Skip to main content

Understanding the SADRAT Social Engineering Process

Understanding the SADRAT Social Engineering Process

Cross post from the website 

The term SADRAT came into focus recently in 2024 when a former CIA officer, Andrew Bustamante made videos promoting his new company that included claims about his experience in the CIA, and in-depth sharing of unclassified information. His motivation is apparently to help CEOs improve their company's bottom lines - primarily through social engineering using the SADRAT process. A full 35 minute interview with Andrew is available on Insider's Youtube channel, in addition to appearances on numerous other Youtube channels, podcasts, and blogs.  

While SADRAT is not mentioned in the 1978 CIA list of intelligence terminologyUS DoD Counterintelligence terminology, or officially declassified CIA records, it's safe to say that most internal policies are not included in those collections and it's likely that the revelations from Andrew are legitimate.In fact, another former CIA agent Ryan Hillsberg also shared the same CIA recipe for spy recruitment.  Let's take a look at Andrews's claims about the CIA's social engineering process used by actual operatives for extracting security intelligence out of their targets.

Here is a brief description of the SADRAT process:

  • S (Spot): Identifying potential intelligence assets who have access to valuable information or influence relevant to intelligence objectives, using methods like surveillance and background checks. This first stage maps nicely to the Lockheed Martin's "Reconnaissance" stage of the Cyber Kill Chain and the first stage of Penetration testing campaigns. 

  • A (Assess): Evaluating the suitability, usefulness, reliability, and willingness of identified individuals to cooperate, analyzing their motivations, vulnerabilities, and potential risks.

  • D (Develop): Building a relationship with potential assets to gain their trust and prepare them for recruitment, involving staged interactions and meetings.

  • R (Recruit): Formally bringing them on board to gather intelligence. This includes explicitly proposing to the candidate to work as an intelligence asset, negotiating terms, and establishing communication protocols.

  • A (Agent Handling): Managing the recruited asset to ensure effective information gathering and transmission, maintaining regular contact, and ensuring their security and motivation.

  • T (Terminate): Concluding the relationship with the asset when their usefulness has ended or the risk becomes too great, ensuring a safe and discreet end to their activities.

Upon inspection, SADRAT serves as a play-by-play strategy that a malicious insider might use in a campaign to identify and recruit disgruntled employees inside a company and recruit them to be an affiliate for a hostile nation-state or apex ransomware gang.  

Labels:

Comments

Post a Comment

Popular posts from this blog

Helen Mirren once said: Before you argue with someone, ask yourself.......

Helen Mirren once said: Before you argue with someone, ask yourself, is that person even mentally mature enough to grasp the concept of a different perspective. Because if not, there's absolutely no point. Not every argument is worth your energy. Sometimes, no matter how clearly you express yourself, the other person isn’t listening to understand—they’re listening to react. They’re stuck in their own perspective, unwilling to consider another viewpoint, and engaging with them only drains you. There’s a difference between a healthy discussion and a pointless debate. A conversation with someone who is open-minded, who values growth and understanding, can be enlightening—even if you don’t agree. But trying to reason with someone who refuses to see beyond their own beliefs? That’s like talking to a wall. No matter how much logic or truth you present, they will twist, deflect, or dismiss your words, not because you’re wrong, but because they’re unwilling to see another side. Maturity is...
Post a Comment
Read more

Why BJP is opposing the Telangana caste census?

The BJP opposes the Telangana caste census primarily due to concerns about its political motivations, alleging that the Congress party is using it for electoral gain rather than genuine welfare of Backward Classes (BCs)  1 3 .  BJP leaders argue that the census distracts from Congress's unfulfilled promises to BCs and could exacerbate social divisions  2 4 .  Additionally, there are fears within the BJP that a detailed caste enumeration might reveal ongoing upper-caste dominance in politics and society, which could challenge their support base  7 8 . The BJP's main arguments against the caste census include: Political Manipulation : BJP leaders assert that the Congress party is using the caste census for political advantage rather than for the welfare of Backward Classes (BCs), claiming it distracts from unfulfilled promises made to these communities  2 4 . Threat to Hindutva Agenda : The party views the census as a potential challenge to its support base a...
Post a Comment
Read more

JAI HIND: WHO DO WE OWE IT TO?

Though the origin of Jai Hind is usually ascribed to Chempakaraman  Pillai in 1907, it didn’t have a popular usage till Netaji Bose made it the standard greeting of the INA. How this happened to be has a Hyderabad connection. It is believed by Netaji’s close followers that the slogan "Jai Hind" as coined by Abid Hasan Safrani.   Abid Hasan Safrani  was the son of the soil of Hyderabad in India. His real name was Zainul Abedin Hasan. He preferred to be called Abid Hasan. His parents expired during the British Raj. Before that they had sent him to Germany instead of England for higher studies in Engineering stream. During the that time, Netaji Subhas Chandra Bose visited Germany and addressed Indian  prisoners of war & also students and asked them  to join Indian National Army (Azad Hind Fauj). Abid Hasan met him and got inspired by the charisma of Netaji.  He told him that he would join him after finishing his studies. Netaji said tautingly t...
Post a Comment
Read more