Low Tech Hacking: Street Smarts for Security Professionals [Paperback]

Jack Wiles (Author), Terry Gudaitis (Author), Jennifer Jabbusch (Author), Russ Rogers (Author), Sean Lowther (Author)

Book Description

Publication Date: January 2, 2012 | ISBN-10: 1597496650 | ISBN-13: 978-1597496650 | Edition: 1

Criminals using hacking techniques can cost corporations, governments, and individuals millions of dollars each year. While the media focuses on the grand-scale attacks that have been planned for months and executed by teams and countries, there are thousands more that aren't broadcast. Low Tech Hacking focuses on the everyday hacks that, while simple in nature, actually add up to the most significant losses. Attackers are using common techniques like social engineering, wireless hacking, and targeting and surveillance to gain access to valuable data. This book contains detailed descriptions of potential threats and vulnerabilities, many of which the majority of the information systems world may be unaware. Author Jack Wiles spent many years as an inside penetration testing team leader, proving these threats and vulnerabilities exist and their countermeasures work. His contributing authors are among the best in the world in their respective areas of expertise.

• Contains insider knowledge of what could be your most likely Low Tech threat
• Includes timely advice from some of the top security minds in the world
• Covers many detailed countermeasures that you can employ to improve your security posture

Editorial Reviews

Amazon.com Review

Top 10 List of Just a Few Things to Consider About the Locks that We Use at Home and at Work to Hopefully Make Physical Security Really Secure
By Jack Wiles, AKA “Low Tech Jack,” Lead Author, Low Tech Hacking

Jack Wiles

1. Learn More About Locks. Modern pin tumbler locks have been around, and virtually unchanged, since the mid 1800s. They have remained a mystery to most people until the Internet made the world a much smaller place. It's encouraging to see more people take an interest in learning how locks work, and how vulnerable some of them are to being bypassed using some very low-tech methods.

2. Check Your Locks. Locks are obviously mechanical devices and subject to mechanical malfunction. In every inside penetration test that I took part in, we found as least one lock that was not functioning because of lack of preventative maintenance or improper installation.

3. Buy Good Locks. When I'm in the hardware section of a store that sells locks, I like to watch people as they go about the process of selecting a lock for their home or school locker. Since most locks look pretty much the same on the outside, most people select the least expensive lock that they can find. These locks might work just fine, but from a security standpoint, as is usually the case, we get what we pay for. Invest just a little more and buy good locks.

4. Who Has The Keys To Your World At Work? Key control is absolutely critical in the business world. Many buildings have Master, Grand Master, and even Great Grand Master key coding systems. Many of these key systems have remained unchanged for years. It's important to know where these master keys (or any building keys for that matter) are, and who has copies of them. This is certainly the case if the keys use a key blank that is somewhat common and easily duplicated. I've been amazed to see the number of different key blanks that small key cutting vendors have on hand at local flea markets where keys can be duplicated for about $1, no questions asked.

5. Audit Your Locks. I've been preaching about the need to audit locks for many years now. I'm talking about a close functionality audit to insure that the locks are working properly, are installed properly, and that they show no signs of being tampered with, to include picking attempts. This audit could also be good Risk Management Due Diligence on an audit report.

6. Check Out YouTube. "If it's on YouTube, you had better know about it." While we were writing Low Tech Hacking, I found myself making that statement several times. YouTube is a great place to learn for the Good Guys, as well as any Bad Guys who want to see how things are done. If a picture is worth a thousand words, just how much is a 10- to 20-minute detailed video worth? If a lock picking or bypass method that describes the kind of locks that you have or use is described anywhere on the Internet, it's a good idea for you to know about it. The Bad Guys probably do!

7. Start a Lock Sport Enthusiast Group. When I started to learn about locksmithing back in the early 1970s, there were no lock sport enthusiast groups anywhere that I am aware of. Locksmithing and lock picking were more of a secretive art, and not something that the average person knew anything about. Two groups that I am aware of that encourage enthusiasts to make lock picking a sport, FALE Association of Lock Picking Enthusiasts and TOOOL The Open Organisation of Lockpickers, have websites where you can learn a lot about these interesting semi-ancient puzzles.

8. Don't Forget About Your Locks At Home. You just purchased a new (or new to you) home. Who has the keys to your new world? Unless your new home has very high security locks installed, you have no way of knowing who has a copy of the keys. For a home, I always suggest having the locks re-keyed, or installing new locks that you know won't work with whatever old keys are out there. That won't stop other methods of entry past those locks, but it will stop the lowest tech entry method of simply opening the door by using a copy of the original key. Key control and lock bypass methods in buildings is another story, and just as critical. That subject is addressed in our new Low Tech Hacking book in more detail than I can cover here.

9. Train Your Staff. Security Awareness Training is the most effective and overall least expensive security countermeasure that you can employ. Throughout the past 20 years, I have personally trained over 10,000 people in some form of awareness training, so I know how effective it can be. Employees want to help with security, and they will become an additional set of eyes and ears for a company when they are taught how important they are as a part of the security team. I don't provide awareness training anymore, so I'm not trying to sell training by this statement. It is important enough of a subject to me that I did have Mr. Sean Lowther write a complete chapter on the subject in our Low Tech Hacking book.

10. Purchase Deviant's Book--Practical Lock Picking. I really like Practical Lock Picking by Deviant Ollam (Syngress 2010). Our Low Tech Hacking book covers a number of other lock bypass methods, and we recommend Deviant's book to everyone interested in learning more about the art (and possible new hobby) of lock picking.

Product Details

• Paperback: 264 pages
• Publisher: Syngress; 1 edition (January 2, 2012)
• Language: English
• ISBN-10: 1597496650
• ISBN-13: 978-1597496650
• Product Dimensions: 7.5 x 0.7 x 9.2 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (19 customer reviews)
• Amazon Best Sellers Rank: #395,164 in Books (See Top 100 in Books)

Most Helpful Customer Reviews

2 of 2 people found the following review helpful

4.0 out of 5 stars Book has actionable things you can do to secure networks February 7, 2013

By Ben Rothke

Format:Paperback

ecurity guru Bruce Schneier has observed that for those organizations that have incorrectly deployed cryptography, it is akin to putting a big flagpole in front of your facility and hoping that it will stop any attackers from breaking in. Of course, attackers will simply go around the flagpole rather than running into it.

In Low Tech Hacking: Street Smarts for Security Professionals, the authors, all information security veterans bring their collective experience to the printed word and show how low-tech hacks can be just as devastating as a large-scale directed attack.

The authors show how these simple attacks can be obviated by simple technical solutions, and provide numerous examples.

One of the paradigms the book uses is around lock picking. The author notes that one thing about locks is that after all is said and done, locks don't change that much. So too with information security. Even though there is significant amounts of new technologies abound to catch new sophisticated attacks. The old school attack vectors of social engineering, poor password practices and more, are often the method in which attacks penetrate networks.

The book provides many tips which the reader can use to protect themselves against many of the most devastatingly simple attacks. For example, in chapter 2 on physical security, the book details a mini physical security risk assessment you can do. By focusing on the low-hanging fruit, many of the simply steps the authors suggest can delay the attackers long enough that they decide to try another victim.

The book also provides ample amounts of advice to security staffers that they can use to secure their network. Much of chapter 4 is around low-tech wireless hacking.... Many networks add wireless access for ease of use. But that user-friendliness also makes it easy for the attackers to connect to the network and launch their attack.

Overall, Low Tech Hacking: Street Smarts for Security Professional is a value reference for security professionals to use to ensure they are securing their networks adequately, to fend off the average attacker.

The authors have written a book that is light on theory, but heavy on actionable things the reader can quickly do to secure their network. And that is a very good thing. Read more ›

4 of 5 people found the following review helpful

5.0 out of 5 stars Handy and entertaining January 10, 2012

By dre

Format:Kindle Edition|Amazon Verified Purchase

The book introduced me to a ton of tools and methods for performing physical penetration-tests. It will be an invaluable resource when planning this portion of a penetration-testing methodology or program. It was very much updated since the last Syngress Press title on No Tech Hacking. There's even some tech wins and tech challenges in the book!

I highly recommend this book to anyone interested in social engineering or physical penetration-testing. The book makes excellent references to the other material and content available on the Internet and in print form, such as the social-engineer.org portal, and the recent book from Trace Security.

One thing the book doesn't mention is that keeping a steady heartbeat/pulse and keeping the sweat down can require rigorous training for some people! They do make it sound almost too easy!

3 of 4 people found the following review helpful

4.0 out of 5 stars not a long read but you will pick up some new tricks August 14, 2012

By tom sawyer

Format:Paperback

this book touches a number of areas. there are several authors combining their experience to create this book, all covering their area of expertise. while personally I found the majority of the book interesting, there is 1 chapter that was pretty bad. you can make the call yourself but it can be summed up this way: do not ever think about going into stand up. when I hit that chapter, I STRUGGLED to make to the end. more than once I had to stop, see how much longer I needed to suffer thru it and go back. the 'sense of humor' that attempted to be used in the chapter is about as funny as a chest wound. if you're spent any time reading various computer geek books, you'll understand. that being said (we'll just talk about the rest of the book. mercifully this was limited to a single chapter) the book does cover things I don't think are radically new concepts if you're spent any time hacking, auditing or doing some things you more than likely shouldn't have growing up. it will make you think about a few bad habits most people have (can't say I was never guilty) and exactly why it's a bad idea. I also picked up some inspiration for a few things I was looking to do in my professional career. overall, it was worth the time reading

2 of 3 people found the following review helpful

5.0 out of 5 stars This book shows you the trees AND the forest. March 19, 2012

By drcrystal

Format:Paperback

Jack Wiles and the gang have provided another great security book that is informative AND interesting! Anybody can write a textbook but there's so much value added when you have so many interesting personal experiences to write about. I plan to use this as one of my textbooks in information security. Not only is the style easy to read, but it's full of important information that helps you see the forest AND the trees. In security, it's easy to get bogged down with a bunch of technical details on protecting a network or hardening a server, but if someone just unlocks the door to the server room or shares their network password, none of those details matter. This book helps put the reader in the security mindset, teaching security principles that will guide both technical and non-technical security decisions for years to come.

2 of 3 people found the following review helpful

5.0 out of 5 stars Foundational Truth March 14, 2012

By Kevin Chalk @ Fortress Consulting

Format:Paperback

When I was first starting out in the IT and Security field, I was taught many valuable lessons. One of the most valuable went something like this, "Try the simplest thing first, often the simplest answer is the right one." Low Tech Hacking takes us back to that and takes it a step further, some times the simplest approach is the most scary. I was amazed at some of the techniques in this book that I had never tried, or even heard of. I am truly grateful to the authors for putting so much information in one easily accessible place. I am also thankful for them reminding us that one of our greatest liabilities is also one of our greatest assests: people. Properly trained people are key to any successful security strategy. That is one of the things that makes this book so helpful; it is written so non-professionals can understand and apply what they understand. My wife, who says I sound like the adults on Charlie Brown when I talk tech, enjoyed and understood the information presented here. Again, many thanks to the authors.