Book Review: Confessions of a CIA Spy: The Art of Human Hacking
Confessions of a CIA Spy: The Art of Human Hacking. By Peter Warmka. Independently published; 190 pages; $14.95
The notion of security is fundamentally a human issue based on protections from bad actors. We often forget that the human element is also typically the weakest link in any set of protection measures, and it is with this weakness in mind that Confessions of a CIA Spy: The Art of Human Hacking takes aim. Peter Warmka shares his skills and experience as a former intelligence officer to provide a full introduction to techniques of manipulation, influence, and persuasion.
This book sets the benchmark by defining who the potential threat actors are, what their targets are, and what information they are seeking. From there, Warmka provides an examination of the process of identifying sources of information, creating pretext, and choosing venues to access targeted individuals and then explains the various information gathering techniques such as interrogation, interviews, and elicitation. The specific tactics related to social engineering, including psychological manipulation, building trust, influence, and conversational strategies to steer conversations, are described in more detail.
The author is a former U.S. operative, so the book is clearly U.S.-centric, but the concepts and tactics provided are useful regardless of region or nation.
The book is organized into short and easy to digest chapters that lead the reader through the foundation of intelligence gathering. While the subjects are not discussed to the level of a dedicated psychology course, the author explains the underlying concepts and tactics. The explanations are clear and concise with stories used to further explain concepts. Checklists and additional resources are provided.
Ultimately this book is about creating an awareness of threats, identifying potential warning signs, and providing recommendations to combat risk. It is focused on the techniques and methods used for human hacking, rather than attempting to cover technical capabilities such as eavesdropping, malware, hacking, and photography. It would make a good addition to a security awareness program as a resource for all people, not just security practitioners, to recognize if they are being targeted or manipulated.
Even though this book lacks a certain professional publication polish, it delivers on content for an introductory foray into the world of clandestine human intelligence gathering. There is certainly enough material to give the reader a very good understanding of this aspect of spy tradecraft.
Reviewer: Coleman Wolf, CPP, CISSP, is a technical security professional with a specialty in cybersecurity of control systems. He is the senior security consultant and studio leader at Chicago-based engineering and consulting firm Environmental Systems Design, Inc. He is also chairman of the ASIS IT Security Community Steering Committee.