by Johnny Long
When we talk about "hacking" we're talking about getting under the skin of some piece of tech and talking it into doing what we want. What most "hackers" miss is that the same approach, when applied to social interactions, can be more useful and effective than messing with robot's heads. That's the message that Johnny Long brings through in No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing.
Long's little book of techless hacking limits itself to the world of computer security, which is fine as far as that goes, but for my money "hacking" covers a lot more ground than just breaking into folks data mines and returning with their crown jewels. Still, it's good reading for anyone who stands guard over the data, and enjoyable for all the would be jewel thieves and secret agents alike.
A number of the techniques, like "tailgating," the practice of following others through secure access points, seem like they hardly need to be explained, though we agree that they're important to have on your watchlist. Others, like the old "credit card in the door jamb" gambit have nice tweaks to them, like using a network cable (conveniently found in the garbage) to circumvent the security plate countermeasure often used. But that's child's play compared to the chapter on defeating combination locks.
There are some tech-light methods included for the non-purist. Did you know that you can see infra-red motion detectors with a digital camera? Speaking of which, a pocketable digital camera is the one tool you should never leave home without, whether you mean to take pictures of your girlfriend (you do have a girlfriend...don't you?) or document "shoulder surfing" sessions to capture password entry on keypads and keyboards...or replicating id badges from unsuspecting employees.
As a book on tradecraft, No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing has enough information in it to make a CIA trainer nervous, but interestingly, browsing through it convinced me that for all my love of Bond movies and spy novels I'm too lazy to make a good agent, thief, or hacker. Much of the no tech approach requires patience, persistence, and a tolerance for a certain amount of exposure. Unlike the armchair pastime of cybersleuthing, low tech hacking for all it's efficacy, raises the price of failure uncomfortably. Which, if you're on the defense's side, is a very good thing.