“Social Engineering – The Art of Human Hacking”

INTRODUCTION

Do you believe you can’t be hacked?  Do you think that your company is safe because of on-staff security personnel and big security budgets?  Are you convinced you are doing all you can to protect both your personal assets as well as your company’s assets?  Regardless of your answers this book is a great read.  Either you will quickly learn how wrong you were about your perceived security position, or you will get a great education on just how vulnerable we all are.  Who knows, maybe a little of both?

To begin with, you must understand that security is a puzzle with two sides. Most of us only view the puzzle from the inside.  To truly understand your vulnerabilities, you must view the puzzle from the other side: the side of the hackers.  “Most of us believe our homes are safe until one day, we find ourselves locked out.  Suddenly, our perspective shifts and weaknesses are easily found.”  (Hadnagy, 2011) Come on, admit it!  You know you could break into your own house if you had to.

BOOK INFORMATION

“Social Engineering – The Art of Human Hacking” by Christopher Hadnagy; Published 2011 by Wiley Publishing, Inc.; ISBN 978-0-470-63953-5; Library of Congress Control # 2010937817

REVIEW

In his book “Social Engineering – The Art of Human Hacking”, Christopher Hadnagy uses a “tell and show” approach to illustrating that EVERYONE (and I mean EVERYONE) can be conned. The author uses years of experience to help the reader to understand all the nuances of human hacking. From the planning stages to the end results of springing the trap, Christopher is a master! No, let me restate that Christopher is THE master!

“Christopher is an Adjunct Professor of Social Engineering for the University of Arizona’s NSA designated Center of Academic Excellence in Cyber Operations (CAE-CO). He also lectures and teaches about social engineering around the globe. Moreover, he’s been invited to speak at the Pentagon, as well as other high secure facilities.  Additionally, as the creator of the world’s first Social Engineering Capture the Flag (SECTF), Chris leads the way in educating people on this serious threat.” ( https://social-engineer.org )

Christopher credits his website  ( https://social-engineer.org ) for the beginnings of this book. The site offers a wide variety of articles, tips, techniques, and other pertinent resources. In the blog there is guidance for all categories of individuals from parents and students all the way to CEO’s & CSO’s of an organization.  The site is highly recommended for anyone that is just peeking over the fence about social engineering all the way to seasoned hackers looking to sharpen their skills.

The book is timeless in the information, well designed, and chock full of valuable information for the would-be social engineer, a seasoned veteran, or the person looking to guard against being conned.  The book will take you on a logical journey starting with an overview of social engineering and then show you how it is done using information gathering techniques, elicitation, pretexting, psychological principals, and finally into the influence stage where you learn to induce the necessary responses from your victim(s) to make your con a success. 

RECOMMENDATION

I find the book an easy read, and because of the structure, it is an easy reference if you are simply looking to brush up on a single aspect of the art of social engineering. Christopher’s writing style is relaxed and instructive.  He truly knows his craft!  Be sure to read the book to learn and understand the WHO, WHAT, WHEN, WHERE and WHY of social engineering. 

“If you know the enemy and know yourself you need not fear the results of a hundred battles” – Sun Tzu