Aetheric Research, Ltd.

Social Engineering: The Art of Human Hacking

Christopher Hadnagy

The review that I’d read on Slashdot fairly glowed with praise, describing Social Engineering as being the “definitive text” on the subject.  I’m going to have to modify that statement, as I have some fairly severe reservations about the book.

Available in both dead-tree and ebook formats, the book’s electronic edition is, at least, well put together and mostly* professional looking, with table of contents and an index–no glossary, however, which this book might benefit from like other introductory texts.

And it is an introductory text–the language is obviously aimed at the novice, someone for whom ‘social engineering’ is a buzzword they may have heard once.  Much of the first part of the book, before he gets into the ‘meat’ of the subject, is spent trying to make the case for why you should read the rest of the book.  

When he does get though his spiel of trying to both concern and reassure the reader–that social engineering is a real and dangerous phenomenon that is so all-pervasive that you may not be aware it’s happened and that there are ways to be able to tell, respectively–and gets into the subject the book is nominally about, the content improves significantly.

The book is laid out according to his ‘system’–that’s really what he’s selling, here: a way to organize and categorize social engineering as a teachable system–where he outlines various ways to pursue an ultimate goal of finding out information that the target wishes to keep hidden.

There’s a broad sketch of information gathering techniques–a couple of software packages are namedropped as a means to organize and collate information–followed up with sketches of elicitation (more or less congruent with other standard resources on the subject; links are provided therein to government pamphlets and the like), reading body language (mostly concerned with facial microexpressions–almost nothing on other body language interpretation) and an overview of building pretexts (mostly concerned with selecting the correct one).

The section on causing “buffer overruns” in humans is fairly interesting and well put together, but he either doesn’t recognize or purposely deemphasizes the general case (that of distracting the conscious mind in order to plant suggestions or issue short commands that will be followed without immediate objection) for several specific method-driven cases.

There are some other bits and pieces which might be useful to the budding social engineer–recommendations on how to bypass physical security, for instance, and methods for seeding exploits into locations where the target might conceivably run them.

At the end, there are some case studies–discussing a couple of cases from Mitnick’s book on the subject; a couple of his own cases; and a couple of cases that, dramatically, are hightly obfuscated as “top secret” and intimated to be about “high profile” companies and the like.  If you’ve actually read the book up to this point, you’ll likely realize that the language chosen to introduce that section in particular is more than a little loaded.

As an introduction to the concepts and processes of social engineering, it’s not a bad book.  It does cover most of the bases of social engineering and some related concepts, but there are a few rather large holes.

If I were to take Mr. Hadnagy at his word–which, given the context of the book, would be a rather foolish thing to do–pretty much everything he does is elicit enough of an opening to introduce spyware onto a corporate system using a PDF exploit.  It’s always the same methodology in every case that he describes his personal involvement in, and it reads like a particularly bad spy thriller when he does so.  I get this impression of inexperience in the field, as well–he takes a sort of “gee whiz, ain’t that cool!” tone with the exploits of others that he describes, who have little to recommend them beyond their audacity in taking on the targets they did and their talent at maintaining their pretext.  

He also continually refers to his “mentor” in such a way that makes me question whether the Master knows the Apprentice is writing and marketing books based on work they may have done.  

If you’re entirely unaware of social engineering–if you’ve never seen a spy movie, or a heist movie, or read about Frank Abignale or any other famous con-men; if you’ve never considered ways in which people would be able to steal your information or convince you to take an action that you would not otherwise take–then feel free to read this book.  If you’re after a more serious education as to how social engineering works and how to present yourself in a certain way to gain another’s sympathy, then take an acting class–you’ll get a lot farther.

*One does not make one’s source citations in-line.  One makes one’s citations in footnotes like a civilized person.  Mr. Hadnagy should take note.

By Thomas Hopp, via B&N’s ebook store.

An amusing, though not quick, read follows the adventures of a rancher’s daughter who seeks to be a paleontologist, a predator reintroduction expert working for the park service, an older paleontologist with an annoying laugh, and a 65-million-year-old two-year-old hippie raptor warrior as they pass through the struggles of a returning civilization.

Wait, what?

The basic premise behind the book is that a secret base is found in a deep crater at the south pole of the moon.  When a secret expedition is launched to explore it, in typical hubris-of-man style, the astronauts reactivate the dormant millions-of-years-old machinery, which apparently starts churning out dinosaurs in a bid to retake the planet post-catastrophe.  Conveniently, the aforementioned paleontologist has just found the remains of the civilization that the dominant raptor species (who set up said moon base) had once built on the shores of the North American inland sea.  The plot unfolds in a predictable manner, with NORAD becoming the effective C&C center for the armed services that remain after the moon laser obliterates most of the military infrastructure.

Apparently dinosaurs got lasers.

The book very much runs on rule of cool by that point, with a sideplot regarding some JPL employees suffering from being forced to keep a secret regarding the secret moon base that their moon probe found a couple years before.  There’s a spoiler to be had there, but most reasonably clever readers will likely figure it out.

That’s not to say the book is -bad-, but it does suffer from a few unfortunate difficulties.  Characterization is somewhat spotty at times, with the paleontologist rancher’s daughter acting as both the Action Woman and The Chick depending on what the scene requires, almost as if she’s two people who happen to share the same name and wander around together without ever seeing each other.  The predator reintroduction parallels are fairly obvious once the tyrannosaurus shows up; the fate of the ranger at the end of the book is, apparently, intended to hammer said parallels home, though the gratuitous joke about Mexican migrant workers was, I thought, in poor taste.  The older paleontologist with the unlikely linguistic skills was amusing, but ultimately not very engaging.  The hippie dinosaur warrior was somewhat interesting, but ultimately more or less your standard tribal shaman type in a dinosaur skin.  The less said about most of the secondary characters (especially the General Ripper analogue) the better.

A word of advice to any scientifically literate readers:  the second the workings of the dinosaur power systems for their mechanized armor are discussed, skip ahead a few pages–this particular author may be hot stuff about hypothetical dinosaur civilization locations and the like, but his grasp of physics is laughable, and he’s obviously not learned about which units of measurement go where.  The concept of ‘powdered light’ is fun, mind, but the explanation he attempts to bring to bear as to how they do it does not have the merit of being merely wrong, but goes so far beyond wrong as to induce nausea.

The less said about the politics during the denouement the better–at least by the time you get to the end, you’ll not be expecting any sort of nuanced solutions.

On the whole, the basic premise–dinosaurs were civilized and built a moon-base to survive the K-T meteor impact, and are now attempting to retake the world–is fun and interesting.  Some of the characters, too, are interesting at times; though sadly the most engaging character is a herd animal.  The non-paleontology science and the representations of political and military structures are simplistic at best and screamingly bad at worst–at least the tank crew appears to have been lifted from an old movie, rather than invented wholesale like his physics alterations.  The biggest merit that this book had, to my mind, was that it was inexpensive and that it had a coherent enough narrative for casual train reading.  

Hero Wanted, by Dan McGirt

Hero Wanted follows the adventures of a woodcutter/turnip farmer from the podunk village of Lower Hicksnittle.  His life is turned upside-down one day when he learns that someone has been setting him up as a dangerous character with an outsize bounty attached.  Through a series of adventures covering coincidental meetings, hair-breadth escapes, and more than a little deus-ex-machina, he discovers that he is the descendant of a legendary hero with the same name, destined to bring about a new age of peace–or something like that.

Dan McGirt combines influences drawn from Asprin, from Anthony, from Pratchett, from White, and numerous other fantasy authors into a melange of fantasy that pays obvious homage to the comic genius that it drew influence from.

A little bit too obvious.

The fourth wall strains with this one.  Some sequences seem a little bit too close in derivation to their sources–one of them, in particular, reads suspiciously similarly to one of Asprin’s running jokes in his Myth-Adventures series.  While some of the punning names are not -quite- so blatantly there for the sake of the pun as in Anthony’s work, the style comes perilously close at times.  The actions of the Gods smell a little too close to their personalities in Pratchett’s books (though, sadly, leaving out DEATH AND HIS CHARACTERISTIC SPEECH–likely for the sake of a punning name on a magic item later on in the book), and the relationship between the young boy of no repute growing up under the tutelage of a master wizard with surprising connections is…not uncommon.

That’s not to say that it wasn’t enjoyable–it was, in parts, very much so.  The book was written to be far too self-aware, though; every bit that was the least bit clever was surrounded by pointers quite nearly shouting “Hey, look at this clever bit here!  Did you get the pun?  Look, we’ll bring it back again!  This medieval weapon is a reference to WWII anti-aircraft guns, look!  And we’ve gone and spelled “Laser” backwards for the magic death beam!”

(A note for Mr. McGirt, by the way–lasing rods are made from ruby.  Ruby-quartz was the material in notable X-Men team member Cyclops’ visor, if I recall correctly, and inhibited, rather than produced, death beams.)

It’s a fun book, and a relatively quick read; if you’re not expecting deep plot development but instead want something relatively light and fluffy, then this book will work for you.

Mike Shevdon, Angry Robot Books

It really isn’t “Neverwhere.”

Many reviews–including those cited on the cover of the book itself–proclaim Sixty-One Nails to be a new Neverwhere.  While they do share a plot hook (An otherwise ordinary person ends up embroiled in a secret conflict of supernatural tenor after an accident in London) and have a similar setting (A parallel society that exists alongside contemporary London), it does the book rather a disservice to insist on the similarities without accounting for the ways in which the story is unique.

Rather than Gaiman’s dreamy semi-surreal dreamlike narrative, the narrative of Sixty-One Nails comes closer to the feel that Lackey and Butcher give their works–though perhaps not so hard-boiled as Butcher’s Dresden Files series.  Shevdon takes great care to create in his work a sense of plausibility, using tidbits of real history and geography to grant his narrative credence that brings it beyond being yet another urban fantasy.

It does, at times, though, go perhaps a little too far in its quest to be new and different; while the protest against the Victorian flower-garden fairy impressions is well made, having yet another synonym for “The Fair Folk” but spelled with a Y seems somewhat gratuitous.  Still, the weave of classic folklore, ancient (but real) customs, and a fairly unique organizational system makes his Feyre into clever and interesting characters, especially given the interesting political situation that the Courts are engaged in–no simple Summer/Winter matter here, but a byzantine permutative structure that should allow for endless intrigues throughout the future books in the series.

The focus characters are well-rounded, though the designated antagonists throughout the bulk of the book seem, perhaps only by contrast, a bit on the shallow side.  Mr. Shevdon is to be credited for realistically advancing the characterization of the viewpoint character, though; Niall (aka “Rabbit”) is demonstrably a different person at the end of the piece than he was at the beginning.  “Blackbird,” as well, shows some character growth, though most of it seems to be as a contrast to the growth Niall goes through.

I was less pleased with the portrayal of some of the background characters (though, granted, as they’re background characters they’re not the focus of the story and rightfully receive less characterization); I found the ex-wife to be almost a stereotype, and the daughter to be practically non-existant–for people who are supposedly so important to Niall, he seems to have only the most tenuous opinions about them. 

On the whole, though, Sixty-One Nails does provide a good starting point for the series, and if the quality of the writing remains at least as high, the series should be memorable.  World-building, especially building a vibrant and believable world, is never an easy process, but Mr. Shevdon seems to have found a good balance in how he integrates fantastic elements and contrasts them against mundane locations.

I would heartily recommend Sixty-One Nails; it has many of the elements that a good read requires, and combines these elements in a fresh and interesting way.  As befits a world-building novel, there are numerous tantalizing hints regarding the way that the world works; I’m very much looking forward to see how these hints pan out.

Andy Remic, Angry Robot Books

If you’re a fan of old-school pulp fiction barbarian heroes with excessive hyphenation and Incredible Numbers of Significant Initial Capitals, then you’ll doubtless love this book.

I’m not, however, so the excessively purple prose conjoined with abrupt diversion into crude cursing was somewhat distracting; the oddly detailed rape scenes were slightly unpleasant (why Mr. Remic felt the need to inform me as to the exact qualities of the villain’s equipment is a mystery I feel no wish to investigate); and the characterization was somewhat erratic.

The titular Kell (whose legend is helpfully related at the back of the book) appears to be a faux-scots barbarian who, once he gets over his angst (which takes the better part of a page at the front of each battle), is spectacularly effective at cleaving villainous types–nearly always “albino” in nature; I think that, despite the vast numbers of ways that he has found to describe a villain ravishing a female protagonist, Mr. Remic’s thesaurus contains no synonyms for “colorless” or “lacking melanin”–with his sentient and apparently invariably butterfly-bladed battleaxe.

The plot appears driven by the invasion of the subtitular “clockwork vampires;” creatures of grafted flesh and machine–and to Mr. Remic’s credit, the concept is rather interesting; in some respects it’s reminiscent of the plague victims in S. M. Peters’ “Whitechapel Gods.”  These creatures require “blood-oil” (if you wish to read this book, please get acquainted with that phrase; it appears on more pages than the protagonist) to sustain their functions, and live in oppressive symbiosis with the aformentioned “albino” warriors and some rather nightmare-fuelish “Harvesters.”

The female characters come out rather badly treated; one, in particular, is given a rather promising backstory only to fall victim to a random act of violence late in the book.  It’s rather discouraging, on the whole.

The world-building is accomplished fairly well; the setting seems to have been carefully thought out, with plenty of room for expansion for future books in the series.  Individual parts, though, are of varying quality; I half-suspect that some venues were chosen more for atmosphere than for any sort of effective urban planning.

The plot, sadly, is full of missed opportunities; there are many promising threads that are quickly snuffed out or cut off just as they begin to show promise in favor of an apparent desire to keep strictly to  a single narrative, that of an irresistable invading army with a few epic heroes who are destined to deus-ex-machina their way into history. 

The best that I can say is that Mr. Remic is very aware of his fantasy tropes, and uses them appropriately for his intended venue.  There’s the obvious Epic Hero, his Beautiful (grand-)Daughter, the Atoning Sidekick, the Evil Villain at the head of the Ominously Named Army…etc.  If you happen to be a fan of this sort of ten-cents-a-page writing, then you’ll probably enjoy Kell’s Legend–if not, find something else with fewer hyphens.

Dan Abnett, Angry Robot Books

Triumff–properly, Sir Rupert Triumff–swashes his buckles in an alternate-history reimagining of Elizabetheian England.

Or at least, that’s how TV Guide would describe it.

The alternate history that Abnett creates is one where Elizabeth I, the famous ‘virgin queen’, decided to marry Phillip II of Spain and unite the two great sea powers of the Age of Discovery.  At the same time, Leonardo da Vinci rediscovers and popularizes magic, rather than engineering, which then becomes the dominant force. 

This has some interesting effects on both the Age of Discovery and history in general; it appears that this focus on “the Arte” has held back the progress of the world enough so that Sir Triumff can be the first discoverer of Australia, in a sailing vessel, in the year 2009.

Perhaps extending the rule of Elizabeth through 29 same-named heirs was not the ideal form of governance.

Four-hundred years of Elizabethan England aside, the novel’s conceit does lend itself to ersatz-present-day storytelling rather well, provided that the reader does not expect a “serious” adventure story.  Abnett does not rise to the level of a hurricane of puns, but the careful reader will perceive that the story is intended to be read with tongue firmly planted in cheek.  Puns are not the only symptom of the irreverence with which the book is laced; the creative spelling of the dialogue, the swiss-army rapier, and the creatively malapropist street thug all serve to set the tone.

This effect is not nearly as obvious as, say, the Xanth novels; hence, it is likely that some readers will begin reading it and then, not picking up on the intended tone, start complaining about the anachronisms, the patchy “Ye Olde Myddle-Englishe Spelling” that shows up in dialogue, and the strange mutilations of the shout-outs to both popular culture and to real-world Elizabethan culture.

Needless to say, it helps to be conversant with Shakespeare.

Triumff himself is an interesting character; he has the appearance of a gentleman-adventurer in the best traditions of Cook, Drake, or Bond (which point is reinforced by the Bond-pastiche segment with obligatory Spy-Gadget Review) but is more fleshed-out than a mere homage to the archetype would suggest.  The subtitle, “Her Majesty’s Hero,” is not the whole of his character; he is no Miles Gloriosus who vaingloriously craves glory, nor any other overuse of said word.  Abnett states in his afterword that Sir Triumff has been developing in the back of his mind for many years, and it shows–not only with how he behaves as himself, but in his interaction with other characters and flesh them out by contrast.

Neither is he the only memorable character; the apparent author-avatar (Wm. Beaver, a tabloid reporter) and certain secondary characters (Mother Grundy comes to mind) more than carry their own weight, even if they do not hold as much spotlight-time in their story threads as Triumff does in his.

Unusually, despite her name being dropped, Elizabeth XXX (Vivat Regina!) never speaks directly, and is only implied to take certain actions–thus giving her a distance from the plot which, given some tantalizing clues related second-hand, may be required to prevent her from overpowering the other characters.

A short read, but a merry one; I willingly recommend this book to anyone who enjoys Shakespeare, Pratchett, or Python.