A great overview of what it takes to hack humans
Reviewed in the United States on 7 February 2021
## My One-Sentence Summary
<em>A hacker's entertaining summary of all the basics around influencing people.</em>
## Table of Contents
- Your New Superpower
- Know Yourself, So You Can Know Others
- Become the Person You Need to Be
- Nail the Approach
- Make Them Want to Help You
- Make Them Want to Tell You
- Stop Deviousness in Its Tracks
- Let Your Body Do the Talking
- Polish Your Presentation
- Putting It All Together
- The book uses many examples from his hacking career to illustrate points
- The content is well-laid out
- I really love his focus on ethics and morality in how he talks about these topics, going so far as to constantly remind us that these tools are to be used for good, not evil, and to stress that even when he's teaching something that can be used for evil, it's important to learn it so that you can identify it when you see it
- As you can see from the table of contents, there's a very "pickup" approach to the book that I think works well because it's presented as practical advice as opposed to pure theory
- The fact that he does live classes and has his students go out and use these techniques makes the material a lot more authoritative and believable
- The author comes off as super likeable (uh oh?) throughout the book with the way he approaches teaching, hacking, and the button-pushing of humans
## Takeaways, Questions, and Ideas
- My biggest criticism of this book is that I think the author is somewhat confused about the line between influence and manipulation.
- Several times throughout the book the author talks about how this or that tricking of someone to allow them to get into their target was ok, with the justification being that, "they'll be better off than when we left them."
- This concept is used throughout the book as a moral guardrail, and while I think it has some merit, it leaves out the important question of timing. How long, exactly, are we to wait for the positive change to occur in one's life before we can turn an obvious negative into a positive?
- For example, he gives multiple examples of paying someone a compliment at the front desk, or helping them avoid some sort of negative interaction, in a way that makes them happy. He then uses that kindness as a vulnerability, having the person break their security protocol, which allows him to hack the company.
- One example was a woman he convinced that he ruined his resume because he swerved to avoid hitting a dog (because she had a dog picture on her desk). She ended up putting a USB key into her computer which got the company compromised. He presumably considers this to be influence and not manipulation, and therefore good, because it leaves people better off than before. But this is not a clear line. The computer in this case had a clear sign right next to it that said no external USB drives. He saw her look at that sign and put the key in anyway. If she wasn't fired she easily could have been. So who ended up better for this lesson? The company? Maybe. But the company wasn't the one that was influenced or tricked. It was her, and she might be out of a job with a bad reference on her record for breaking security protocol.
- My issue here isn't that all influence or manipulation is bad. And I think he does an ok job at emphasizing that there should be good-will in what's done, even when it's unpleasant.
- My issue is that the rule he's laid out for when something is good or bad isn't a good one. Many examples he gave of the good kind of influence were still likely to get the target punished if not fired for what they did as a result of his human hacking. Claiming that the person was better off for knowing him may be true, but it's too much of a stretch to give as broad guidance in a book about hacking humans.
- He doesn't know if that person will go off and have a better career after learning their lesson, or if they'll be unable to find work and will become a meth addict. All the contortions around "leave them better" is unknown at the time of the influence.
- More specifically, the line he draws between influence and manipulation does not seem correct. Both cases reduce to getting someone to do something that they wouldn't normally do. Period. I don't think the line between influence and manipulation is clear enough to say one is good and the other is bad, especially if this requires knowledge of the future resolution, a.k.a., "leave them better off".
- I think this is actually a difference of degree rather than kind. People tend to call minor nudges influence and strong pushes manipulation. For example he gave the example of needing people to fill out personal information sheets in a caffeteria, and staging a big, emotional scene to make it happen. That was both influence and manipulation, not one or the other. Nobody was compelled to fill out the sheet at the risk of physical harm or anything. They just felt more inclined to do so based on the intensity of the scene.
- The author has a better line that he also uses somewhat throughout the book, which is more common and solid, which says that it might suck to learn a lesson but it has the potential to be positive. For example, getting hacked via social engineering. Sure, the company could benefit. And sure, the employee who gave you the keys could become a happy mentee and future security star, but there's no guarantee of that based on labeling our techniques as influence instead of manipulation.
- We should be honest, as he does cover elsewhere in the book, that these are somewhat malicious techniques, but that they can be used by attackers so we have to harden ourselves against them.
- This is the shielding we should use for our morality, not a balm that says a fired employee is better off for having met you. They very well might not be.
- That being said, I think the book was excellent, and I do think the author stresses the moral use of these tools, as you can see from many of his human-focused stories, including those in which an engagement started as a hack and ended up in deep friendship.
- I definitely recommend the book for anyone who wants to sharpen or learn the basics of the social aspect of hacking, and it's good to have these techniques being taught by someone who obviously thinks a lot about the morality of what he does. I only wish that the articulation of that morality was a bit more robust.
<center><p style="font-size:140px;"><font color="green">8</font><font color="lightgrey">/10</font></p></center>
<center><a href="https://danielmiessler.com/projects/reading/">BROWSE MY OTHER BOOK SUMMARIES</a></center>
14 people found this helpful