Aetheric Research, Ltd.

Social Engineering: The Art of Human Hacking

Christopher Hadnagy

The review that I’d read on Slashdot fairly glowed with praise, describing Social Engineering as being the “definitive text” on the subject.  I’m going to have to modify that statement, as I have some fairly severe reservations about the book.

Available in both dead-tree and ebook formats, the book’s electronic edition is, at least, well put together and mostly* professional looking, with table of contents and an index–no glossary, however, which this book might benefit from like other introductory texts.

And it is an introductory text–the language is obviously aimed at the novice, someone for whom ‘social engineering’ is a buzzword they may have heard once.  Much of the first part of the book, before he gets into the ‘meat’ of the subject, is spent trying to make the case for why you should read the rest of the book.  

When he does get though his spiel of trying to both concern and reassure the reader–that social engineering is a real and dangerous phenomenon that is so all-pervasive that you may not be aware it’s happened and that there are ways to be able to tell, respectively–and gets into the subject the book is nominally about, the content improves significantly.

The book is laid out according to his ‘system’–that’s really what he’s selling, here: a way to organize and categorize social engineering as a teachable system–where he outlines various ways to pursue an ultimate goal of finding out information that the target wishes to keep hidden.

There’s a broad sketch of information gathering techniques–a couple of software packages are namedropped as a means to organize and collate information–followed up with sketches of elicitation (more or less congruent with other standard resources on the subject; links are provided therein to government pamphlets and the like), reading body language (mostly concerned with facial microexpressions–almost nothing on other body language interpretation) and an overview of building pretexts (mostly concerned with selecting the correct one).

The section on causing “buffer overruns” in humans is fairly interesting and well put together, but he either doesn’t recognize or purposely deemphasizes the general case (that of distracting the conscious mind in order to plant suggestions or issue short commands that will be followed without immediate objection) for several specific method-driven cases.

There are some other bits and pieces which might be useful to the budding social engineer–recommendations on how to bypass physical security, for instance, and methods for seeding exploits into locations where the target might conceivably run them.

At the end, there are some case studies–discussing a couple of cases from Mitnick’s book on the subject; a couple of his own cases; and a couple of cases that, dramatically, are hightly obfuscated as “top secret” and intimated to be about “high profile” companies and the like.  If you’ve actually read the book up to this point, you’ll likely realize that the language chosen to introduce that section in particular is more than a little loaded.

As an introduction to the concepts and processes of social engineering, it’s not a bad book.  It does cover most of the bases of social engineering and some related concepts, but there are a few rather large holes.

If I were to take Mr. Hadnagy at his word–which, given the context of the book, would be a rather foolish thing to do–pretty much everything he does is elicit enough of an opening to introduce spyware onto a corporate system using a PDF exploit.  It’s always the same methodology in every case that he describes his personal involvement in, and it reads like a particularly bad spy thriller when he does so.  I get this impression of inexperience in the field, as well–he takes a sort of “gee whiz, ain’t that cool!” tone with the exploits of others that he describes, who have little to recommend them beyond their audacity in taking on the targets they did and their talent at maintaining their pretext.  

He also continually refers to his “mentor” in such a way that makes me question whether the Master knows the Apprentice is writing and marketing books based on work they may have done.  

If you’re entirely unaware of social engineering–if you’ve never seen a spy movie, or a heist movie, or read about Frank Abignale or any other famous con-men; if you’ve never considered ways in which people would be able to steal your information or convince you to take an action that you would not otherwise take–then feel free to read this book.  If you’re after a more serious education as to how social engineering works and how to present yourself in a certain way to gain another’s sympathy, then take an acting class–you’ll get a lot farther.

*One does not make one’s source citations in-line.  One makes one’s citations in footnotes like a civilized person.  Mr. Hadnagy should take note.

By Thomas Hopp, via B&N’s ebook store.

An amusing, though not quick, read follows the adventures of a rancher’s daughter who seeks to be a paleontologist, a predator reintroduction expert working for the park service, an older paleontologist with an annoying laugh, and a 65-million-year-old two-year-old hippie raptor warrior as they pass through the struggles of a returning civilization.

Wait, what?

The basic premise behind the book is that a secret base is found in a deep crater at the south pole of the moon.  When a secret expedition is launched to explore it, in typical hubris-of-man style, the astronauts reactivate the dormant millions-of-years-old machinery, which apparently starts churning out dinosaurs in a bid to retake the planet post-catastrophe.  Conveniently, the aforementioned paleontologist has just found the remains of the civilization that the dominant raptor species (who set up said moon base) had once built on the shores of the North American inland sea.  The plot unfolds in a predictable manner, with NORAD becoming the effective C&C center for the armed services that remain after the moon laser obliterates most of the military infrastructure.

Apparently dinosaurs got lasers.

The book very much runs on rule of cool by that point, with a sideplot regarding some JPL employees suffering from being forced to keep a secret regarding the secret moon base that their moon probe found a couple years before.  There’s a spoiler to be had there, but most reasonably clever readers will likely figure it out.

That’s not to say the book is -bad-, but it does suffer from a few unfortunate difficulties.  Characterization is somewhat spotty at times, with the paleontologist rancher’s daughter acting as both the Action Woman and The Chick depending on what the scene requires, almost as if she’s two people who happen to share the same name and wander around together without ever seeing each other.  The predator reintroduction parallels are fairly obvious once the tyrannosaurus shows up; the fate of the ranger at the end of the book is, apparently, intended to hammer said parallels home, though the gratuitous joke about Mexican migrant workers was, I thought, in poor taste.  The older paleontologist with the unlikely linguistic skills was amusing, but ultimately not very engaging.  The hippie dinosaur warrior was somewhat interesting, but ultimately more or less your standard tribal shaman type in a dinosaur skin.  The less said about most of the secondary characters (especially the General Ripper analogue) the better.

A word of advice to any scientifically literate readers:  the second the workings of the dinosaur power systems for their mechanized armor are discussed, skip ahead a few pages–this particular author may be hot stuff about hypothetical dinosaur civilization locations and the like, but his grasp of physics is laughable, and he’s obviously not learned about which units of measurement go where.  The concept of ‘powdered light’ is fun, mind, but the explanation he attempts to bring to bear as to how they do it does not have the merit of being merely wrong, but goes so far beyond wrong as to induce nausea.

The less said about the politics during the denouement the better–at least by the time you get to the end, you’ll not be expecting any sort of nuanced solutions.

On the whole, the basic premise–dinosaurs were civilized and built a moon-base to survive the K-T meteor impact, and are now attempting to retake the world–is fun and interesting.  Some of the characters, too, are interesting at times; though sadly the most engaging character is a herd animal.  The non-paleontology science and the representations of political and military structures are simplistic at best and screamingly bad at worst–at least the tank crew appears to have been lifted from an old movie, rather than invented wholesale like his physics alterations.  The biggest merit that this book had, to my mind, was that it was inexpensive and that it had a coherent enough narrative for casual train reading.