Chapter 8. Case Studies: Dissecting the Social Engineer
The best security is through education.
——MATI AHARONI
Throughout this book I go through each aspect of what makes a great social engineer. Putting the information in these pages into play can make a social engineer a force to be reckoned with.
In school, students review history to learn what should or should not be done. History is a great tool for educating us about what things have worked in the past and why. It can tell us where we are going and how we can get there.
Social engineering history is not so different. Throughout the history of business, people have been there to scam and steal. People have devoted their lives to helping secure against those bad forces.
Discussing the aspects of professional social engineer attacks is often difficult because they were either done illegally or cannot be openly discussed due to client contracts. Fortunately, Kevin Mitnick—world famous social engineer and computer security expert—has published many of his stories for our reading pleasure. I have taken some of these stories from his book The Art of Deception.
In this chapter I pick two of Mitnick's most famous stories from his books and give a brief recap of what Kevin did, analyzing what aspects of social engineering he used and discussing what everyone can learn from it.
After dissecting those two accounts I do the same with two of my own accounts that demonstrate the ease with which you can obtain information and how easily ...