• Choose a category
• All
• Classic-Fiction

Whether you work in business or government, this book provides a powerful road map to help you understand how social engineers work and what you can do to foil them. Using fictionalized stories that are both entertaining and eye-opening, Kevin and coauthor Bill Simon bring to life the techniques of the social engineering underworld. After each story, they offer practical guidelines to help you guard against the breaches and threats they’ve described.

Technological security leaves major gaps that people like Kevin can help us close. Read this book and you may finally realize that we all need to turn to the Mitnick’s among us for guidance.

—Steve Wozniak

preface

Some hackers destroy people’s files or entire hard drives; they’re called crackers or vandals. Some novice hackers don’t bother learning the technology, but simply download hacker tools to break into computer systems; they’re called script kiddies. More experienced hackers with programming skills develop hacker programs and post them to the Web and to bulletin board systems. And then there are individuals who have no interest in the technology, but use the computer merely as a tool to aid them in stealing money, goods, or services.

Despite the media-created myth of Kevin Mitnick, I am not a malicious hacker.

But I’m getting ahead of myself.

STARTING OUT

My path was probably set early in life. I was a happy-go-lucky kid, but bored. After my father split when I was three, my mother worked as a waitress to support us. To see me then—an only child being raised by a mother who put in long, harried days on a sometimes-erratic schedule—would have been to see a kid on his own almost all his waking hours. I was my own babysitter.

Growing up in a San Fernando Valley community gave me the whole of Los Angeles to explore, and by the age of twelve I had discovered a way to travel free throughout the whole greater L.A. area. I realized one day while riding the bus that the security of the bus transfer I had purchased relied on the unusual pattern of the paper-punch that the drivers used to mark day, time, and route on the transfer slips. A friendly driver, answering my carefully planted question, told me where to buy that special type of punch.

The transfers are meant to let you change buses and continue a journey to your destination, but I worked out how to use them to travel anywhere I wanted to go for free. Obtaining blank transfers was a walk in the park. The trash bins at the bus terminals were always filled with only-partly-used books of transfers that the drivers tossed away at the end of their shifts. With a pad of blanks and the punch, I could mark my own transfers and travel anywhere that L.A. buses went. Before long, I had all but memorized the bus schedules of the entire system. (This was an early example of my surprising memory for certain types of information; I can still, today, remember phone numbers, passwords, and other seemingly trivial details as far back as my childhood.)

Another personal interest that surfaced at an early age was my fascination with performing magic. Once I learned how a new trick worked, I would practice, practice, and practice some more until I mastered it. To an extent, it was through magic that I discovered the enjoyment in gaining secret knowledge.

From Phone Phreak to Hacker

My first encounter with what I would eventually learn to call social engineering came about during my high school years when I met another student who was caught up in a hobby called phone phreaking. Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees. He showed me neat tricks he could do with a telephone, like obtaining any information the phone company had on any customer, and using a secret test number to make long-distance calls for free. (Actually it was free only to us. I found out much later that it wasn’t a secret test number at all. The calls were, in fact, being billed to some poor company’s MCI account.)

That was my