just going to be the local FBI here because we don't have that many agents here in Tuscaloosa. I think we have one.
[00:23:12] Speaker C: Yeah. So I mean, you know, you're going to get like the local will probably be called in, then they'll call in support from hq. You know, there'll be a task force assigned to it. And depending on the size of the attack, like if university, when your university got hacked, they probably. Then those computers went up to the forensics lab and they probably tried to analyze it to see what they can find and see if there was any traces of where it came from, how it got there, those kinds of things.
[00:23:34] Speaker B: So these kids that I'm talking about that are coming in my office saying they're majoring in cybersecurity. In your opinion, do they have jobs right out of college?
[00:23:42] Speaker C: That's a, that's an interesting question. So let me tell you a problem that's happening in the market right now which I find ridiculous is we see people, companies saying they want entry level positions must have two years of experience.
What? Like, when did that start? I mean, and, and a lot of us in the industry for a while calling these companies out publicly. Like, how can you be entry level and have two years of experience? Right? It doesn't work. But entry level is someone who comes out of college. So there was a time if you exited university with a degree in this, you can write your own paycheck. Now it's getting, it's getting a little more difficult. But. But. Well, I think a couple things right now. The economy is maybe the worst we've had in a long time, right? A lot of organizations are afraid because of all the changes in government. You know, we're seeing FBI agents get, you know, get laid off. We're seeing whole different government agencies being laid off.
That is reducing the size of IT teams and major organizations. So hiring is at a little bit of a freeze. Sounds so negative, you know, but it has to bounce back because you said it before, our industry is reactive, not proactive, right? But we wait, the bad guys do something, then we go, oh, crap, we got to fix that, right? And now we figure out how to fix it. And then we got to come in and fix the, the holes that were left, right? So we're, you know, I'm gonna want to retire someday. So we're hoping the young people can come and take over my job. You know, I want people to come in.
[00:25:09] Speaker B: I'm thinking they just need bodies, you know, like, people can be trained pretty quickly. These kids are smart. They catch on. They can be trained really quickly. That really stagnates the whole system. Even if they're, even if the companies are afraid. Two years is a long time. A lot of things can happen. Bad. You know this in seconds. So what's the answer? Like, what were you saying? I'm sorry, I interrupted you.
[00:25:34] Speaker C: No, no, it's not, it's not, it's not that there's, it's not that there's a clear answer. It's just, you know, they have to. What I would say is that if there's any way while they're in university to get an internship, right, that can give them some, some credits, right? Get their feet in a company where now that company knows Them that's kind of like a built in resume. Right. Take some time while you're still studying to get in the industry. Like go to, there's these conferences called B sides and they're all over the country. Find one local to you go to that join the ISC Squared organization that's in your area and the isaca isa. Isaca. Isaca. I think so those, all those organizations are centered around cyber security and they're groups of cyber professionals in your area to get together to talk and learn together. But in there there'll be people who are CISOs in companies, people who are the head of the red team. That's a great networking way to say hey, I'm going to be exiting university in two years, you know, or in one year. And now they're going to their name, your name is going to be in their head when that happens. So I say start that networking now. Start building that, that, you know, repository of names and that can help you, once you get out to be that person who does get.
[00:26:56] Speaker B: Yeah, you get a head start.
[00:26:58] Speaker C: Yeah, 100%.
[00:26:59] Speaker B: Hey, let's take our first break. I have totally forgotten to take the first break because we just went off on a tangent. So we'll take our first break and when we come back, I want to talk about the psychological effects of the victims. When we come back, you're listening to brain matters on 90.7 the Capstone.
[00:27:25] Speaker C: WVUAFM Tuscaloosa.
[00:27:27] Speaker A: This show is not a substitute for professional counseling and no relationship is created between the show host or guests and any listener. If you feel you are in need of professional mental health and are a UA student, we encourage you to contact the UA Counseling center at 348-3863. If you are not a UA student, please contact your respective counties crisis service hotline or their local mental health agency or insurance company. If it is an emergency situation, please call 911 or go to your nearest emergency room.
[00:28:06] Speaker B: Hey, you're back listening to 90.7 the Capstone. This is Brain Matters. I'm Dr. BJ Guenther. We're talking tonight about social engineering and human hacking at and it's fascinating. I mean this half hour has already gone by so quick and I haven't even gotten to half of my questions. Chris. My guest tonight is Chris Had Nagy.
[00:28:25] Speaker C: Yes.
[00:28:26] Speaker B: Perfect.
Sorry. It's a hard name to pronounce. I'm just gonna call you Chris. He has written a book that I see behind you. I like the color of it, Human Hacking. But he's an expert. You've been doing this since. Did you say the 90s?
[00:28:39] Speaker C: Yeah, I was messing around in the 90s, but as a professional, I've been doing this for about 20 years, definitely.
[00:28:44] Speaker B: So I bet you're in high demand, honestly, because of your expertise. And we were talking about like all the effects of, you know, hack hackers, how they do, the techniques, everything. One of the things I read, and you've already mentioned a few, like smishing, phishing, something else with a V. Fishing, I don't know the terminology, but when I was reading the articles, they talked about all the different types of hacking. Can you name some more? Because I read about phishing, smishing, vishing, but then there's several, there's lots more. Can you touch a little bit on what those are?
[00:29:19] Speaker C: You have like the ransomware attacks. We talked about those. You know, you have malware based attacks which are, you know, kind of like viruses and mal, like mal pieces of software. You have embedded attacks where people embed bad software inside of something like a PDF, a document to try to get you to launch that. Then you have these attacks right now that use standard tools, like someone will get you to install teams or what is it, Team viewer on your computer as they were remote support. But then they set it up so they have access to your computer when you're gone. So it's not even really like a bad hack. It's just they're getting you to use a real tool. So then later on for them to come in and hack you. We're seeing grandparents scams right now, big ones. You know, they're calling grandma and grandpa and saying like, hey, I got, I got, I got arrested. I'm in prison. I was at a bachelor party, they got mugged, they took my wallet. You know, can you give me 5k to get bailed out and I'll pay you as soon as I get home. And grandma wires the money and of course it's not that. Yeah, we're seeing a lot of those attacks on older folks. We're seeing a lot of IRS scams. You know, things like your benefits are being cut because you didn't pay your taxes.
[00:30:32] Speaker B: Anything that do anything to do with money, they figure out a way. Yeah, yeah, Anything to do with money, they figure out.
[00:30:38] Speaker C: Anything to do.
[00:30:39] Speaker B: What about something. What about tailgating? Do you know what that is? We do a lot of that here at the University of Alabama at the football games. But this is another tailgating. What is it?
[00:30:51] Speaker C: So if you're going into a building that has Security, like let's say RFID cards or a security guard or something like that. Someone who wants to gain access will pick a time when it's very busy. So let's say right after lunch or 9 o'clock in the morning when everyone's getting to the office and they'll just follow people that have the badge in. Because if there's 100 people trying to get in, the guard's not going to look for everyone doing the swipe. And we often hold the door for each other. We want to be polite. That's part of being human. So we hold the door. Person's like, oh, thanks. And now they're in the building and they didn't have to have a car to do.
[00:31:22] Speaker B: So that's happening here on our campus in the dorms. I don't know what's going on. Not to scare people, but it has happened a few times. You know that like kids will go through, they have to have their swipe card. But if you're, if it's the middle of the day and you're staying there, anybody could get in.
[00:31:37] Speaker C: Yeah.
[00:31:38] Speaker B: You know, before the break, I wanted I mentioned this, but this is an email question that came through also. What are the psychological effects of being a victim to these crimes?
[00:31:50] Speaker C: Yeah. So we can go through a few of those. Few of those. You know, right now. I know. Let's talk about romance scams. They're usually performed on widows and widowers. Right. They just lost their meat. Someone attaches them on Facebook or something like that. Next thing I know is they're giving up money once they're found out. Psychologically, the, the amount of shame and guilt these people have is just beyond. Right.
From a corporate stance, you, you have fear, a lot of fear. Is, is the, is the psychological pain there? Because why am I going to get fired? Did I do something bad and the company lose money because of me?
With the sextortion on our young people in this country, we've had over 20 suicides.
[00:32:31] Speaker B: Yes.
[00:32:31] Speaker C: Due to that. So we are. You can almost imagine what the psychological toll on our young people is for these kinds of things.
It's at an unprecedented level. You know, during COVID we were basically confined to the Internet for everything. Our learning, our work, our education, our entertainment, everything was on the Internet. And that meant that not only were we there, but the attackers were there. So these attacks, we were isolated from our, our friend groups who were isolated from other humans. And now we're just being constantly attacked online. So it has a significant psychological toll on, on People, because like you said in the beginning of the show, how do you defend against something you don't even know what it is.
So if you don't know these things exist, then you can't possibly be ready to defend against them. So that's the first stage is a show like this where we're telling people these things exist and here's how they work. Now maybe if somebody gets a weird awareness.
[00:33:30] Speaker B: Yeah.
[00:33:31] Speaker C: They'll go, oh, wait, maybe that's one of the things I heard on that radio show.
[00:33:33] Speaker B: Yes. Yes. What do you think we could. Is there anything as a campus we can do? I mean, I feel like in the background, people, the professionals, oit, they're trying to do as best as they can. But what else can we do, you know, to. Is it just like we're doing now, making people aware, or is there something else, another step that we need to be doing? I'm just always afraid there's something out there to help, and I don't know.
[00:34:01] Speaker C: That, you know, from, you know, I think awareness is probably one of the biggest things that can be done because the more people know about these type of things, the easier it is to defend. But from a physical standpoint, you know, things that campuses can do is have cameras in the right locations, make sure that your security doors are actually secure. Right. Like, you know, I can't tell you how many times I've been working with universities and you know, they'll have a door, it's got a lock from the inside, rfid, it's wonderful. But then there's a one inch gap and anyone could just take a coat hanger in there and, you know, flip the motion sensor and now the door's open. Right. So like one of the things that like our company does, like we'll come out and we'll do security audits, walk through the place with, with the organization and say, okay, here's a, here's a temporary, here's a possible flaw, you know, here's a vulnerability.
[00:34:52] Speaker B: Yes. Oh, wow.
[00:34:53] Speaker C: Doing things like that could be a good step into knowing, you know, because you said it, you don't think like an attacker. That's my job is to do that. So I'm going to go through a building and I'm going to say, this is how I would break in here. This is where I would, you know, create some havoc here.
[00:35:07] Speaker B: Vulnerable spots. Yeah, yeah.
[00:35:09] Speaker C: And that, that gives the company a chance to at least fix things before something bad happens. And I'll add something else that I'm sure you have Campus security on there, training for campus security in multiple areas. One, how to, how to spot potential vulnerabilities. Right. And then how to talk to victims. I can't tell you how many times I've heard in cases because of my non profit that you know, campus security will almost victim blame.
[00:35:38] Speaker B: I know.
[00:35:39] Speaker C: Well, well if you weren't wearing that maybe you wouldn't have got assaulted. I mean, holy crap, that is just the most horrible thing you can possibly say to someone. Someone. Right. You know, or if you didn't take those pictures then they wouldn't be stolen. Right. Again, I mean that's such a horrific way of dealing with it. So giving campus security and, and people who have to deal with these crimes some education on how to handle them could go a long way in making your, your place much more secure. Because if the students feel I have an advocate here, I can, I know I can go to BJ and she's going to stick up for me, she's going to help me, she always kind to me. Then they're going to do that. If they know that a bunch of the teachers are that way and a bunch of the security is that way, they're going to go running to them in a time of danger as opposed to running away.
[00:36:20] Speaker B: Yeah. When you mentioned the pictures and you know, the person who killed him or herself because of the exploitation. I can remember over the years when I first started working here, I remember a case where a student, a student's pictures were compromised. I'll say it like that. And it was just so eye opening. Like that was the first time I had ever like come across that and seen the effects. I just don't know how to explain it. It was just, I mean humiliation, the humiliation of that. The, you know, and it's not just with, it's not just the students or the person. It, it filters out to their parents. If they're dating somebody then their friends and their, sometimes their friends will be like why were you doing that? You know, they'll blame. It just turns. Oh, it's horrible.
[00:37:17] Speaker C: It is, it is.
People can be very cold and unkind when it's not them. Right. So you know, we, we, we were just working a case at my nonprofit. This young lady, she's now 23 but when she was underage she had some pictures that she forgot. Snapchat folder. Somebody hacked the account, stole them, they put them online. But they went one step further. They put her phone number in her email with the pictures. So this poor young lady is getting harassed non stop. So we've been working with her to locate these people that are harassing her and get the pictures taken down and things like that. But, you know, the police did, when they came, when they called the local police and the police came, it's the first thing they said is, you know, if these pictures didn't exist, then, you know, they. And it's like. That is literally the worst thing you can say.
[00:38:06] Speaker B: That has nothing to do with it. Those are her private photos they hacked in. That's the point.
[00:38:10] Speaker C: That's it.
[00:38:11] Speaker B: You know, is this. I wrote this down because I wanted to be sure and ask you this. Is it inevitable that most people will get hacked? Is it inevitable?
[00:38:20] Speaker C: You know, back in the day, when I first started this, I used to say if, if, if, and now I say when, because it's.
[00:38:26] Speaker B: That's what I'm getting at.
[00:38:27] Speaker C: Yeah, yeah. And it's not. It's not. It's not that everyone's going to get hacked and completely destroyed. But, you know, I'll give you a personal example. I've sent 20 million phishing emails in my career. And my third book was on the psychology of phishing, right? How phishing works from a psychological perspective. And I clicked on a fish. I fell for an actual real fish, right? So this kind of stuff is not a stupid human problem. It's a human problem, right? And it's not just. It's not just dumb people that fall for it. If the right pretext hits you at the right emotional time, then you can fall for it, right? And that's what happens.
[00:39:03] Speaker B: It makes you feel. It does make you feel. Oh, it makes you feel like I should have known.
[00:39:08] Speaker C: I mean, believe me, I'm the guy who wrote the book on it. And I went to my COO and I'm like, we cannot tell anyone this story ever. And he's like, no, you're telling everyone this story. He's like. He's like, you gotta.
[00:39:20] Speaker B: So let's talk about the book. Let's talk about the book. For one thing, the book is called Human Hacking. And you talk in your book about the importance of generosity, empathy, kindness, but share some specific examples of how these qualities can be harnessed for effective communication. You kind of touched on it a little bit about how maybe law enforcement, when they're first called what they shouldn't say, but kind of go into more detail about how it can be communicated better.
[00:39:52] Speaker C: Yeah, this is. I think this is a really good topic, especially for the day and age we live in, right? We. We have become polarized as a nation. Right. And I don't know, you know, you're probably younger than me, but if we, if we look at the generations back when you're welcome. But I remember being a kid and my dad would have a neighbor over and they'd sit around by the fireplace with a whiskey, talking about whatever politics, whatever it is, and then the guy would leave and my dad be like, man, he's a dumb me. And then they come back next weekend and do it again.
[00:40:21] Speaker B: Yeah, it was no big deal.
[00:40:23] Speaker C: It was no big deal.
[00:40:24] Speaker B: You don't hold a grudge.
[00:40:25] Speaker C: Yeah, hold a grudge. It was just you disagreed. But now if I don't believe the same thing or vote the same way or have the same politics, I have to hate you. Right. And so why do I bring this up? Because I think what we have lost is the ability to find common ground. So when I talk a lot about empathy, I match that with active listening. So if you want to be a master communicator, you approach every conversation, even if it's one that is not going to be fun, like a disagreement, a debate, an argument, you have to lay someone off, whatever it is. If you approach that with empathy and you truly go into the, to the conversation not saying, I'm going to convert you to my thoughts, I'm going to convince you I'm right, I'm going to win this debate. But I want to understand, truly understand your position, then you can actually have a wonderful conversation and completely disagree. Right. If you, if you enter a conversation curious about the other person and willing to active listen, you will find so much power in the way you communicate that it can literally change your relationship with everybody that you interact with.
[00:41:28] Speaker B: Anybody. That's right. That's right. And I think it takes maturity too.
[00:41:32] Speaker C: Yeah.
[00:41:33] Speaker B: And so I talk a lot about that with kids, you know, 18 to 24. But, but I've seen people my age.
[00:41:40] Speaker C: Oh, yeah, we're all sure. Yeah. If you're not self aware, then you don't know what your flaws are. Right. So a self aware person says, ooh, this topic gets me emotional. And it's all that self aware person is also able to regulate and say, oh, I'm getting emotional during this conversation. Hey, take a step back, take a breath. Right. You know, just kind of chill out because I'm going to say something stupid if I don't. And if you find that you can't, there's nothing wrong. Was fessing up and saying, hey, you know what I'm finding? Like, I'm Getting myself a little worked up. I'm gonna, I'm gonna just take five minutes, hit the bathroom or go get some water. I'll be right back. I just need to, like, clear my head. That shows maturity. Saying that I'm not ready to have this conversation is a mature way of saying I'm not ready. Right.
[00:42:20] Speaker B: And compromise too. Like, I talk a lot about compromise, how to compromise.
[00:42:24] Speaker C: Yes.
[00:42:25] Speaker B: A lot of people just don't know how to compromise. And if they don't learn that, they're not going to have. Have. They're not going to be close with anybody. You know, that's just how I feel.
[00:42:34] Speaker C: People sometimes teach that in negotiation. A good negotiation is I get everything I want and you don't. But a great negotiation is both sides, both sides get it. Both sides. If you think of any good negotiation, it comes out, and let's use extreme examples, a hostage negotiator, the perfect example of that is the hostage lives and the hostage taker goes to prison alive. Right. That is a good hostage negotiator, can make that occur. Both sides win. Right? Nobody's dead and nobody's hurt. You enter your negotiations, whether it's a job raise, whether it's a dating proposal, but you enter that with the idea of this has to be good for both of us. That's going to, again, build your empathy. Build what you said before, your ability to compromise. Right. Because I find oftentimes. And we can use the dating one, that's less scary. People who aren't perfect are looking for perfection. Oh, listen, and it's like I feel.
[00:43:34] Speaker B: Like I have this conversation every single day.
[00:43:37] Speaker C: Yeah, right. And that. How is that compromising? It's like, hey, have you ever looked in the mirror, man? Like, you're not the object of perfection. So what do you expect her to be? Right?
[00:43:45] Speaker B: I'm pretty blunt. So I could see me saying that, but I have to. I tippy toe around it a lot of times, but I get to that eventually in a nice way. But yeah, you gotta have insight.
[00:43:55] Speaker C: You do. Self awareness is probably one of the biggest skills. I tell when I. When I'm teaching classes for young folks and they say, what are things I should learn? I say empathy and self awareness. If you can. If you can practice those two things, your EQ will be through the roof. Your communication skills will be through the roof. Everything that you do in your future will just excel. Really?
[00:44:14] Speaker B: You know, it's funny you mentioned hostage negotiator. I cannot believe how much I've been talking about this for the last month. Because I had a student before we had our spring break, too, weeks ago, and I think it was before spring break. I saw her for the first time, and she came in and she said, my goal is to be a hostage negotiator. I had never, in my 20 years of being, I've never had a student say that.
What is up with that? Is that like a popular thing?
[00:44:40] Speaker C: It's a real job. It's a real job. You know, it's. It's getting into law enforcement, first of all, you know, and then she's into that.
[00:44:47] Speaker B: Yeah.
[00:44:48] Speaker C: Yeah. So if you get into law enforcement and, you know, I know a couple. I mean, I've interviewed Chris Voss and he was a hostage negotiator, and Joe Navarro and, you know, he did a lot of FBI interrogations and things like that. It takes some time, but those people are needed because not everyone has the talent to do that. Not everyone has the ability to do.
[00:45:04] Speaker B: Yeah, they don't. Because it's like what you were talking about. Well, and the inside, too.
[00:45:08] Speaker C: Yes. Right. And being able to talk to someone who is threatening to murder another person, like. And to do that calmly and with respect, that's difficult.
[00:45:19] Speaker B: It just seems so stressful. Let's take our next break. It'll be probably our last break because we'll finish up in a few minutes and we'll come back. I want to talk some more about your book because it's so fascinating. I haven't read it yet, but that would be a great summer read for somebody like me who likes all this kind of stuff. But I want to talk a little bit about the interactive missions and exercises. If we hadn't already touched on that. So we'll be right back. You're listening to brain matters on 90.7, the capstone.
[00:45:56] Speaker C: WVUAFM Tuscaloosa.
[00:45:59] Speaker A: This show is not a substitute for professional counseling and no relationship is created between the show host or guests and any listener. If you feel you are in need of professional counsel, Mental health and are a UA student, we encourage you to contact the UA Counseling center at 348-3863. If you are not a UA student, please contact your respective counties crisis service hotline or their local mental health agency or insurance company. If it is an emergency situation, please call 911 or go to your nearest emergency room.
[00:46:37] Speaker B: Hey, you're back listening to brain matters on 90.7, the capstone. We're talking tonight about social engineering and human hacking, and my guest is Chris Hagnagy. I'm horrible at pronouncing his name. Sorry, but we've been talking for the last almost hour about human hacking. It's fascinating. And if you think you know everything about hacking or you think you're aware, you need to go back and listen to this show because there's a lot of types of hacking that, you know, I think would make anybody's personality. How do I say this would make any personality vulnerable.
If you think, you know, like, you just admitted yourself, Chris, that you kind of. You got hacked a little bit, you know, so it can happen to even the pros. But talk about your book. He's written a book called Human Hacking. Go out and get it. Can you buy it anywhere?
[00:47:29] Speaker C: Yeah, Barnes and Noble anywhere. I see it in the stores or.
[00:47:33] Speaker B: On your website, which is socialengineering.com.
[00:47:35] Speaker C: Yeah. So the book site is humanhackingbook.com. so you go there and one of the great things about the site is I put all these resources together where if you're reading the book, you can download some PDFs or some exercises to do with the book or some other things that can help you apply some of the principles in the book.
[00:47:54] Speaker B: That's cool. Before the break I mentioned, I wanted to talk about interactive missions and exercises. Have we already talked about that and I didn't realize it.
[00:48:02] Speaker C: It. No, no.
[00:48:03] Speaker B: Then tell me more about that. Like, give us a glimpse of these missions. Explain how, you know, they contribute to the reader's development when they're reading your book. Of these skills.
[00:48:12] Speaker C: Yeah. So when we talk, let's say, about elicitation. Elicitation is the ability to have a conversation with intent, but it doesn't feel like intent. Like. So, for example, let's say my goal is I want to get your date of birth. So I see you in a store and I approach you and I say, hey, ma'am, can I ask you a quick question? I'm trying to buy a birthday gift for my wife. And. And I messed it up last year, you know, really big. And I just. What was the best birthday gift your husband ever gave you? You know, and now you sit there and you say something like, oh, well, my favorite was he took me on this cruise to Italy. Oh, man, you must be a. You must be a June baby. Because I mean that you don't want to cruise in the winter. And you say, well, no, July. I'm like, oh, Fourth, like the holiday? No, I'm not that lucky. No fireworks for my birthday. It's the 15th. Oh, okay. Thanks a lot. I'm not sure, if I can afford a crazy cruise. But you know, that's a really good suggestion. Thanks for helping me out. We just had a conversation. You felt like you helped a stranger and I was able to get your date of birth with only elicitation skills, right?
[00:49:10] Speaker B: Oh, I'll never talk to a stranger again.
I really don't trust anybody.
[00:49:18] Speaker C: So I give these interactive lessons out because what I want the reader to be able to do is say, that's how it works, right? It's anyone can watch the video, right? Anyone can read the book, listen to the audio. But when you do it, it's. It's kind of like if you ever been to a cooking class, that is a kitchen, right? I used to be a chef back in the day and I went to a cooking school in Thailand where my wife is from. And what they do.
[00:49:45] Speaker B: Everything. You've done everything.
[00:49:50] Speaker C: Right now I'm not, I'm not. When I was in this cooking school, what I loved is the guy who's running it. He takes you to the market around the corner, he shows you how to buy the things we need. And then we go back and you're standing there and as he's cutting, you're cutting. As he's mixing, you're mixing. As he's pulverizing, you're pulverizing. When I left that class, it was. I knew how to do it. I didn't just read his cookbook, I knew how to do every step of the thing. Experiential experience. Yes. So these lessons are made to do that. That is in a non hacky way, a non illegal way. Go out and interact with complete strangers, get information that you're not going to do anything malicious with. And you will be amazed at how well that skill works. It's just easy. I can do this. I thought I couldn't do it. One of my best guys here is that is the largest introvert on the planet. But he can go out and chat with anybody about anything. Just using these.
[00:50:41] Speaker B: See, I was just going to say you and I were. You can tell you're easy to talk to. I think I can talk to a wall. I think I could do this easily. I think I've probably done this without any malicious intention.
[00:50:53] Speaker C: Yeah, yeah, you've probably done it. Sure. I'm sure you have. Yeah, yeah. I mean, people who can chat people up usually have no problem in doing this. And then it just becomes, now the light bulb goes off when you read the book. You'll be like, that's what I've been doing all these years. Like when you read this in the summer, you'll be like, that's what I've been doing for all these years, right? And it will just have a name to it now. But for, but anyone can learn this. It's just a matter of you have to be willing to. It's kind of like I use this analogy of working out, right? If you go to the gym and you only lift weight that never challenges your muscles, you're never going to grow. So if you grab a five pound dumbbell, right, and that's all you ever use, you're never going to grow. But if that weight hurts your muscle and it breaks it down and the next day you're sore, then that's going to build more muscle and they're going to eventually do that. So discomfort is needed to create growth. And, and it's just like this in social engineering, you have to be uncomfortable in order to learn how to use these skills. So the discomfort is actually part of the process.
If you go out and you're like, man, this is gonna suck, I don't know how I'm gonna do this. Great, then it's probably gonna work great. Just go do it.
[00:52:00] Speaker B: I just keep saying this over and over again, how scary it is, but it's the world we live in now. And if you don't educate yourself by reading something like your book or some of the other resources that hopefully we'll talk about in a minute, you are going to get taken advantage of and it might be really devastating, you know, and there are some things you can do about it. You know, there are education, like you said. What about like, how did you transition? You mentioned a little bit, but how did you transition, you know, from focusing on like security stuff to like these interpersonal skills that you're talking about that almost talk the way you're talking almost sounds like my profession, like psychology.
[00:52:43] Speaker C: It's interesting. I am. So this class I teach is called the Foundational Application of Social Engineering. And it was designed for people who want to be in the field like me, but move forward. I mean this, I wrote it in 2010, 2011. I've been teaching ever since then. Move forward like six, seven years and I get called by MI5 and MI6.
[00:53:04] Speaker B: Stop it.
[00:53:04] Speaker C: I'm not kidding. I go, I teach the class over in the UK to MI5 and MI6 and I, I'm like, what can I possibly teach these people? And they're like, they wanted to learn the skills that I've been teaching the public and so they're not going to go do hacking. They wanted to use these interpersonal skills as part of their job, right? Then I get called by SOCOM Special Operations Command, and they have this unit that they drop off in the middle of a desert, and they're supposed to walk into a village and not kill anybody and convince them to join our side, right? So they hire me and they say, we want you to teach this. These guys, these 12 guys, this stuff. Then I get called and I get to teach a class to a room full of salespeople. The same class, not altered anything. The same class. Then I teach this class to a group of people who hunt terrorists on. On the Internet, Right. I mean, yeah.
[00:53:51] Speaker B: It's not just on foot.
[00:53:53] Speaker C: That's it. I'm having these things where people are coming to me and they want this training, but it's for something I never thought it would be designed for, right? So all of a sudden I'm sitting here, you know, whatever, 12, 13 years later, and I'm thinking to myself, these skills, I use them every day. Also, not in the hacking world. Like, I use them just to communicate with my kids, my employees, people I meet to get upgrades on things. Like, whatever it is I use it. I'm like, this could be a book. So I started, I wrote this book, and then it became like, oh, now I'm coaching people, I'm helping people apply these skills. It's like, man, it's crazy. Crazy.
[00:54:27] Speaker B: It's crazy. And it's making me want to change professions.
[00:54:30] Speaker C: Yeah.
[00:54:31] Speaker B: Talking about it because. Because I feel like I have some of the skills, you know, the interpersonal stuff like you're talking about, just not the knowledge of the it stuff, really, you know.
[00:54:40] Speaker C: But man.
[00:54:41] Speaker B: Yeah, this is so fascinating. And it's never gonna stop. Like, no offense, you're never going to be out of a job.
[00:54:48] Speaker C: No. You know, the thing is, if you look at human history, there's always been scams, right? There's always been scams. And you can go back, you know, whether you're a Bible reader or not, but you can go back as far as humans have writing and there's been some form of scam. Now the only thing that changes is how was that scam delivered? Right? You go back to the 1800s. We had phishing emails and mails, but they were physical letters that would come, or they'd be people that would come knock on your door and scam you. One of the most famous comment in, in the history was called Victor Lustwig. He sold the Brooklyn Bridge and the Eiffel Tower multiple times. Right. And he was able to do that in person, these things throughout history. Now what changes is now we have the Internet, we have cell phones, we have all this, another medium that whatever the next thing is, they're going to figure out a way to use that.
[00:55:36] Speaker B: Do you think people are smarter? Do you think people are less gullible now?
[00:55:41] Speaker C: Well, that's a good question. I think, I think, I think there's a. I have two feelings on this. I think we are more educated than we've ever been in human history and we have some of the best technology we've ever had.
[00:55:52] Speaker B: But you can be educated and be gullible.
[00:55:54] Speaker C: Yes. And I think though that, that social media, and I'm going to blame them, has kind of turned us into a bunch of sheeple. Right. I mean, how many times do you do, do. And especially like your, your kids there, do they get their news from Tik Tok? Oh, right, right. And then they believe it. They believe it's true.
[00:56:14] Speaker B: They'll tell me things that are not accurate and I know it's not accurate. And I'll say that to them. I'll be like, tell me again where you're getting your. Where you're getting.
[00:56:22] Speaker C: Yeah. And, and during COVID it happened, you know, somebody would put a white lab coat on and get on TikTok and spout off all these facts and it became fact. This was it, right? This, this was it. So we, you look at those things, you know, and I think that we are more gullible because of social media. I think that also. And you know, thank God I'm not in the dating realm.
You look at the dating today, the apps, I think, I think that's another vector that people use. And I think young folks have gotten. So everything's online, everything's in this little device. Their life, everything is here. Right. It's their life.
[00:56:59] Speaker B: You do not know how much I talk about dating apps now. I will say this. I'm not talk. It's. It's ironic. This year, starting in the fall, back in August, till I have not. This has been the first year we have not. I have not really talked about dating apps with students. And so maybe I'm thinking they're kind of figuring out they really are not working for them.
Something's different.
[00:57:22] Speaker C: Yeah, I have a couple employees that are in that age group and you know, they tell me like they've never had good success from a dating app. They go out and these people, of course, and everyone does it you're going to put your best picture on there. So now does the person even look like that? Right. And you're not going to put all of your annoying traits on the dating app. So now you're taking a risk. And I'm like, what happened to just going out and meeting people?
[00:57:45] Speaker B: Well, they're doing that more.
I've found they're doing that more. Thank goodness.
[00:57:49] Speaker C: Go to a bar, go to a pizza shop, go to a movie theater, go to an ice skating rink, whatever the heck you guys do. Go somewhere and meet somebody.
[00:57:56] Speaker B: When I first started working here, this was a new concept to me. But I kid you not, they were doing group dating, and I was like, oh, my gosh. And my husband and I would go out and we'd see these little groups. They'd go around in groups, and I'd be like, this is not gonna work. And now they're back to dating one on one. You know, you'll see a couple out, and my husband and I will be out to eat, and I'll be like, that is so nice to see that. It's like, I love seeing that. It sounds so crazy to say no.
[00:58:25] Speaker C: But it's, you know, appreciate it. I think, you know, a lot of times we see history come back around. I think so, you know, like, you know, that seems dating will be back. Yeah, it might. And then single dating will be back too, you know, but, you know, I think when the dating apps first came, and I know a few people who found their mate on a website. Right. But I think now, as we got come forward in the years, they've just gotten more and more garbagey.
[00:58:50] Speaker B: Yeah.
[00:58:51] Speaker C: And. And the only apps that really seem to work are the ones that are strictly just for sex. Right. And because you go in with no expectation.
Yep. You know what you're going to do? You know, you're not looking for the man or woman of your dreams, so you do that and it's over. And that was the expectation fulfilled. I still think that's. Heck, that's so dang dangerous, especially for young women. I think that's so dangerous. You're. You're. You're just. You're asking some stranger who also wants to have sex to just meet you somewhere.
[00:59:19] Speaker B: Yeah.
[00:59:20] Speaker C: I. It scares the crap out of you.
[00:59:21] Speaker B: I think that used to be called prostitution.
[00:59:25] Speaker C: As long as you don't pay.
[00:59:26] Speaker B: I guess we'll end on that note. This is a whole nother show. I say that all the time. Man. This hour has gone by so fast. I'm almost Over. I appreciate you being on the show. This is. I. We could talk about this way more. I didn't even get to all my questions. So can you think, you know, you mentioned in your book resources, but can you think of any more resources that we haven't touched on that people need to know about? Out.
[00:59:49] Speaker C: So on social-engineer.org I have a podcast that has been out for. Since 2009.
I cover so many different sciency topics and. And topics on conversation and things like that and cyber topics. They can go there. And I have a newsletter on that website too, that comes out once a month.
[01:00:05] Speaker B: What's that again? Social-social.
[01:00:07] Speaker C: Yeah, social hyphen engineer.com org and also social Hyphen Engineer too. But the resources, I'm telling you are on the.org and it's a newsletter and the podcast. So they can go there. They can go to humanhackingbook.com and check out the resources for the book if they're reading that. And. And yeah, just hit me up on LinkedIn or something if you have any questions. Yeah, I'd love to come back and do the show on Sexual sex Torsion.
[01:00:33] Speaker B: Yeah, I would like to do that next fall. I'll make a note. We'll do it. Thank you so much. I'm gonna make a few announcements before we close. I really appreciate it. This has been great. This has been great. Don't forget, our shows are recorded and podcasted On Apple Podcasts, audioboom.com and Voices UA Edu. You can just type in Brain Matters and you'll find some of our past shows. You can go to the link for Voices UA Edu on our counseling center's website. That's Counseling UA Edu. I always like to thank a few people who've made the show possible. Our executive director, Dr. Greg Vanderwaal, My producer, and one of my colleagues, Katherine Howell, who will be back next week. She's not here tonight. My colleagues here at the counseling center. Katherine Ratchford is the UA student who edits our shows. She does a fantastic job and I always appreciate her. And of course, my guest tonight, Chris Hagnegy. I hope I said that right. I'm gonna say that every time. Don't forget, we're on next week and we're gonna have another interesting topic. We've only got, I think, four more shows left, but this topic is betrayal trauma. So join in, tune in. We'll be here same time, same place. Thanks for listening and good night.
[01:01:49] Speaker A: This show was not intended as a substitute for professional counseling. Further, the views, opinions and conclusions expressed by the show hosts or their guests are their own and not necessarily those of the University of Alabama, its officers or trustees. Any views, opinions or conclusions shared on the show do not create a relationship between the host or any guest and any listener, and such a relationship should never be inferred. If you feel you are in need of professional mental health and are a UA student, please contact the UA Counseling center at 348-3863. If you are not a UA student, please contact your respective counties crisis service hotline or their local mental health agency or insurance company. If it is an emergency situation, please call 911 or go to your nearest emergency room.
