Security and Privacy in a Networked World/No Tech Hacking
Instead of a Motto: "You only have to ask"
"Activate the wealth corner of any crowded room by standing in it with a large kitchen knife and a sign that reads "Give Me All Your Money" - Rohan Candappa, The Little Book of Wrong Shui
Social Engineering - what is it?
In his well-known book "The Art of Deception", Kevin Mitnick has given the following definition:
"Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology."
In short, it IS the art of deception. And despite Mitnick himself having been widely labelled as "the most dangerous hacker in the world", he was most of all a genius social engineer, having had a majority of his accomplishments without using technology.
PIBKAC again...
Some techniques
The following points are mostly summarized from "No Tech Hacking" by Johnny Long.
Dumpster Diving
...
Tailgating
...
Shoulder Surfing
...
Measures against physical defenses
...
Countermeasures
Dumpster Diving
...
Tailgating
...
Shoulder Surfing
...
Measures against physical defenses
...
Additional reading and links
- LONG, Johnny. No Tech Hacking: A Guide to Social Engineering, Dumpster Diving and Shoulder Surfing. Syngress, 2008
- MITNICK, Kevin, SIMON, William L. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, 2002
- OOSTERLOO, Bernard. Managing Social Engineering Risk: Making Social Engineering Transparent. University of Twente, 2008
Study & Blog
- Find and describe an interesting case of "no tech hacking".
