Johnny Long: No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing (2008)

As the cliche reminds us, information is power. In this age of computer systems and technology, an increasing majority of the world’s information is stored electronically. It makes sense then that as an industry we rely on high-tech electronic protection systems to guard that information. As a professional hacker, I get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, my goal has always been the same: extract the informational secrets using any means necessary. After hundreds of jobs, I discovered the secret to bypassing every conceivable high-tech security system. This book reveals those secrets, and as the title suggests, it has nothing to do with high technology. As it turns out, the secret isn’t much of a secret at all. Hackers have known about these techniques for years. Presented in a light, accessible style, you’ll get to ride shotgun with the authors on successful real-world break-ins as they share photos, videos and stories that prove how vulnerable the high-tech world is to no-tech attacks.

As you browse this book, you’ll hear old familiar terms like “dumpster diving”, “social engineering”, and “shoulder surfing”. Some of these terms have drifted into obscurity to the point of becoming industry folklore; the tactics of the pre-dawn information age. But make no mistake; these and other old-school tactics work with amazing effectiveness today. In fact, there’s a very good chance that someone in your organization will fall victim to one or more of these attacks this year. Will they be ready?

Dumpster Diving
Be a good sport and don’t read the two “D” words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny).

Tailgating
Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows.

Shoulder Surfing
If you like having a screen on your laptop so you can see what you’re working on, don’t read this chapter.

Physical Security
Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity?

Social Engineering with Jack Wiles
Jack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal “war stories” from the trenches of Information Security and Physical Security.

Google Hacking
A hacker doesn’t even need his own computer to do the necessary research. If he can make it to a public library, Kinko’s or Internet cafe, he can use Google to process all that data into something useful.

P2P Hacking
Let’s assume a guy has no budget, no commercial hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself.

People Watching
Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter we’ll take a look at a few examples of the types of things that draws a no-tech hacker’s eye.

Kiosks
What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash?

Vehicle Surveillance
Most people don’t realize that some of the most thrilling vehicular espionage happens when the cars aren’t moving at all!

Foreword by Kevin David Mitnick
Publisher Syngress, 2008
ISBN 1597492159, 9781597492157
285 pages

publisher
google books

PDF

Wil Allsopp: Unauthorised Access: Physical Penetration Testing for IT Security Teams (2009)

The first guide to planning and performing a physical penetration test on your computer’s security
Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.

Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.

– Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance
– Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels
– Includes safeguards for consultants paid to probe facilities unbeknown to staff
– Covers preparing the report and presenting it to management

In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.

Publisher John Wiley and Sons, 2009
ISBN 0470747617, 9780470747612
302 pages

publisher
google books

PDF