monogram with initials UKR

Social Engineering Isn't Hacking?

Updated: Under: technology Tags: #computing #hacking #bookReviews

Recently I picked up a copy of “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker”, for the unaware it’s Kevin Mitnick’s account of his hacker journey who eventually became “the Darth Vader of the hacking world”. His hacker journey starts with Phone Phreaking before the dawn of affordable personal computing.

Free Kevin movement stickers, 2600 Magazine
Image 1: Free Kevin movement stickers, 2600 Magazine
What prompted me to write this down was a lowly rated GoodReads review, where the reviewer was unimpressed that the “Hacks” of Kevin Mitnick as he was just “Talking on the phone”

I was not amused by this. Before I hit that reply button, I decided to explore why some were let down by the Hacks of Kevin Mitnick.

It’s really magic at the end of the day

The parallel of magic and hacking is one explored constantly throughout the book. I was thrown back to the popular quote on technology and magic,

“Any sufficiently advanced technology is indistinguishable from magic.”

Arthur C. Clarke

Personally even as an engineer with the knowledge of fundamental logic that makes a computer tick, some things do catch me off-guard in awe. Especially what man is able to accomplish with bits on digital logic.

Back to Mitnick, he’s first love was magic as well. But, we don’t know Kevin as the greatest magician but, as the greatest hacker.

“Fooling people with magic was cool. But learning how the phone system worked was fascinating.”

But magic isn’t really magic (I’ve seen Penn&Teller), It’s trickery. Just like what Mitnick did. A Magician really can’t defy physics, but what they can do is bend reality, the lens we see it in. Such as sleight of hand.

Primer On Social Engineering

Social Engineering in basic terms is a psychological manipulation of people into performing actions or divulging confidential information.

Like how magic exploits its weakest link, us and not anything else; It’s the same in hacking. Kevin was a master at it, he said in the book,

The social-engineering techniques work simply because people are very trusting of anyone who establishes credibility, such as an authorized employee of the company.

I’m not going to spoil any of the hacks on this post, if you’re interested checkout this Google Talk.

Witch-hunt for the first computer magician

In an apt sense for the magic parallel, at the end of the line just as a traveling magician, who wooed crowds with some sleight of hand. Is the first to get accused when some anomaly took place.

A traveling performer would amaze the local villagers with tricks and sleights of hand. Because they had no idea how he was doing those tricks, they couldn’t guess at the extent of his abilities. He seemed to have the power to make things appear and disappear at will. That was the point. But if anything went wrong—some cows died, the crops failed, little Sarah got sick—it was all too easy to blame the magician.

Kevin, vilified by the population and the law, was put in solitary confinement for unsafe time spans. Just because people were afraid of the unknown, even the apposition and media going far as saying,

“He can whistle into a telephone and launch a nuclear missile from NORAD,”

The end of the book, takes a truly dark turn as this real-life witch hunt takes place. He was denied bail, and it was a grim outlook.

the history of the United States had ever been refused a bail hearing. Not the notorious impostor and escape artist Frank Abagnale Jr. Not the serial killer and cannibal Jeffrey Dahmer. Not even the crazed stalker and would-be presidential assassin John Hinckley Jr.

But he survived, and after a plea agreement, got out and started Mitnick Security Consulting.

Conclusion

Ghost in the Wires, great book, read it! Some think of hacking as some magical concept, and yes there are clever exploits taking place(in the book). But at the end of the day Kevin was evading the law for fear, because he was misunderstood. And In this context, Social Engineering just works!

As for the question of “Social Engineering Isn’t Hacking?”, With this exploration, I’d personally say it is. Mitnick did bring the exploits of social engineering to the limelight, and started a revolution on tightening up security holes in complex systems which involve both computers and humans.