Criminals using hacking techniques can cost corporations, governments, and individuals millions of dollars each year. While the media focuses on the grand-scale attacks that have been planned for months and executed by teams and countries, there are thousands more that aren't broadcast. "Low Tech Hacking" focuses on the everyday hacks that, while simple in nature, actually add up to the most significant losses. Attackers are using common techniques like social engineering, wireless hacking, and targeting and surveillance to gain access to valuable data. This book contains detailed descriptions of potential threats and vulnerabilities, many of which the majority of the information systems world may be unaware. Author Jack Wiles spent many years as an inside penetration testing team leader, proving these threats and vulnerabilities exist and their countermeasures work. His contributing authors are among the best in the world in their respective areas of expertise.This book contains insider knowledge of what could be your most likely Low Tech threat; includes timely advice from some of the top security minds in the world; and, covers many detailed countermeasures that you can employ to improve your security posture.
Acknowledgments ix
Foreword xi
About the Authors xiii
Introduction xv
Chapter 1 Social engineering: The ultimate 1 (30)
low tech hacking threat
How easy is it? 2 (1)
The mind of a social engineer 3 (1)
The mind of a victim 3 (1)
Tools of the social engineering trade 4 (1)
One of my favorite tools of the trade 5 (2)
Social engineering would never work 7 (1)
against our company
What was I able to social engineer out of 8 (1)
Mary?
The final sting---two weeks 8 (1)
later---Friday afternoon
Why did this scam work? 9 (1)
Let's look at a few more social 10 (8)
engineering tools
Keystroke logger---Is there one under 13 (3)
your desk?
One of my lunchtime tools 16 (2)
Let's look at that telephone butt-in set 18 (1)
on my tool belt
Meet Mr. Phil Drake 19 (3)
Meet Mr. Paul Henry 22 (4)
Traditional AV, IDS, and IPS 25 (1)
considerations
Traditional firewall consideration 25 (1)
Flaw remediation 26 (1)
Do you have a guest user of your credit 26 (1)
card?
A few possible countermeasures 27 (2)
Always be slightly suspicious 28 (1)
Start to study the art of social 28 (1)
engineering
Start a social engineering book library 28 (1)
Summary 29 (2)
Chapter 2 Low tech vulnerabilities: 31 (20)
Physical security
A mini risk assessment 32 (2)
What did I have at risk? 32 (1)
What were some possible threats while 33 (1)
out on the lake?
What were some of the possible 33 (1)
vulnerabilities?
And finally, what about my 34 (1)
countermeasures?
Outsider---Insider threats 34 (1)
Some things to consider for the security 35 (5)
of your buildings?
Check all locks for proper operation 35 (1)
Use employee badges 36 (1)
Shredder technology keeps changing as 36 (1)
well
Keep an eye on corporate or agency 37 (1)
phone books
Unsecured areas are targets for 38 (1)
tailgating
Special training for off-shift staff 39 (1)
Bomb threats in Chicago 40 (2)
Check those phone closets 42 (1)
Remove a few door signs 42 (1)
Review video security logs 43 (1)
Consider adding motion-sensing lights 43 (1)
Subterranean vulnerabilities 44 (2)
Clean out your elephant burial ground 46 (1)
Spot check those drop ceilings 47 (1)
Internal auditors are your friends 47 (1)
Bonus: Home security tips 48 (1)
Summary 49 (2)
Chapter 3 More about locks and ways to low 51 (36)
tech hack them
A little more about locks and lock picking 52 (8)
What kinds of locks are the most 54 (3)
popular?
Purchasing better quality locks will be 57 (1)
cost effective
Be aware of lock vulnerabilities 58 (2)
Forced entry---and other ways to cheat! 60 (3)
A time-tested low tech method of forced 61 (2)
entry
Let's break into a semi-high security room 63 (7)
Retracting the bolt to open the door 64 (2)
Gaining access to the lock itself 66 (4)
Keys and key control 70 (1)
Social engineering and key access 70 (1)
Who has the keys to your kingdom 70 (1)
Special key control awareness training 71 (1)
Bait and switch war story that could 71 (3)
happen to you
Padlock shims are not a new threat 73 (1)
Some places to go to learn and have some 74 (2)
fun
My 110-year-old puzzle 75 (1)
More about keys and how to make one if 76 (3)
you don't have one
Five pounds of my favorite keys 77 (2)
Ways to make a key if you didn't bring a 79 (2)
key machine
One final lock to talk about and then 81 (4)
we're done
Rim cylinder locks vs. mortise cylinder 83 (2)
locks
Summary 85 (2)
Chapter 4 Low tech wireless hacking 87 (50)
Wireless 101: The electromagnetic spectrum 87 (4)
Why securing wireless is hard 90 (1)
802.11 and Bluetooth low tech hacks 91 (1)
DoS and availability 91 (21)
Layer 1 DoS attacks 91 (13)
Layer 2 DoS attacks 104 (8)
Backdoors and cracks 112 (8)
Crack attack 112 (3)
Tap, tap. Mirror, mirror ... on the 115 (1)
wallplate
Guesssst who got in 116 (1)
Peer-to-peer-to-hack 117 (2)
Ad hoc, ad finem 119 (1)
Going rogue 120 (6)
Marveling at the gambit of rogues 121 (1)
New SSID on the street 122 (2)
It's a bird ... it's a plane ... it's a 124 (1)
Rogue?
Bridge bereavement 125 (1)
Assault by defaults 126 (4)
Open sesame 127 (1)
Default WPA keys 127 (2)
More Google hacking 129 (1)
Bypassing specific security tools 130 (4)
Going static 131 (1)
Counterfeit MACs 132 (1)
MAC switcharoo 133 (1)
<html>Free Wi-Fi</html> 134 (1)
Summary 134 (3)
Chapter 5 Low tech targeting and 137 (26)
surveillance: How much could they find out
about you?
Initial identification 139 (3)
Property records, employment, and 142 (2)
neighborhood routes
Disclosure on social networks and social 144 (2)
media
Financials, investments, and purchase 146 (3)
habits
Frequented locations and travel patterns 149 (3)
Third party disclosures 152 (2)
Use of signatures 154 (1)
Automated surveillance 155 (1)
Target interaction 156 (2)
Scanners and miniatures 158 (1)
Summary and recommendations 159 (4)
Recommendations 160 (3)
Chapter 6 Low tech hacking for the 163 (16)
penetration tester
The human condition 164 (2)
Selective attention 164 (1)
Magic is distraction 165 (1)
Building trust and influencing behavior 166 (1)
Technology matters 166 (3)
USB thumb drives 166 (2)
CDs and DVDs 168 (1)
Staging the effort 169 (1)
Target organization 169 (1)
Getting things in order 170 (4)
Deciding on location 171 (1)
Choosing the strategy 171 (1)
Choosing the technology 172 (2)
A useful case study 174 (3)
Approaching hotel staff 175 (1)
Approaching conference staff 176 (1)
Conclusion 176 (1)
Summary 177 (2)
Chapter 7 Low tech hacking and the law: 179 (14)
Where can you go for help?
Meet Mr. Tony Marino 180 (7)
Low tech hacking interview with Tony 180 (7)
Marino, U.S. Secret Service (retired)
Meet Special Agent (SA) Gregory K. Baker, 187 (1)
FBI
Low tech hacking interview with Special 187 (6)
Agent (SA) Gregory K. Baker, FBI
Summary 191 (2)
Chapter 8 Information security awareness 193 (34)
training: Your most valuable countermeasure
to employee risk
An introduction to information security 194 (4)
awareness
The people and personalities of 194 (2)
information security awareness
Data theft and employee awareness 196 (2)
Designing an effective information 198 (9)
security awareness program
Repetition is the aide to memory 199 (1)
Touch points 199 (1)
To team or not to team, that is the 200 (1)
question
Creating a business plan for your 201 (1)
Information Security Awareness Program
The presentation 202 (2)
Components of an awareness program 204 (1)
Next steps 205 (1)
The Classification of Data Matrix 205 (1)
Manager's Quick Reference Guide 206 (1)
Finding materials for your program 207 (1)
The importance of a good editor 207 (1)
Implementing an information security 207 (9)
awareness program
Who writes the awareness standard? 209 (1)
Finding win-win solutions 210 (1)
Building a perpetual awareness program 210 (1)
Who should take the training? 211 (1)
Getting the program off the ground 211 (1)
Making information security accessible 212 (1)
A lesson learned 212 (1)
The dollars and cents of your program 213 (1)
Above and beyond 214 (2)
Making security part of the company 216 (5)
mind-set
The importance of communication with 216 (1)
other lines-of-businesses
Let's talk more about alliances 217 (3)
Keeping your program viable 220 (1)
Other resources 220 (1)
Measuring your program's success 221 (2)
Identifying key components and 222 (1)
cumulative results
Summary 223 (4)
Index 227
新书报道