***** Social Engineering, the Art of Human Hacking. By Christopher Hadnagy. Wiley Publishing, www.wiley.com , 382 pages; $34.99.
This is a comprehensive survey of social engineering concepts, techniques, and frameworks. It is a great reference in need of better editing to sharpen it into a more readable format.
After giving an introduction to the world of social engineering, the author covers in a little more depth information gathering, elicitation, pretexting, mind tricks, influence, tools, case studies, and prevention and mitigation.
Hadnagy defines social engineering as “the act of manipulating a person to take action that may or may not be in the “target’s” best interest. This may include getting them to provide information, getting them to grant access, or getting them to take some other action.
There is a wonderful definition of influence as “the process of getting someone else to want to do, react, think, or believe in the way you want them to.” This is the true essence of the manipulative powers of persuasion of a talented social engineer.
The broad scope of this text covers everything from microexpressions, neurolinguistic programming (NLP), and altering reality through framing techniques to lock picking and online information gathering tools. Because it is so comprehensive in content, it can only skim the surface of many topics.
The material that is presented isn’t always well organized. As an illustration, NLP is covered in seven pages; numerous facts are presented on its history, code, scripts, and voice, but it left this reader wanting more structure and a less conversational tone. A lot of the discussions of specific topics consisted of many facts and examples that lacked organization and were not clear or concise.
There is much essential information here on social engineering, but garnering it requires putting up with a frustrating reading experience.
Reviewer: William Stepka, CPP, CISSP (Certified Information System Security Professional), is principal of Stepka & Associates in San Francisco, providing security consulting, training, and investigative services. He is the historian of the ASIS San Francisco Bay Chapter and has contributed articles to its newsletter on various topics including social engineering and plainclothes security.