At Black Hat USA 2014, I shared a diagrammatic method of perceiving what I call con and hypercon.1 A con is just what it sounds like: a state in which one actor attempts to deceive another, most often to do something that benefits the first and hurts the second. Phishing is a con as is “the big store” in the movie The Sting as is—more generally—any case in which one actor willingly hides a secret or projects a falsehood when attempting to manipulate another actor.
A hypercon state exists when the “conned” actor sees through the con. This opens options such as covertly watching what the “conning” actor will do and exploiting the “conning” actor’s now inferior state of knowledge. Turning the tables on a phisher or, in other words, “conning the con” might result from awareness at the hypercon level.
Of course, nothing is ever quite so simple. Real-world situations often involve more than two actors. Also, states of both perception and misperception can exist. For example, I think I perceive a con, but I’m simply misperceiving events and signals. Alternatively, I believe I’ve successfully implemented a con, but my target has missed my projected signals; or my opponent and I are both running cons, and we’ve missed each other’s signals. The possibilities aren’t endless (I’ve enumerated them before), but several are more common, and it’s these we should consider.
Without going into the diagrams and processes I’ve built to explore and exploit these more complex options, I’ll just say that awareness alone of con + hypercon + variations in players and potential misperceptions can yield tremendous insight into otherwise perplexing situations. It can help reveal possible motives and explain possible signals and actions. In short, it aids in identifying the sorts of possibilities we often skip over when we fail to question incoming signals and instead leap at the obvious (which is often exactly what our opponents want us to do). In other words, it’s all about exploring possibilities—ones that can hurt us (the undetected con) and ones that can help us (the detected con).
I mentioned in a previous post that during this election season (before and after) I feel as if I’ve been living in a house of mirrors. With leaks, allegations, and counter-allegations sprouting like weeds, I wonder how, as a citizen, I can discern anything close to the truth. The logic of con and hypercon can help enumerate the possibilities. I like to keep RTJ as politically neutral as possible, so I’m going to let you explore that minefield. I suggest that you start with the following questions, illuminating each with the available and relevant information you have available.
- Is everything as it appears to be?
- Who are the relevant actors, and what are their motives?
- Who might be attempting a con (successfully or unsuccessfully)?
- Who might be playing a hypercon (successfully or unsuccessfully)?
- What combination of opposing con and hypercon (successful or unsuccessful) might exist?
Append to each of these questions the overarching question “What if I’m wrong?” to consider additional possibilities. As in all circumstances, risks grow when meaningful and potentially dangerous possibilities slip by us unperceived.
And while the process of exploring combinations of con and hypercon does not automatically grant us the wisdom of a philosopher king, it can at least grant us the eye of the sly jester, which, all things considered, is probably at least as useful, particularly in these times.
- This was a joint presentation with Matt Devost, who explained the cyber implications of con and hypercon. [↩]