The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [9]
TERRORISTS AND DECEPTION
Of course, deception isn’t an exclusive tool of the social engineer. Physical terrorism makes the biggest news, and we have come to realize as never before that the world is a dangerous place. Civilization is, after all, just a thin veneer.
The attacks on New York and Washington, D.C., in September 2001 infused sadness and fear into the hearts of every one of us—not just Americans, but well-meaning people of all nations. We’re now alerted to the fact that there are obsessive terrorists located around the globe, well-trained and waiting to launch further attacks against us.
The recently intensified effort by our government has increased the levels of our security consciousness. We need to stay alert, on guard against all forms of terrorism. We need to understand how terrorists treacherously create false identities, assume roles as students and neighbors, and melt into the crowd. They mask their true beliefs while they plot against us—practicing tricks of deception similar to those you will read about in these pages.
And while, to the best of my knowledge, terrorists have not yet used social engineering ruses to infiltrate corporations, water-treatment plants, electrical generation facilities, or other vital components of our national infrastructure, the potential is there. It’s just too easy. The security awareness and security policies that I hope will be put into place and enforced by corporate senior management because of this book will come none too soon.
ABOUT THIS BOOK
Corporate security is a question of balance. Too little security leaves your company vulnerable, but an overemphasis on security gets in the way of attending to business, inhibiting the company’s growth and prosperity. The challenge is to achieve a balance between security and productivity.
Other books on corporate security focus on hardware and software technology, and do not adequately cover the most serious threat of all: human deception. The purpose of this book, in contrast, is to help you understand how you, your coworkers, and others in your company are being manipulated, and the barriers you can erect to stop being victims. The book focuses mainly on the non-technical methods that hostile intruders use to steal information, compromise the integrity of information that is believed to be safe but isn‘t, or destroy company work product.
My task is made more difficult by a simple truth: Every reader will have been manipulated by the grand experts of all time in social engineering—their parents. They found ways to get you—“for your own good”—to do what they thought best. Parents become great storytellers in the same way that social engineers skillfully develop very plausible stories, reasons, and justifications for achieving their goals. Yes, we were all molded by our parents: benevolent (and sometimes not so benevolent) social engineers.
Conditioned by that training, we have become vulnerable to manipulation. We would live a difficult life if we had to be always on our guard, mistrustful of others, concerned that we might become the dupe of someone trying to take advantage of us. In a perfect world we would implicitly trust others, confident that the people we encounter are going to be honest and trustworthy. But we do not live in a perfect world, and so we have to exercise a standard of vigilance to repel the deceptive efforts of our adversaries.
The main portions of this book, Parts 2 and 3, are made up of stories that show you social engineers in action. In these sections you’ll read about:
• What phone phreaks discovered years ago: A slick method for getting an unlisted phone number from the telephone company.