ebook img

Unmasking the social engineer: the human element of security PDF

259 Pages·2014·31.327 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Unmasking the social engineer: the human element of security

ffi rs.indd 01/10/14 Page iv Unmasking the Social Engineer The Human Element of Security Christopher Hadnagy Dr. Paul Ekman ffi rs.indd 01/10/14 Page i Unmasking the Social Engineer: The Human Element of Security Published by John Wiley & Sons, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright ©2014 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-60857-9 ISBN: 978-1-118-60865-4 (ebk) ISBN: 978-1-118-89956-4 (ebk) Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/ go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and spe- cifi cally disclaim all warranties, including without limitation warranties of fi tness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other profes- sional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some mate- rial included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the ver- sion you purchased, you may download this material at http://booksupport.wiley .com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2013954093 Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affi liates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. ffi rs.indd 01/10/14 Page ii To my beautiful wife, Areesa, who is my only true love. To my son, Colin, for being one of the most reasonable, smart, and amazing people I have ever met. To my precious little daughter, Amaya, who is the reason my heart is overfl owing with positive emotions. To Dr. Paul Ekman whose work, friendship, and help made this book possible. ffi rs.indd 01/10/14 Page iii ffi rs.indd 01/10/14 Page iv About the Author Chris Hadnagy, aka loganWHD, is the President and Chief Human Hacker of Social-Engineer, Inc. He specializes in understanding the ways in which malicious attackers are able to exploit human weaknesses to obtain access to information and resources through manipulation and deceit. He has been in security and technology for over 16 years. Chris is a graduate of Dr. Paul Ekman’s courses in microexpressions, having passed the certification requirements with an Expert Level grade. He also has signifi cant experience in training and educating students in nonverbal communications. He also holds certifi cations as an Off ensive Security Certifi ed Professional (OSCP) and an Off ensive Security Wireless Professional (OSWP). Chris has written a number of articles for local, national, and international publications and journals including PenTest magazine, EthicalHacker.net, and local and national business journals. In addi- tion, he is the author of the best-selling book, Social Engineering: The Art of Human Hacking (Wiley, 2011). Chris has also developed one of the web’s most successful security podcasts. The monthly Social-Engineer.org podcast spends time analyzing an individual who must use infl uence and persuasion in his or her daily life. By dissecting their choices and actions, we can learn to enhance our abilities. That same analysis applies to the equally popular SEORG newsletter. Over the years, both the podcast and the newsletter have become a staple in most serious security practices and are used by Fortune 500 companies around the world to educate their staff . Finally, Chris has launched a line of professional social engineering training and penetration testing services at Social-Engineer.com. His goal is to assist companies in remaining secure by educating them on the methods used by malicious attackers. He accomplishes this by analyzing, ffi rs.indd 01/10/14 Page v studying, dissecting, and then performing the very same attacks used during some of the most recent breaches of corporate security (such as Sony, HB Gary, Lockheed Martin, and more). Chris is able to help com- panies understand their vulnerabilities, mitigate issues, and maintain appropriate levels of education and security. ffi rs.indd 01/10/14 Page vi About the Technical Editor Paul Kelly has been with the Paul Ekman Group (PEG) since 2005, and currently serves as Dr. Ekman’s Director for Law Enforcement and Security Workshops within North America. As such, he coor- dinates PEG workshops for U.S. military commands, U.S. intelligence agencies, national security organiza- tions, and federal, state, and local police departments. After graduating from Brown University with a B.A. in Political Science, Paul received a commission as an offi cer in the U.S. Marine Corps. A decorated Vietnam veteran, he served with the 3rd Force Recon Co. and also with MACV. His military training included the U.S. Army’s Interrogation, PSYOP, and Civil Aff airs/Military Government Schools, and the USMC Command and Staff College. He attained the rank of Major, USMCR. After receiving his M.A. in Asian Studies from the University of Hawaii, where he studied Chinese Mandarin, Paul served for over 20 years as a special agent in the U.S. Secret Service (USSS) in a variety of protective, investigative, intelligence, and training assignments. As an instructor in the USSS, he taught interviewing techniques, technical security, and assailant methodology. During that time, he also served on the adjunct faculty of the National Security Agency (NSA), teaching OPSEC at their National Cryptologic School while concurrently work- ing in the USSS OPSEC/Risk Management and Emergency Preparedness Programs. He retired as Assistant Special Agent in Charge of the White House Division. After his retirement from the Secret Service, Paul was a Course Director for the Department of State’s International Law Enforcement Academy in Budapest, Hungary, and an Instructor for the State Department’s Anti- Terrorism Assistance Program. His travels have taken him all over the world, including Afghanistan, Bosnia, China, Egypt, Germany, Hungary, ffi rs.indd 01/10/14 Page vii India, Israel, Japan, Jordan, Korea, and Pakistan He also was a security consultant for several Olympic Games, the Mediterranean Games, the University Games, and the World Cup. He met Dr. Ekman after hearing a presentation on facial microexpres- sions, or “micros,” and learning that they were both involuntary and cross-cultural/universal. A very interesting facet of Paul’s communication skills is having been identifi ed as a “Truth Wizard” from Dr. Ekman’s research with Dr. Maureen O’Sullivan on assessing credibility and detect- ing deception. These “Wizards,” approximately 50 in number, constitute the top one-third of one percent (99.666 percentile) of more than 15,000 people surveyed and have demonstrated a signifi cantly higher accuracy rate (80 percent threshold) than the average (53 percent). PK and I have been in frequent contact over the years regarding nonverbals, and espe- cially micros; much of his advice and experience is found on the pages of this book, and especially in Chapter 5, “The Science Behind the Face.” Paul is a member of the International Association of Chiefs of Police (IACP) and ASIS International; other professional affiliations have included the OPSEC Professionals’ Society, the International Association of Financial Crimes Investigators, the International Organization of Asian Crime Investigators & Specialists, and the International Association of Bomb Technicians and Investigators. He also serves as Chairman Emeritus of the Board of Trustees for the Massachusetts Maritime Academy. ffi rs.indd 01/10/14 Page viii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.