All in all, ‘Unmasking the Social Engineer’ seems too much like the addendum that could have been added in a reprint of ‘Social Engineering: The Art of Human Hacking’. That way, at least, it’d have been worth the cost, as it is as expensive as its older brother, but not quite as valuable. Was it worth it to me personally? Yes. But, I’m a collector, an S.E. enthusiast, and have ample room in my budget.

To anyone who is interested in social engineering as an art or science – passing or otherwise? Not really. Does it fulfill its role as a protective tool against non-verbal communication? Again, not really. There’s just too much of an awkward balance between in-depth explanation and practical advice. It doesn’t feel specific and structured enough to be a blueprint, and not inclusive enough to be a handbook.

And, it’s not practical and demonstrative enough to be either of those. So, I’m left stranded as to who to recommend this to – because honestly, I’d much prefer to recommend Ekman’s work and explain its application in a much more condensed format.

This long list of sometimes seemingly insignificant complaints might give you the impression that I believe ‘Unmasking the Social Engineer’ is a bad book. It’s not.

It’s characteristically fun to read and well-written, well-researched and competently edited – I really do mean that. Hadnagy, Ekman and Kelly are all absolutely brilliant – geniuses in their respective professions. the former two have been my idols and examples for many years, and that isn’t without reason.

However, this amalgamation of awesome names and backgrounds does not hide the fact that ‘Unmasking the Social Engineer’ doesn’t really fit in anywhere, nor does it excuse it its faults. It is clear what it set out to do, and it it’s also clear what it became instead. Maybe it would fit as a quasi-handbook mostly read in preparation of Hadnagy’s consultation and auditing services, where he can demonstrate its application and answer questions and expand more thoroughly on raised topics in person. Otherwise, and to anyone with any time on their hands, there are plenty of better alternatives.

It is serviceable, but it does not stand well on its own – it simply doesn’t provide enough deeper understanding or contextualization to match Ekman’s books plus an evaluatory article or two and a list of exercises. Those will inevitably accomplish far more, and provide both beginning and advanced social engineers with a more complete, if not a more well-rounded experience.

And to be blunt, if he were to paraphrase and condense this book’s contents into a couple of rules to follow and a couple of exercises to practice, (e.g. ‘Always ask for ID and external authorization – no exceptions’), with a short seminar explaining the more fundamental ‘how’s’ and ‘why’s’, I think he’d end up providing the client companies’ personnel with both more practical and intuitive ways to defend themselves against Social Engineering attacks.

One good thing about reason I will share, is that it did provide a nice basis and motivation for comfortably reassessing the ways in which I’ve been putting Social Engineering into practice, and imagine possible new applications of the things listed in the book – an elaborate sequence of thought experiments, if you will. However, that occurs naturally with any piece of information, not just this book, so take from that what you will.

Over-all, I ended up finishing this book with the strong impression it was not worth my time, if only because I didn’t need this book in the same way that I needed ‘Social Engineering: The Art of Human Hacking‘ – it’s just not definitive, exhaustive and expansive enough. It doesn’t encapsulate enough for me to forget the fact that I already know what’s in here in vastly more detail.

Maybe I’m just not his audience anymore – but if so, neither is the rest of the /r/socialengineering community.

Still, I don’t regret buying this book. Why? Well, because there is no person out there responsible for the defining, refining and promoting of an entire discipline of applied psychology quite like Christopher Hadnagy is. He is a legend, a champion, and a sage of Social Engineering – and he deserves all due recognition and credit for it. Ultimately, though, my personal celebration and veneration of his person is not sufficient reason for you to spend money on this one book I am certain you won’t need.

With love,

– Joven

Chapter 8: The Nonverbal Side of Elicitation

Chapter 8 opens with Robert Dreeke’s ‘Top Ten Principles for Building Quick Rapport with Anyone,’ which he has listed once before in this book. They are:

1. Artificial time constraints.
2. Accommodating non-verbals.
3. Slower rate of speech.
4. Sympathy and assistance themes.
5. Ego suspension.
6. Validation.
7. Ask how, when, why questions.
8. Quid pro quo.
9. Reciprocal altruism.
10. Manage expectations.

For more information, I recommend Googling ‘Robert Dreeke 10 Principles Building Rapport.’

Though I haven’t yet fully read Robert Dreek’s ‘Not All About “Me,”‘ I do feel that this list is missing some key rapport building techniques, most notably ‘Mirroring,’ where you mirror the targets gestures, stance and manner of speech.

Hadnagy then lists a few questions that typically go through the head of someone being approached:

– “Who is this?”

– “What does he want?”

– “Is he a threat?”

– “How long will he be a part of my life?”

He then goes down Dreek’s list point by point, explaining how they each answer one or more of those questions. Though interesting, it’s nothing you wouldn’t find by Googling those principles – and again, could have been shorter.

Finally, we get to the eyebrows, the last part of the body that wasn’t specifically covered yet, and how they are used to communicate conversational signals.

Take Hadnagy’s advice and learn all about them by just noticing the eyebrows as you see people talking, and as you are talking to people. Replicate the expression you’d make under the circumstances of disbelief, astonishment, skepticism, and notice the situations where you’d make use of a head nod and head bobbling. Practice using them more frequently to show you’re engaged in the conversation.

Chapter 9: Putting It All Together:

This chapter shows two things very clearly:

1) This book never gets around to becoming a proper learning experience. It falls short of whatever its intended goal is.

2) Hadnagy is a true inspiration and it is no surprise why he is still a hero of mine, and a shining example of what I hope I can someday be.

It is so clear that this book, and his previous, and Social Engineering as an art and a science, is so deeply personal to Hadnagy. I don’t think anyone can quite say they have the passion and knowledge and presence that Hadnagy has in this field. To me, he is the lifeblood of Social Engineering.

He has such an obvious concern for the well-being of not only his clients, but his readership, and people in general. He is not only one of the best, if not the best social engineer, but deeply and profoundly moral as well.

He and I agree that intent, not method, decides morality. What he understands better than anyone, however, is that education and then action is the fix for most, if not all the dark that we humans create. Knowledge, and the motivation to use that knowledge.

Hadnagy often states, and now is no exception, that your goal should be to ‘Have them feel better for having met you,’ with which I couldn’t agree more.

His other advice includes using skilled and experienced ‘training partners’ when learning Social Engineering ‘self-defense,’ which is generally good advice, and he advises us to practice (perfectly) often, until all of it becomes second nature, or at least intuitive to some degree.

Lastly, in conclusion of his book, he asks of us all that we learn and teach to think critically about all information, not just some. Explore and test your realities and their limits, including everything you take for granted on a daily basis, like a woman in orange work uniform asking you if you ‘are willing to donate to ‘charity x’.’

If by any chance Hadnagy should ever read this, and not be discouraged or dissuaded from reading to this point, I would like to thank him, from the bottom of my heart, for the knowledge and inspiration he has given me over the years.

Without him, none of what I do would be possible. And without doing what I do, I wouldn’t have been where or who I am. And, I hope to have done him proud in some way, even if he vehemently disagrees with every single point I’ve raised. Even if I’ve made some ludicrous assertions, or some glaring errors, or just generally have not thought everything through quite as well as I thought.

I hope he can appreciate this for what it is: my own personal excursion of critical thought, and my own testing of limits and the status quo.

Continue Reading – [011] Conclusion

Chapter 5: The Science Behind The Face

For those who don’t already know, Ekman identified seven universal emotions, that all show in uncontrollable ‘micro-expressions’ (you can Google it, or check my Encyclopedia), namely Anger, Happiness, Sadness, Surprise, Fear, Disgust and Contempt.

If you want to learn anything about this subject matter (which I hope you would if you’ve considered buying the book I’m reviewing right now), then simply Google FACS (or buy Ekman’s ‘Emotions revealed‘) and use Ekman’s Micro-Expression Training Tool (METT). This is also the summary of this chapter.

Chapter 6: Understanding Nonverbal Displays of Comfort and Discomfort

Using what has been written earlier in the book and some snippets of new information, this chapter explains how to notice, analyze and utilize displays of comfort and discomfort.

(Except, not really. It tells us various signs of comfort and discomfort, and the fact that you should analyze them is implied in the subject matter. How? Granted, the chapter title never says it will train you in doing any of it, but then what is the point in reading it when other books_ do? _But there is hope! Chapter 9, ‘Non-Verbal Communication and the Social Engineer’ will surely fill out all these gaps, won’t it? Eh…)

New area: Neck and Face Pacifying. Strong indicators of discomfort. Watch for changes. Watch for tells. Find out why.

Another new area: Mouth Covers. Show of shock or surprise, strong indicator of discomfort. Watch for changes. Watch for tells. Find out why.

Another new area: Lips. Lips show signs of emotion. Can indicator discomfort or hesitation. Watch. Watch. Find.

Fourth area: Eye Blocking. Indicates sadness. Not going to bother with the rest.

Last area: Self-comforting and Head Tilts. See above.

This chapter was definitely more worthwhile than the others, if only because these area’s aren’t mentioned as often elsewhere as the others are, but they are still bits of information that are already known to must of us and didn’t need the amount of space they were given to be explained to newcomers.

Chapter 7: The Human Emotion Processor

This is the one. This is the chapter that made me doubt my own sanity – my own skillset, my entire opinion of this book and my entire opinion of myself. The reason for it was simple: This book had me hoping, against all odds and past experience, that it was going to be worthwhile – something extraordinary, something revolutionary, or at least something that showed why Christopher Hadnagy is the one that sets and raises the bar when it comes to detailing all facets of Social Engineering. And, this chapter seemed to be a turning point.

The obligatory ‘our brain is a computer’-metaphor was rhetorically satisfactory, and did what it set out to do without using up too much space and time. It is followed by some important (though not novel) things to remember and be aware of:

1. Our emotion affects our perception and reaction to a situation. Our emotions modulate our perceptions and affect memories as well, allowing them to trigger very strong reactions.

2. Emotion involves an appraisal process that occurs in our internal processors to create a response. For comparison, look at the oft-repeated adages ‘Things are what we make them.’ and ‘No one can hurt you without your consent.’

He moves on to the amygdala, where the key take-aways are that the 1) amygdala creates a response before we’re even consciously aware something happened, and 2) the amygdala requires only a single negative experience to decide that something is a threat.

He then raises the interesting notion that ‘there must be a way to hijack someone’s amygdala to create the emotional content that you want in there,‘ and with that, my heart started racing.

Perhaps irrationally, but I hadn’t been this enthused to read on and soak up information since I first read Daniel Wegner’s ‘Illusion of the Conscious Will,’ or Stuart Sutherland’s ‘Irrationality‘ (my own personal introduction into the amazing realm of psychology), or even Carnegie’s ‘How to Win Friends and Influence People.’ I was prepared to have my mind be blown, feel ten times smarter than I had been before, now aware of this amazing piece of knowledge that I had needed all along to transcend to a higher plane of being.

Contrary to what you might assume, I was not disappointed in that regard. Or in that regard, I should say.

Because my other belief was that this chapter would redeem the minimal quantity of compelling content the book had provided this far. That, needless to say, wasn’t the case.

You have to understand that it takes a very little to please me – I love learning things. If I can read a book and see even one thing in a completely new perspective, I’ll be left satisfied. Well, I did have a moment like that. It did please me, and it was little. One line, actually:

In this first section, we learn ‘Triggering, or hijacking, the emotional, empathetic, or social regions of the brain can shut down the person’s ability to think logically.’

A sort of an Emotional Human Buffer Overload, you could say. Had I not already heard of this? Of course I had. ‘Flipnosis‘ by Kevin Dutton makes mention of it, and in fact bases an entire book around the idea. But I had never thought that it could be applied so broadly – the endless new possibilities raced through my mind, and it left me manic and giddy like a child for the briefest moment.

All in all, it comes down to this: ‘Activate someone’s empathy centre. Activate their social centre. Activate their emotional centre. Use microexpressions or other means of non-verbal communications to do so. Exploit their moment of mental weakness.’

That is my personal summary, anyway. Now I’m left to ask myself the question: ‘Since you (the reader) now know this, if you didn’t already, what other things of note does the book provide? What makes it an essential book to have?’ I’ll answer that question in this review’s conclusion.

Moving on, we must remember that ‘The brain subconsciously recognizes nonverbal communications and then reacts.’

Then, ‘… our nonverbal communications play a major role in our reactions to a given situation,’ which is important to realize because:

1) ‘Learning to read other people’s nonverbal communication can help you understand their true intentions and motivations.’

2) Your own expression and non-verbals can give-away emotions your pretext doesn’t support, and controlling them is essential when trying to influence the other person emotionally.

3) When you’re aware of not just the emotional state of your pretext, and not just the emotional state of your target, but also the emotional state of the room you’re both in (the ‘atmosphere’), then you can set your own emotions to match and be more convincing as a result.

The rest is anecdote, which is actually something I wanted to touch on: Hadnagy’s anecdotes are, as always, an absolute pleasure to read. He really makes his own personal adventures come to life in our minds, and for that briefest of moments, we feel like the social engineer Hadnagy is — the one we all wish we could be.

However, there are simultaneously too few and too many anecdotes, and if I were to ask for more, I’d ask Hadnagy to write an autobiography, not an instructional book.

This chapter was by far the most interesting and stimulating one in the entire book. I have no real criticisms to levy at it, except for it being far too little of a good thing, and far too late.

Continue Reading – Chapters 8 and 9