• Choose a category
• All
• Classic-Fiction

One way I worked on developing the skills of my craft, if I may call it a craft, was to pick out some piece of information I didn’t really care about and see if I could talk somebody on the other end of the phone into providing it, just to improve my skills. In the same way I used to practice my magic tricks, I practiced pretexting. Through these rehearsals, I soon found that I could acquire virtually any information I targeted.

As I described in Congressional testimony before Senators Lieberman and Thompson years later:

I have gained unauthorized access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed. I have used both technical and nontechnical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and their inner workings.

All of this activity was really to satisfy my own curiosity; to see what I could do; and find out secret information about operating systems, cell phones, and anything else that stirred my curiosity.

FINAL THOUGHTS

I’ve acknowledged since my arrest that the actions I took were illegal, and that I committed invasions of privacy.

My misdeeds were motivated by curiosity. I wanted to know as much as I could about how phone networks worked and the ins-and-outs of computer security. I went from being a kid who loved to perform magic tricks to becoming the world’s most notorious hacker, feared by corporations and the government. As I reflect back on my life for the last 30 years, I admit I made some extremely poor decisions, driven by my curiosity, the desire to learn about technology, and the need for a good intellectual challenge.

I’m a changed person now. I’m turning my talents and the extensive knowledge I’ve gathered about information security and social engineering tactics to helping government, businesses, and individuals prevent, detect, and respond to information-security threats.

This book is one more way that I can use my experience to help others avoid the efforts of the malicious information thieves of the world. I think you will find the stories enjoyable, eye-opening, and educational.

introduction

This book contains a wealth of information about information security and social engineering. To help you find your way, here’s a quick look at how this book is organized:

In Part 1 I’ll reveal security’s weakest link and show you why you and your company are at risk from social engineering attacks.

In Part 2 you’ll see how social engineers toy with your trust, your desire to be helpful, your sympathy, and your human gullibility to get what they want. Fictional stories of typical attacks will demonstrate that social engineers can wear many hats and many faces. If you think you’ve never encountered one, you’re probably wrong. Will you recognize a scenario you’ve experienced in these stories and wonder if you had a brush with social engineering? You very well might. But once you’ve read Chapters 2 through 9, you’ll know how to get the upper hand when the next social engineer comes calling.

Part 3 is the part of the book where you see how the social engineer ups the ante, in made-up stories that show how he can step onto your corporate premises, steal the kind of secret that can make or break your company, and thwart your hi-tech security measures. The scenarios in this section will make you aware of threats that range from simple employee revenge to cyber terrorism. If you value the information that keeps your business running and the privacy of your data, you’ll want to read Chapters 10 through 14 from beginning to end.

It’s important to note that unless otherwise stated, the anecdotes in this book are purely fictional.

In Part 4 I talk the corporate talk about how to prevent successful social engineering attacks on your organization. Chapter 15 provides a blueprint for a successful