Some hackers destroy people's files or entire hard drives; they're called crackers or vandals. Some novice hackers don't bother learning the technology, but simply download hacker tools to break into computer systems; they're called script kiddies. More experienced hackers with programming skills develop hacker programs and post them to the Web and to bulletin board systems. And then there are individuals who have no interest in the technology, but use the computer merely as a tool to aid them in stealing money, goods, or services. Despite the media-created myth of Kevin Mitnick, I am not a malicious hacker. But I'm getting ahead of myself | Scanned by kineticstomp THE ART OF DECEPTION Controlling the Human Element of Security KEVIN D. MITNICK William L. Simon Foreword by Steve Wozniak For Reba Vartanian Shelly Jaffe Chickie Leventhal and Mitchell Mitnick and for the late Alan Mitnick Adam Mitnick and Jack Biello For Arynne Victoria and David Sheldon Vincent and Elena. Social Engineering Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not or by manipulation. As a result the social engineer is able to take advantage of people to obtain information with or without the use of technology. Contents Foreword Preface Introduction Part 1 Behind the Scenes Chapter 1 Security s Weakest Link Part 2 The Art of the Attacker Chapter 2 When Innocuous Information Isn t Chapter 3 The Direct Attack Just Asking for it Chapter 4 Building Trust Chapter 5 Let Me Help You Chapter 6 Can You Help Me Chapter 7 Phony Sites and Dangerous Attachments Chapter 8 Using Sympathy Guilt and Intimidation Chapter 9 The Reverse Sting Part 3 Intruder Alert Chapter 10 Entering the Premises Chapter 11 Combining Technology and Social Engineering Chapter 12 Attacks on the Entry-Level Employee Chapter 13 Clever Cons Chapter 14 Industrial Espionage Part 4 Raising the Bar Chapter 15 Information Security Awareness and Training Chapter 16 Recommended Corporate Information Security Policies Security at a Glance Sources Acknowledgments Foreword We humans are born with an inner drive to explore the nature of our surroundings. As young men both Kevin Mitnick and I were intensely curious about the world and eager to prove ourselves. We were rewarded often in our attempts to learn new things solve puzzles and win at games. But at the same time the world around us taught us rules of behavior that constrained our inner urge toward free exploration. For our boldest scientists and technological entrepreneurs as well as for people like Kevin Mitnick following this inner urge offers