Skip to main content

Understanding the SADRAT Social Engineering Process

Understanding the SADRAT Social Engineering Process

Cross post from the website 

The term SADRAT came into focus recently in 2024 when a former CIA officer, Andrew Bustamante made videos promoting his new company that included claims about his experience in the CIA, and in-depth sharing of unclassified information. His motivation is apparently to help CEOs improve their company's bottom lines - primarily through social engineering using the SADRAT process. A full 35 minute interview with Andrew is available on Insider's Youtube channel, in addition to appearances on numerous other Youtube channels, podcasts, and blogs.  

While SADRAT is not mentioned in the 1978 CIA list of intelligence terminologyUS DoD Counterintelligence terminology, or officially declassified CIA records, it's safe to say that most internal policies are not included in those collections and it's likely that the revelations from Andrew are legitimate.In fact, another former CIA agent Ryan Hillsberg also shared the same CIA recipe for spy recruitment.  Let's take a look at Andrews's claims about the CIA's social engineering process used by actual operatives for extracting security intelligence out of their targets.

Here is a brief description of the SADRAT process:

  • S (Spot): Identifying potential intelligence assets who have access to valuable information or influence relevant to intelligence objectives, using methods like surveillance and background checks. This first stage maps nicely to the Lockheed Martin's "Reconnaissance" stage of the Cyber Kill Chain and the first stage of Penetration testing campaigns. 

  • A (Assess): Evaluating the suitability, usefulness, reliability, and willingness of identified individuals to cooperate, analyzing their motivations, vulnerabilities, and potential risks.

  • D (Develop): Building a relationship with potential assets to gain their trust and prepare them for recruitment, involving staged interactions and meetings.

  • R (Recruit): Formally bringing them on board to gather intelligence. This includes explicitly proposing to the candidate to work as an intelligence asset, negotiating terms, and establishing communication protocols.

  • A (Agent Handling): Managing the recruited asset to ensure effective information gathering and transmission, maintaining regular contact, and ensuring their security and motivation.

  • T (Terminate): Concluding the relationship with the asset when their usefulness has ended or the risk becomes too great, ensuring a safe and discreet end to their activities.

Upon inspection, SADRAT serves as a play-by-play strategy that a malicious insider might use in a campaign to identify and recruit disgruntled employees inside a company and recruit them to be an affiliate for a hostile nation-state or apex ransomware gang.  

Labels:

Comments

Post a Comment

Popular posts from this blog

Helen Mirren once said: Before you argue with someone, ask yourself.......

Helen Mirren once said: Before you argue with someone, ask yourself, is that person even mentally mature enough to grasp the concept of a different perspective. Because if not, there's absolutely no point. Not every argument is worth your energy. Sometimes, no matter how clearly you express yourself, the other person isn’t listening to understand—they’re listening to react. They’re stuck in their own perspective, unwilling to consider another viewpoint, and engaging with them only drains you. There’s a difference between a healthy discussion and a pointless debate. A conversation with someone who is open-minded, who values growth and understanding, can be enlightening—even if you don’t agree. But trying to reason with someone who refuses to see beyond their own beliefs? That’s like talking to a wall. No matter how much logic or truth you present, they will twist, deflect, or dismiss your words, not because you’re wrong, but because they’re unwilling to see another side. Maturity is...
Post a Comment
Read more

The battle against caste: Phule and Periyar's indomitable legacy

In the annals of India's social reform, two luminaries stand preeminent: Jotirao Phule and E.V. Ramasamy, colloquially known as Periyar. Their endeavours, ensconced in the 19th and 20th centuries, continue to sculpt the contemporary struggle against the entrenched caste system. Phule's educational renaissance Phule, born in 1827, was an intellectual vanguard who perceived education as the ultimate equaliser. He inaugurated the inaugural school for girls from lower castes in Pune, subverting the Brahminical hegemony that had long monopolized erudition. His Satyashodhak Samaj endeavoured to obliterate caste hierarchies through radical social reform. His magnum opus, "Gulamgiri" (Slavery), delineated poignant parallels between India's caste system and the subjugation of African-Americans, igniting a discourse on caste as an apparatus of servitude. Periyar's rationalist odyssey Periyar, born in 1879, assumed the mantle of social reform through the Dravidian moveme...
Post a Comment
Read more

India needs a Second National Capital

Metta Ramarao, IRS (VRS) India needs a Second National Capital till a green field New National Capital is built in the geographical centre of India. Dr B R Ambedkar in his book "Thoughts on Linguistic States" published in 1955 has written a full Chaper on "Second Capital for India" While discussing at length justfying the need to go for a second capital has clearly preferred Hyderabad over Kolkata and Mumbai. He did not consider Nagpur. Main reason he brought out in his book is the need to bridge north and south of the country. He recommended Hyderabad as second capital of India. Why we should consider Dr Ambedkar's recommendation: Delhi was central to British India. After partition, Delhi is situated at one corner of India. People from South find it daunting to visit due to distance, weather, language, culture, etc. If Hyderabad is made second capital, it will embrace all southern states. People of South India can come for work easily. Further, if Supreme Court...
Post a Comment
Read more