HN Books may receive an affiliate commission when you make purchases
on sites after clicking through links on this page.
Amazon Summary
The first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. Examines social engineering, the science of influencing a target to perform a desired task or divulge information Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages. From the Author: Defining Neuro-Linguistic Hacking (NLH) Author Chris Hadnagy NLH is a combination of the use of key parts of neuro-lingusitic programming, the functionality of microexpressions, body language, gestures and blend it all together to understand how to “hack” the human infrastructure. Let’s take a closer at each to see how it applies. Neuro-Lingusitic Programming (NLP): NLP is a controversial approach to psychotherapy and organizational change based on "a model of interpersonal communication chiefly concerned with the relationship between successful patterns of behavior and the subjective experiences underlying them" and "a system of alternative therapy based on this which seeks to educate people in self-awareness and effective communication, and to change their patterns of mental and emotional behavior" Neuro: This points to our nervous system which we process our five senses: • Visual • Auditory • Kinesthetic • Smell • Taste Linguistic: This points to how we use language and other nonverbal communication systems through which our neural representations are coded, ordered and given meaning. This can include things like: • Pictures • Sounds • Feelings • Tastes • Smells • Words Programming: This is our ability to discover and utilize the programs that we run in our neurological systems to achieve our specific and desired outcomes. In short, NLP is how to use the language of the mind to consistently achieve, modify and alter our specific and desired outcomes (or that of a target). Microexpressions are the involuntary muscular reactions to emotions we feel. As the brain processes emotions it causes nerves to constrict certain muscle groups in the face. Those reactions can last from 1/25th of a second to 1 second and reveal a person’s true emotions. Much study has been done on microexpressions as well as what is being labeled as subtle microexpressions. A subtle microexpression is an important part of NLH training as a social engineer as many people will display subtle hints of these expressions and give you clues as to their feelings.
It looks like you genuinely believe that two people talking face to face would not be subjected to exploitation.
The book exactly talks about how exploitation in this context had been thriving even before Computer and Network Security became a thing.
In computer setting, an adversary still needs to do factorization to crack keys or priming the victim's computing machinery, both of which require advanced knowledge in science and technologies mind you, to do the exploits.
But for people, they come with beliefs, cultural and social biases, personal habits, and ignorance which are not too hard to discern, making human factor in systems a larger risk.
I was reading Social Engineering: The Art of Human Hacking [0] a few years ago and it was really fascinating to see how easy it is to get the user to give us data versus unlocking an AES256 encrypted value on a computer I'm not allowed to touch.
Since I do a lot of work in PCI (Ecommerce / Orders / Credit Cards) I've learned that the most secure systems never allow the human user to access decrypted data. That things like tokenization work, and it's far better to give an abstraction of a credit card for tech support and developers to work with than the actual card even though on the surface it seems like it's not a big deal.
If you are designing a system and at any point think, "This data is okay for the user to access because they can't (share/steal/walk out of the building with) it." You should seriously read the book I mentioned above. It really is impossible for you to imagine all of the very logical scenarios that would lead a janitor to keep a door unlocked. In fact, I can already think of a handful of reason why, if I were a janitor, I would keep that door unlocked because of a sticky note.
I always thought that one was kind of stupid. Encrypting laptop data protects you if your laptop is lost or stolen. If people are willing to kidnap and torture you for your data, you have bigger problems than the fact that they probably will get it.
Lorem ipsum dolor sit amet,
consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et
dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation
ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor
in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla
pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui
officia deserunt mollit anim id est laborum.