Recently a friend sent me a link to the book review by Ben Brothke on the much talked about book in Hollywood, Social Engineering: The Art of Human Hacking, penned by Christopher Hadnagy and published by Wiley.
Hollywood is divided into two tribes of filmmakers. There’s those that unpicked social engineering by offering views of living different than what we may perceive to be good living. Avatar‘s green planet conservation film text over destroying the earth in war, was one such powerful moment. Or, on the other hand, Hollywood too can be involved in filmmaking to program people with texts of new trends (sometimes propanda – all cinemas do this to varying degrees with view points offered) embedded in films to help social engineering people along the lines of new orders of power, or, prescribing the ‘new norms’ of social behavior.
For these two reasons, I’ll give you some snippets of Ben’s review on the topic of social engineering (people hackers) as a courtesy to the friend who shared the link. Here we go.
A person’s brain (or mind) can be hacked like a computer. Christopher Hadnagy describes social engineering as being like a science of manipulation of humans. He writes ‘tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.’
Studies on how people have been hacked reveal two important books before Hadnagy’s. These Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers.
Hadnagy advances the social engineering (observational science of the process) by detailing how attacks take place. He writes, the social engineer needs to use a formal context for the attack.
Information gathering is the game. (We saw this in wikileaks for example with a global scandal in foreign affairs ‘secrets’ being spilled to other nations). Brothke writes ‘Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet (Pdf) that is used to assist agents with elicitation.
Read the rest of this entry »
