A Thoughtful, Analytical Approach to NGO Security

Breaking NGO IT with Low Tech - Suggested Readings

Discussion (here and here) regarding Bruce Schneier’s recent post on security mindset combined with recent interesting posts from friends regarding NGO IT security issues (here, here and here) has me thinking. It seems to me that social engineering, rather than a purely technological attack, is still the easiest route into most NGO’s networks. There is no need for anything too complicated. Most aid workers are somewhat trusting and helpful by nature making them easy targets for even relatively inexperienced social engineers.

Kevin Mitnick’s book, “The Art of Deception - Controlling the Human Element of Security” is a great introduction to social engineering. Kevin Mitnick was one of the world’s greatest hackers. He gained great notoriety for his ability to penetrate telephone and computer networks seemingly at will. What surprised many is that it wasn’t sophisticated technology that allowed him to do it. It was his ability to con or ‘pretext’ people into giving him the information he needed to access their systems. As he explains in the book the human factor was security’s weakest link.

Hint: If you search for “Kevin Mitnick The Art of Deception.pdf” Google you just might be able to find a free copy of Kevin’s book floating around the net.

To further develop your security mindset check out "No-Tech Hacking" by Johnny Long. Its a sample chapter from "Techno Security's Guide to Managing Risks for IT Managers, Auditors and Investigators". Johnny has since turned the chapter into a book in its own right. In the freely available sample chapter he covers tailgating, faking ID cards, lock bumping, shoulder surfing, dumpster diving and other low tech means of gaining forbidden access.

Happy reading and don't blame me if it keeps you up at night.

Other Stuff

Subscribe to Patronus in a feedreader
Subscribe to Patronus Analytical RSS Feed by Email

Low on bandwidth? Try this low graphics version


Lijit Search

Bloggers' Rights at EFF Global Voices: The World is Talking, Are You Listening?



Support CC - 2007

Creative Commons License
This work by Kevin Toomer is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Canada License.
Jun 2008
May 2008
Apr 2008
Mar 2008
Feb 2008
Jan 2008
Dec 2007
Nov 2007
Oct 2007
Sep 2007
Aug 2007
Jul 2007