Low Tech Hacking: Street Smarts for Security Professionals
Authors: Jack Wiles, Terry Gudaitis, Jennifer Jabbush, Russ Rogers and Sean Lowther.
When talking about hacking, many of us primarily think about software vulnerabilities, exploits, malware and coding. But as social engineering began to grab headlines, the world started becoming aware that there are many other, more low tech techniques that can allow an attacker to gain a foothold into a system or a physical location. This book explores these techniques and teaches readers how to spot them being used against them.
About the authors
Jack Wiles is a security professional with over 40 years’ experience in security-related fields. He has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics.
Terry Gudaitis is the CyberIntelligence Director at Cyveillance. Terry gained a foundation for her expertise as an operations officer and behavioral profiler at the CIA’s Counter Terrorist Center.
Jennifer Jabbusch is a network security engineer and consultant with Carolina Advanced Digital.
Russ Rogers is a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security.
Sean Lowther is an independent consultant and the President and Founder of Stealth Awareness.
Inside the book
The first three chapters are written by Jack Wiles, the rest by the remaining four authors, each tackling the subject they are experts of.
Wiles shows us the contents of his social engineering bag – stuffed with tools such as bolt cutters, machines for making keys, lock picking equipment, and similar – and teaches us that gaining access to both a physical location or an internal system is always more easily executed if the attacker first does a bit of reconnaissance, then swoops into the kill a bit later, taking advantage of the things he learned the first time.
He shares with us a number of examples from his long career, explains why his approaches worked and points out that the best thing we can do to block such attacks is to always be slightly suspicious of everything. He also interviews a number of other experts and shares their knowledge with us.
In the chapters dedicated to physical security and lock picking, he teaches us how to make a risk assessment of our homes or offices, and mentions hundreds of things we never really thought about as problematic.
Jennifer Jabbusch talks about wireless hacking, DoS attacks, Bluetooth hacks, backdoors, rogue SSIDs and more, while Terry Gudaitis covers the subject of surveillance, and how attackers can gather information about you, your family or your company – most of it via the Internet. I very much enjoyed Gudaitis’ chapter and the final summary that shares a great number of recommendations about how to create a stronger safety and security profile online. This particular text should be a mandatory read for everyone who uses the Internet in any way.
Russ Rogers uses his chapter to share a number of scenarios that combines all the attack techniques covered so far. As a penetration tester, he points out that the human factor is always the weakest link in any information security chain, and gives us an insight into the flaws that make end users vulnerable to various attacks, shows the most commonly used low tech delivery methods for attack software, and shares a useful case study.
Sean Lowther points out the very great need for continuous security awareness training for employees, and shows how it can be built and easily incorporated into the everyday functioning of a business or an organization.
Low Tech Hacking is perfect for waking people up to the dangers that lurk on the Internet and especially in their physical environment.
All chapters are littered with helpful tips and warnings, which more often then not include the authors’ “war stories” as illustrative examples. And even though the book has been written by five different authors, they all do a great job at keeping the explanations and examples clear and concise, and at making us think for ourselves and consider things we never marked before.
In short, I would effectively recommend this book to everyone.