Conclusion: Abusing OODA

August 16, 2016
#Social Engineering #Manipulation #Persuasion #Boyd #OODA #OODA Loop #learning #decision-making #intuition |
| | Share on Google+

Please read the other posts in this series first.

Whew - almost done! Let's look at a few examples of abusing Boyd's OODA loop and then we'll tie up some loose ends before concluding the series.

Abusing the OODA Loop

Our first example is a simple one and often times people misrepresent Boyd's ideas by presenting this as the main or only example despite it being far from the most useful. Time is an incredibly important factor in many situations and often enough the person who can successfully complete their cycle faster (thus allowing for more cycles hence a better "oriented" decision) will be victorious. Boyd describes this in the below excerpt:

Under OODA loop theory every combatant observes the situation, orients himself, decides what to do and then does it. If his opponent can do this faster, however, his own actions become outdated and disconnected to the true situation, and his opponent’s advantage increases geometrically.

Example 1: Resetting the enemies loop

Exploit weakness; if you can't find it then you have to create it. The idea here is to catch the opponent "off guard" and create a moment that "breaks their loop" and sends them back to observation and orientation (thus hopefully preventing action or forcing a poor decision). The Tueller Drill is a great example of this and it focuses on a "21 foot" rule for shooting a target armed with a melee weapon. Tueller determined that a target can travel 21 feet in 1.5 seconds thus making this the start of a "danger zone"; shooting too early can cause political ramifications or have unfortunate consequences while shooting too late can put the defender in danger.

On the flip side a commonly recommended defense against an assailant armed with a gun is to immediately close the distance and attack them if you are within this "21 foot" boundary. People armed with guns often have a certain "air of confidence" where they expect others to follow their orders or be hesitant/scared and rushing them can create a moment that potentially throws them off their game.

This first method is simple and comes with drawbacks as outlined by British officer Jim Storr (as quoted by Osinga);

The OODA process is not circular. It apparently takes 24 hours to execute a divisional operation. Planning takes a minimum of 12 hours. Thus a divisional OODA loop would have to be at least 36 hours long. Yet the Gulf War and other recent operations show divisions reacting far faster. Military forces do not in practice wait to observe until they have acted. Observation, orientation and action are continuous processes, and decisions are made occasionally in consequence of them."

Boyd also mentions some drawbacks as well;

"It has sometimes proven advantageous to take extra time selecting a course of action — that is, reaching a decision to act — in order to create a more favorable environment for actions in the future. 'Taking extra time' does not mean that we become passive or give up the initiative. Commanders will, for example, continue to probe and test the adversary to unmask strengths, weaknesses, maneuvers, and intentions."

A good example of this "probing" is how countries, like Russia, will fly fighter jets to the edge of other countries airspace to test response magnitude and response times. The drawback here is that this moment may force a knee-jerk or heuristic reaction of attacking.

Example 2: Abuse known heuristics and baseline behavior

Piggybacking off of "knee jerk reactions" you can abuse this forced reaction if you know what their heuristic for the situation is. These can be established either with prior intel gathering or by establishing "baseline behaviors" aka common reactions to stimuli. You can also abuse the various cognitive biases I mentioned earlier. A good example of this is determining when someone is bluffing in poker; you play the first few hands by taking a few different actions and seeing how the person responds. Then you eventually narrow it down to the point where you can tell they are bluffing based on patterns you've seen in prior hands - say by the size of the raise or perhaps timing/how quickly they are to raise you etc.

Another good example comes from the movie Semi-Pro in which a basketball team learns a play called "the puke". "The puke" is a play meant for dire circumstances that they run over and over until they physically puke to really ingrain the play into their muscle memory; the coach even says something like "I want you to be able to run this play in your sleep" and they end up using "the puke" to win a big game. Despite being a fictional example this is a fairly common tactic in many arenas of competition.

Example 3: Honeypots

"Honeypots" aka intentional distractions/traps are an excellent way to force opponents back into the observation and orientation phase. Fakes in football where the quarterback will look downfield or "pump fake/fake throw" one direction while actually intending to throw in a completely different direction are a great example of this. This accomplishes 2 goals; first the opponent is forced back into observation/orientation again but they are also forced to backtrack through a mistake (which can be very costly). When trying to elicit information you can make it seem as though you are really interested in something benign in hopes of getting at information on another subject/target from the discussion or at least sending them on a "mental wild goose chase" when trying to figure out your intentions. Try adding in useless, irrelevant, or false data aka "noise" for them to sift through or react to.

You can also reverse number 2's "abuse known heuristics" by baiting them using an easily recognizable pattern and then break that pattern by attacking/countering unexpectedly when they feel confident enough to exploit it.

Example 4: Add [artificial] constraints to the enemies loop

One more thing to try is adding constraints to the enemies cycle (artificial or otherwise) and you can start by deliberately making moves that will take too long for them to attempt verifying/orienting with before they can react. Going back to phishing for a service reps password using the "company jargon" by saying you're from their "ITB" department lends legitimacy while likely taking too long for the rep to actually verify. Sure, they could put you on hold and call IT to verify or look you up in a company directory but honestly often enough company policy won't be enforced; you have to win once yet they have to win every time. It may also aggravate their coworkers and the rep likely just wants to make their numbers and go home.

Cialdini's 6 Principles of Persuasion uses another common method from sales known as "scarcity". When you make it seem as though an offer won't last long people are much more likely to impulsively "jump the gun" without thinking it through due to the added pressure; this can be used in many situations where something important gets threatened or put on the line such as a lead in a close sports game. When that lead becomes immediately threatened (say by setting up a center shot on goal in soccer) the opposing team may go into an emergency/frantic mode causing panic, sloppy play, or mistakes.

Example 5: Promote chaos with rapid changes

This is the most powerful example; exhaust/overload an opponent by fighting a "war of attrition" with their willpower, stamina, or ability to react in time. Boyd goes on to describe how the OODA strategy is more than just "complete your cycle faster" and involves changing tempo to actively promote chaos;

“Observe, orient, decide and act more inconspicuously, more quickly, and with more irregularity. Generate uncertainty, confusion, disorder, panic, and chaos to shatter cohesion, produce paralysis, and bring about collapse.”

Sports like basketball, hockey, and soccer make great use of this in terms of ball/puck handling skills; imagine an offensive player trying to "fake out" the defense with a series of short dribbles/movements that rapidly change direction/tempo or don't have an immediately obvious motive. The defense is now forced back into "observation and orientation" multiple times to try and discern a pattern or plan so they can react accordingly and this can potentially make them feel so overwhelmed or short on time that they revert to heuristics or it forces a premature decision.

Fingerprinting users can be done via commonly used hardware, software, IP address/locations, battery status, passwords, and all sorts of other neat tricks. Defending against fingerprinting requires rapid, constant change of these variables to make it hard to really "pin you down" with a high degree of reliability.


Thank god it's over! Pat yourself on the back! Seriously - if you've been keeping up with the series then you just read a ~12,500+ word behemoth and I hope you've found at least a few useful tidbits scattered throughout.

There is one thing I'd like to mention regarding our inner story before concluding the series though; once you become aware of people's "stories" you then become aware of your own which causes it to lose power over you. You'll find that many habits, reactions, and life decisions were being made simply due to the massive inertia of your own inner story - always played the nerd, pushover, freak, or grumpy gus? Now you should now be able to change your own story at any time by using your new skills of mask-wearing, story telling, and method acting.

If you'll direct your attention to the series homepage you might notice an interesting pattern; there are 8 posts in this series and the structure ties-in fairly well with our story-telling post.

  1. An idea - Empathy, Nietzsche, inner story, abuse self-interest
  2. Something isn't right - Wearing masks and the associated dangers
  3. Cross the threshold - Abusing story-telling's ancient roots
  4. Road of trials - Method acting, intel gathering, people watching, and practice practice practice!
  5. The Goddess - Guerrilla intel gathering methods and advanced people watching/perception skills
  6. The maker - Building rapport/mirroring and forcing attraction/trust
  7. Road of Return - Change, Boyd's OODA loop and understanding intuition, learning, and decision making.
  8. Return with change - Abusing OODA, intuition, learning, and decision making.

I sincerely hope you feel as though you are "returning with change" after having read the series. I said it at the start and I'll say it again here - SE is incredibly relative and this is only meant to provide you with a "foundation" of sorts and not a playbook or microwave food instructions. "Teach a man to fish" and all that, you know?

Never restrict yourself to only one theory as it's inherently limiting to the amount of sources/tools you can draw on for the creation of new mental models. Test every theory you come across rigorously, take the parts that work, and leave the rest - sometimes poor or incomplete theories are very useful in certain situations despite being poor heuristics. Keplar's laws for planetary motion are my favorite example of this since they are technically wrong but give incredibly accurate approximations.

Do things on your own, think for yourself, and never just "accept" conclusions regardless of their source or how legitimate the study or expert seems. I'd even ask you to apply this to my series itself! The below quote from Nietzsche illustrates this point beautifully:

"You revere me; but what if your reverence tumbles one day? Beware lest a statue slay you. You say you believe in Zarathustra? But what matters Zarathustra? Now I bid you lose me and find yourselves; and only when you have all denied me will I return to you."

Thanks for reading and good luck out there...


August 16, 2016
#Social Engineering #Manipulation #Persuasion #Boyd #OODA #OODA Loop #learning #decision-making #intuition |
| | Share on Google+