Ben's Book of the Month: Review of "Social Engineering: The Science of Human Hacking"

Posted on by Ben Rothke

There is a story about Harry Houdini, that he once failed to escape from a jail cell, even though the door was unlocked. The reason he stayed trapped is that he only knew how to get out of locked doors. In the world of technology, there are indeed many locked doors, and social engineers know how to open them.

In the domain of social engineering, Christopher Hadnagy is one of the best. I’ve reviewed other books of his here, namely Social Engineering: The Art of Human Hacking, Unmasking the Social Engineer: The Human Element of Security, and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. In Social Engineering: The Science of Human Hacking (Wiley 978-1119433385), Hadnagy continues his exploration into the world of social engineering.

In this book as the title implies, Hadnagy move the topics from social engineering as to art, to that of a science.  The goal of a social engineer is not that far from being a con man. Where con  stems from the word confidence. Be it a Three-card Monte scammer at Times Square, or a social engineer dressed-up a termite inspector; their goal is the same, to win your confidence. .

Hadnagy quotes extensively from Dr. Paul Ekman, an American psychologist who specializes in the study of emotions and their relation to facial and body expressions. By mastering these expressions, the social engineer can make their attacks much more successful.

Besides Ekman, the book references the work of other psychologists including Dr. Ellen Langer,  professor of psychology at Harvard University whose expertise is in the illusion of control and decision-making, neuroeconomist Dr. Paui Zak, whose work in neuroeconomist, which is the study of decision making, and more. By building on these sciences, the social engineer can be devastating effective in their attacks.

As good as the science is, it is not perfect. And as good a social engineer Hadnagy is, he fails at times. What is unique about the book is that he does not shy away from sharing those mistakes with the reader. While there are plenty of success stories in the book, he also includes disaster stories where he failed miserably.  In the movies the social engineer never errs.  But are in that case does not imitate life. 

Becoming a highly effective social engineer is something that takes time to master. For those looking to master the topic, Christopher Hadnagy is a great person to learn from and Social Engineering: The Science of Human Hacking is a great resource to take you there.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs