Social Engineering Blogs

Introduction

‘Unmasking The Social Engineer‘ starts with a list of acknowledgements, coupled with an introduction. Now, this introduction gives us some insight into Hadnagy’s background and his motivation for writing this book. In it, he starts by asking us why we should care about nonverbal communication.

Well, anyone reading this review will know why he or she should care – because this is what we do. Any and all knowledge that enables us to engineer social situations effectively, defined as ‘actions that lead someone to take an action that may or may not be in their best interest‘, is knowledge we care about.

He asks us if we know what our ‘gut feeling’ is, and yes, we probably know intuition is a set of heuristics and value judgments (or ‘appraisals’) made subconsciously, based on past experiences.

He then remarks ‘No book has compiled all this research, and no book has shown you how to use these skills as a social engineer.‘ I partially disagree with the first, though not the second – however, ample websites (such as this sub) have shown people how to use these skills. These things have been compiled before, and worse than any of this: this book, as we will see, doesn’t do anything new or excel in any way regarding these topics.

In the next section, his relationship with Professor Ekman is then described, and it is part inspiring, and part sharing in Hadnagy’s joy. That is to say: I like it. He then proceeds to explain the contents of the book and how this book will be used.

All in all, a solid introduction, and Hadnagy comes over as very likable and earnestly humble — something I personally really appreciate.

Chapter One: What Is Nonverbal Communication?

Hadnagy starts with a brief explanation of what communication is (something covered more extensively in ‘Social Engineering: The Art Of Human Hacking‘. Then, he segues into nonverbal communication.

Curiously, when starting his preloading for this chapter, he asks why people are yawning or seeming otherwise uninterested during a hypothetical speech you’re giving, and answers the question of ‘Why?’ with ‘Because: nonverbal communication.’

Here, I have to ask ”Why’ what, Hadnagy?’ because he makes it seem as if the reason they’re uninterested is your failing nonverbal communication, not the reason why you, as the speaker, can notice them being bored. In that case, why didn’t he at some point in this book come back to that example and explain us how to engage a crowd with non-verbals? A minor and perhaps insignificant thing to point out, but it would have been fine for Hadnagy to use a different example that only made us imagine a single bored person. It just left me a bit confused as to his point, is all.

His eventual point of this section is that it is important to understand the extent and depth of the nonverbal communication and just how important it is.

Next, he lists seven different aspects of nonverbal communication: Kinesics (nonlinguistic body motions), proxemics, touch, eye contact, olfactics (smell), adornment, and facial expressions. He then, where needed, further subdivides these seven aspects into further areas. This entire section is completely functional, and it doesn’t seem like any examples here are filler – when condensed, I assume that it could be summarized into a table spanning about a page.

No information in this chapter will be novel to those who have ever read anything about nonverbal communciation, and followed news in that area (such as the readers of /r/SE). In total, it would take a few minutes to become aware and memorize this data.

His summary curiously doesn’t summarize the chapter, which is a trend in this book. So: In summary, there are seven different aspects of nonverbal communication. They have an incredibly large impact. A social engineer should know, notice and utilize them.

Chapter 2: What is Social Engineering?

As I said earlier, this is a recap of ‘Social Engineering: The Art of Human Hacking‘. It might as well not be here at all, unless this would be the first book for you to pick up on the subject. In which case, why not pick up ’Social Engineering: The Art of Human Hacking’?

Continue Reading – [008] Chapters 3 and 4

This section is necessary for both allowing some manner of brevity in the full impression segment, and defending the eventual conclusion of this review. This book is really more of an addition to his book ‘Social Engineering: The Art of Human Hacking’, than something stand-alone. Keep in mind how that impacts the page count.

The meat of the book begins at p.5 and ends at p.211. This means it spans 212 pages of content so far. First, we remove chapter 2, as it is a summary of ‘Social Engineering: The Art of Human Hacking’. This leaves us with 212 – (51-25) = 186 pages of novel content.

The first chapter loses 3 pages in images and one blank page, for a total of 4. (The rest has already been removed by starting the count at p.5.)

The third chapter loses 4 pages at the start, 12 pages throughout. Fourth loses 11,3 pages. Chapter 5 loses 13,4, chapter 6 10.3, chapter 7 loses 5.3 (which just so happens to be the best chapter, go figure – 3.3 if you don’t count the first two pages that show ‘Part 3’of the book), chapter 8 loses 4.6, chapter 9 loses 4.8.

This brings us to a generous estimate of 186 – 69,8 = 116,2 pages of novel, written content. This figure excludes direct quotations, unelaborated paraphrasing of other books, and repetition of content. (Would be closer to 95, if I were to give an estimate.)

But more important than any of this is the figure of novel information and content that hasn’t been done better elsewhere, which brings us to a very generous, rounded-up total of 20 pages of worthwhile content for an amateur social engineer. (Less for those who’ve read any book on non-verbal communication or deception before.) This is less than 10,000 words at its low word/page count (~400), or less than the expected total length of this review.

You will see how I got to this number in the next section. For now, it is important to remember that every book will have a similarly low fraction of its complete content be novel, however, very few books of this caliber, and definitely those by writers the likes of Hadnagy, have such a low amount of over-all utility. (Read the conclusion for my thoughts on why.)

For contrast, compare to it to ‘Social Engineering: The Art of Human Hacking’, which had more than 200 pages of worthwhile content when it was released (and still around that very same number today), and consider that it had a lot more words per page (I’d say around 525, or 25%+ more), and we’re left to conclude that ‘Unmasking The Social Engineer’ wouldn’t have been more than two short chapters when added to ‘Social Engineering: The art of Human Hacking.’

Continue Reading – [007] Introduction and Chapters 1 and 2

There were four main types of interpretations, in no particular order of frequency:

– The first posited that they were clearly having an argument of some kind, and that the woman was frustrated with the conversation and ‘biting her tongue,’ so to speak.

– The second was that the girl had clearly done something wrong, and the man was being stern and disappointed, alternately with or without anger, and the girl was looking away innocently, as you would see an 8-year old in a TV-Sitcom do. (Note that I say ‘girl’ only because this is how they called her within that interpretation.)

– The third was that the woman was recalling some sort of happy memory and thinking of it fondly, after having been triggered to in some way by the conversation.

– The fourth was that the woman was recalling some sort of happy memory and thinking of it fondly, with the man just being an onlooker and having nothing to do with it. (And interpretations of what he is doing vary wildly.)

The first implies the woman is frustrated, the second the woman is dismissive of the man’s concerns, the third implies she is happy, and the fourth imagine she is both happy and not even interacting with the man. These are wildly different interpretations for what should be a pretty clear and concise training exercise.

Hadnagy surely knows that a 90 degree angle is a very safe angle for most people, even within personal or even intimate space – though, of course, this is less the case when there is eye-contact. On YouTube, Apollo Robbins gives a great explanation and demonstration of this. However, I don’t think his potentially not knowing this is the problem. Instead, what was probably glossed over is the fact that the reader makes his own interpretation of the _relevance_ of the angle, and does not necessarily know why they are in that angle in the first place.

Maybe Ben has just approached and is now standing there, frustrated or otherwise, waiting for Selena to stop day-dreaming and be given attention? This explains interpretations 3 and 4.

Maybe Ben is standing in that angle because he is frustrated with Selena, like in interpretations 1 and 2, but in a fifth possible interpretation, she might not even be aware he’s there, angry with her.

In that case, as I believe Hadnagy would agree, it would be entirely the wrong move to approach Selena at all, as you’ve just taken away the attention that Ben couldn’t get – what a horrible situation to be in!

So really, I don’t believe this should be a matter of interpretation, given Hadnagy states it is at least part science, and that is the problem with these ‘caricatures’ or ‘set-up’ photo’s – instead, use real photo’s and describe us the situation after we’ve tried to analyze it. That would’ve been vastly more effective, wouldn’t you agree?

To get back to my original point, analyzing just one situation with every possible interpretation would’ve been vastly preferable to meaninglessly glancing over several – because it would’ve illustrated the inherent flaws arising from lack of proper context and have shown the many ways to incorrectly assess both correctly and incorrectly observed data.

Interestingly, this is similar to what I’ve done here – rather than listing all the bad examples, I raised two examples and dissected them thoroughly. This gives the audience a clearer understanding of what is going on, without overloading them with examples that are meaningless to them, or at worst counterproductive and confusing. It’s an effective teaching method.

That is my first major complaint.

My second complaint has to do with the feeling it instills to a potential student of non-verbal communication within social engineering, which seems to be Hadnagy’s main demographic.

This only applies slightly to myself, and more so to the people I’ve polled, among which were some social workers, counsellors and psychology students. My question was: “If I hadn’t opened with the disclaimer that no answer is wrong, and instead this would’ve been part of an emotional recognition test, within either the learning part of a course of examination of that course, what would you be feeling right now?”

Unanimously, they came to conclusion that they would’ve felt either ‘betrayed’ (by the author), ‘indignant’ (for being told they’re wrong when they’re clearly right) or ‘stupid.’ The ‘stupid’ aspect, I can only assume, comes from the fact that even after relooking at the picture, it was difficult to find a way to rationalize ‘coming on strongly’ and ‘discomfort’ were the only explanation, let alone an intuitive one. This seems completely contrary to ‘Unmasking the Social Engineer’s’ aim to be a teaching tool.

One problem is that it (subconsciously) gives us the impression that either Hadnagy is unaware of simple things that we all should know, or that we’re idiots for not noticing such simple things – a feeling, I feel, that a lot less experienced people will have more, and they will be disappointed by themselves as a result. It leads us to feel dumb, not empowered or enlightened – and fools rather than students.

Of course, I don’t agree that feeling ‘indignant’ here is the intended or expected response, mostly because Hadnagy never tells them anything even remotely capable of making us feel that way, but to reprise an old point: “It doesn’t matter what you say – people will remember how it made them feel.”

My suggestion: either be general enough to not have such obvious exceptions, or be specific when using these examples. Again, a short disclaimer could have fixed this problem, and helped ease the reader.

Maybe they used hyperbolic naming for emotions that are not quite so pronounced, but reasonably, they should not be there at all.

Before I conclude this point, my samples also thought the p.69 image didn’t at all show a “perfect example of a confident man” – but a creepy, weird, ‘downy’ man instead. I can only assume this is due to the awkward angle, or perhaps a quality of the lens. The image is entirely unsettling, and I can’t for the life of me imagine Ekman and Kelly both not realizing this.

Perhaps it’s because they are too busy finding what they know is there, rather than seeing the image, and the book as a whole, as a novel situation from the perspective of the reader – which is a thing everyone does, and three legends are no exception.

Continue Reading – [006] Page Count