Interrogation of Mitnick in Hackspace
After speaking to business people , Kivin Mitnick graciously accepted an invitation to attend an informal meeting in Moscow hackspace .
This article is based on the " memories " of the participants; these memories may have no connection with reality, but simply be an act of social engineering .
')
(when writing this text, no Snowden was hurt)
GSM Specialist
It was interesting to hear Kevin's opinion about snowing information:
“There are stupid people in the United States who believe that this [tracking all citizens] really helps national security. But many people understand that tracking does more harm than good. But I believe that he had in vain leaked information about how we follow foreigners. All this is done, there is no secret, but an open publication can lead to negative consequences for us. ”
Well, Kevin also said that Snowden probably had a lot more information with him than he gave to the press. And that he is very, very surprised at how poorly the protection of information is arranged inside the NSA .
Member 0365
Pretext is very important, you need to spend a lot of time on it; relationship of trust - it is important to find and use (company branches, contractors, etc.)
In training, the main thing is practice; if I had to teach someone, I would have to practice as much as possible.
Books by Cialdini [ Robert Cialdini ] - must read, the basic principles really work (authority, reciprocity, etc.)
It's funny when people prepare to call and write down the text (script) - I always believe in the story I tell [the victim]
Real soc. engineering is not a ready pretext and action in one move, it is improvisation and movement towards the goal in several stages.
Yes, in the end, the person will execute the code that you have sent - but he must do it with the feeling that he is receiving something important and necessary for him - service, information, etc. This allows you to divert his attention from the very fact of code execution.
Kevin Mitnick: “According to the results of pentest, we decided to make a gift to admins - to give copies of my book, and sign it with“ their favorite password ”(obtained during the test). I thought it would be a good joke, but everyone was very tense - it turns out that many people used the same password for Internet banking. ”
DefCon Member
Once again, the most important thing is practice. Everything that is written both in “The Art of Deception ” and in “The Psychology of Influence ” is a very interesting and useful theory (although, of course, only the basics), but you need to remember that these are not textbooks, and just acting according to an algorithm will not go far (the same as meeting girls)
The second important detail is the enjoyment of the process. This, of course, applies to any work, but there really is absolutely no way at all, otherwise it will just work out “on a piece of paper” and will most likely disappear. And here we just talked for a long time that the process is much more fun than the result itself.
Finally, the third is that SI (Social Engineering) can be used in life, but you should not abuse it. Hitchhiking and getting a free ticket to a concert is cool and fun, but trust between loved ones is important. Even Kevin said that poker is a rather boring game, because everyone is doing what they are bluffing (however, he later agreed that the opponent’s cold reading is also cool.
Robotics developer
My own questions to Kevin were our data. It is a lot of ways to make it easier to use it. on us, how to guard against that. Basically, don’t let him keep it!
Member 001
U: How do you maintain the proper level of technical knowledge?
Mitnick: I hire people smarter than myself. And learning from them.
This article is based on the " memories " of the participants; these memories may have no connection with reality, but simply be an act of social engineering .
')
(when writing this text, no Snowden was hurt)
GSM Specialist
It was interesting to hear Kevin's opinion about snowing information:
“There are stupid people in the United States who believe that this [tracking all citizens] really helps national security. But many people understand that tracking does more harm than good. But I believe that he had in vain leaked information about how we follow foreigners. All this is done, there is no secret, but an open publication can lead to negative consequences for us. ”
Well, Kevin also said that Snowden probably had a lot more information with him than he gave to the press. And that he is very, very surprised at how poorly the protection of information is arranged inside the NSA .
Member 0365
Pretext is very important, you need to spend a lot of time on it; relationship of trust - it is important to find and use (company branches, contractors, etc.)
In training, the main thing is practice; if I had to teach someone, I would have to practice as much as possible.
Books by Cialdini [ Robert Cialdini ] - must read, the basic principles really work (authority, reciprocity, etc.)
It's funny when people prepare to call and write down the text (script) - I always believe in the story I tell [the victim]
Real soc. engineering is not a ready pretext and action in one move, it is improvisation and movement towards the goal in several stages.
Yes, in the end, the person will execute the code that you have sent - but he must do it with the feeling that he is receiving something important and necessary for him - service, information, etc. This allows you to divert his attention from the very fact of code execution.
Kevin Mitnick: “According to the results of pentest, we decided to make a gift to admins - to give copies of my book, and sign it with“ their favorite password ”(obtained during the test). I thought it would be a good joke, but everyone was very tense - it turns out that many people used the same password for Internet banking. ”
DefCon Member
Once again, the most important thing is practice. Everything that is written both in “The Art of Deception ” and in “The Psychology of Influence ” is a very interesting and useful theory (although, of course, only the basics), but you need to remember that these are not textbooks, and just acting according to an algorithm will not go far (the same as meeting girls)
The second important detail is the enjoyment of the process. This, of course, applies to any work, but there really is absolutely no way at all, otherwise it will just work out “on a piece of paper” and will most likely disappear. And here we just talked for a long time that the process is much more fun than the result itself.
Finally, the third is that SI (Social Engineering) can be used in life, but you should not abuse it. Hitchhiking and getting a free ticket to a concert is cool and fun, but trust between loved ones is important. Even Kevin said that poker is a rather boring game, because everyone is doing what they are bluffing (however, he later agreed that the opponent’s cold reading is also cool.
Robotics developer
My own questions to Kevin were our data. It is a lot of ways to make it easier to use it. on us, how to guard against that. Basically, don’t let him keep it!
Member 001
U: How do you maintain the proper level of technical knowledge?
Mitnick: I hire people smarter than myself. And learning from them.
Source: https://habr.com/ru/post/194004/
All Articles