People I know sometimes remain with the impression that I am all about politics and the government thinking that outside the public sector nothing seems familiar to me. In a previous article, I discussed whether a government can be run like a corporation and came with the conclusion that… no, it cannot – by even disregarding the mechanisms with which policies are created which makes governments even more different from the private sector. And I have had interests in non-governmental affairs since a long time ago.
About five years ago, I read The Art of Intrusion by Kevin Mitnick. It is a book about how to get access to the various types of company or personal information, and use that information to your own advantage though oftentimes, if not always, to its company’s or person’s disadvantage. Kevin Mitnick’s book is a very helpful guide about real life though hard to apply due to life’s complexity. The book is filled with made up stories and real (the author’s) stories that may strike the reader down as to how vulnerable they are on a daily basis.
Most of the stories discuss how merely knowing general information about someone or a business (information such as their phone number, their address or even the name of the security guard) could be crucial in getting access to internal information (information known by certain employees only) from where access to classified or top secret information could be discovered. Techniques such as the tone of the social engineer’s (the intruder’s) voice, their attitude and their approach are not missed in the stories, neither are the potential risks ignored. In fact, the author himself pointed out that most of these stories would not be successful in a social engineer’s bid to get more information in today’s world due to a higher level of security
The book doesn’t contain these stories only. Kevin Mitnick added how a company could protect itself from social engineers’ attacks by creating incentives for its employees such as opportunity to rise in its hierarchy or creating an Employee of the Month competition with the prize being, for example, a portrait of them on the wall with Employee of the Month written underneath.
Also, at the end of the book, the hi-tech and real-life social engineer came to the conclusion that any security system is 90 percent vulnerable to attacks and also noted that it is almost impossible for a company to cover itself from attacks, that sooner or later it will be exposed to attacks.
An invulnerable security system would otherwise lead to inefficiency at best, if not running out of business because always making sure that the person on the other line or the person writing an email to you or talking to you is not a social engineer:
is time consuming
insults the other person by getting him or her to feel like a criminal. No one likes to be treated as if they are suspicious.
After reading the book, you will be better able to assess risks in decision making – both at the office and in life. However, unless you remind yourself of these risks, you may start to unintentionally disregard them. Such is the case with the caller ID which in 99.99% of the time is the one that we see on our phone therefore ignoring (or should I say forgetting) the 0.01% of the time when it could be something else. Kevin Mitnick mentioned in the book that the caller ID is not to be relied on. For those of you who haven’t read the book but have never heard of such a story and want to witness it, I suggest that you watch this video.
Either way, The Art of Intrusion is a must-read for everyone who wants to know about the potential risks that providing general information such as giving your name and phone number even to a friend could cause.