What do you think?
Rate this book
A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back
It’s not just computers―hacking is everywhere.
Legendary cybersecurity expert and New York Times best-selling author Bruce Schneier reveals how using a hacker’s mindset can change how you think about your life and the world. A hack is any means of subverting a system’s rules in unintended ways. The tax code isn’t computer code, but a series of complex formulas. It has vulnerabilities; we call them “loopholes.” We call exploits “tax avoidance strategies.” And there is an entire industry of “black hat” hackers intent on finding exploitable loopholes in the tax code. We call them accountants and tax attorneys. In A Hacker’s Mind , Bruce Schneier takes hacking out of the world of computing and uses it to analyze the systems that underpin our society: from tax laws to financial markets to politics. He reveals an array of powerful actors whose hacks bend our economic, political, and legal systems to their advantage, at the expense of everyone else. Once you learn how to notice hacks, you’ll start seeing them everywhere―and you’ll never look at the world the same way again. Almost all systems have loopholes, and this is by design. Because if you can take advantage of them, the rules no longer apply to you. Unchecked, these hacks threaten to upend our financial markets, weaken our democracy, and even affect the way we think. And when artificial intelligence starts thinking like a hacker―at inhuman speed and scale―the results could be catastrophic. But for those who would don the “white hat,” we can understand the hacking mindset and rebuild our economic, political, and legal systems to counter those who would exploit our society. And we can harness artificial intelligence to improve existing systems, predict and defend against hacks, and realize a more equitable world.
Legendary cybersecurity expert and New York Times best-selling author Bruce Schneier reveals how using a hacker’s mindset can change how you think about your life and the world. A hack is any means of subverting a system’s rules in unintended ways. The tax code isn’t computer code, but a series of complex formulas. It has vulnerabilities; we call them “loopholes.” We call exploits “tax avoidance strategies.” And there is an entire industry of “black hat” hackers intent on finding exploitable loopholes in the tax code. We call them accountants and tax attorneys. In A Hacker’s Mind , Bruce Schneier takes hacking out of the world of computing and uses it to analyze the systems that underpin our society: from tax laws to financial markets to politics. He reveals an array of powerful actors whose hacks bend our economic, political, and legal systems to their advantage, at the expense of everyone else. Once you learn how to notice hacks, you’ll start seeing them everywhere―and you’ll never look at the world the same way again. Almost all systems have loopholes, and this is by design. Because if you can take advantage of them, the rules no longer apply to you. Unchecked, these hacks threaten to upend our financial markets, weaken our democracy, and even affect the way we think. And when artificial intelligence starts thinking like a hacker―at inhuman speed and scale―the results could be catastrophic. But for those who would don the “white hat,” we can understand the hacking mindset and rebuild our economic, political, and legal systems to counter those who would exploit our society. And we can harness artificial intelligence to improve existing systems, predict and defend against hacks, and realize a more equitable world.
304 pages, Hardcover
First published January 1, 2023
452 people are currently reading
4,769 people want to read
About the author
Bruce Schneier
56 books615 followersBruce Schneier is a renowned security technologist, called a “security guru” by the Economist. He has written more than one dozen books, including the New York Times bestseller Data and Goliath (2014) and Click Here to Kill Everybody (2018). He teaches at the Harvard Kennedy School and lives in Cambridge, Massachusetts.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 124 reviews
December 30, 2022
When you think of a hacker, you might think of greasy scammers, or Russian agents. Or the heroes of thrillers like The Matrix. But it turns out hackers are all around us. A hack is any action that subverts the rules and intentions of a system while still working within the system. Or, as the author puts it in the introduction, remember how kid's ant farms didn't come with the ants and you'd have to write to an address to get them? A normal person will see that and think "Cool, that's how I get my ants." A hacker thinks "Cool, that's how I can mail a bunch of ants to my enemies!"
So just who are these hackers? Mostly, the very rich and very powerful. Tax loopholes are hacks. Gerrymandering is a hack. Online scams are hacks. And if you can get in charge of those systems--either directly or indirectly, or curry some influence with the people who do control them--in order to make sure those hacks stay in place and/or continue to benefit you, now you're really hacking. We see how time and time again, the rich and powerful use hacks to get richer and more powerful. And pretty soon AI is going to hack those systems. Or just hack us.
What's a normal person to do? Unfortunately the "how to bend them back" of the title is a little thin. The solution, Bruce Schneier say, is robust and transparent regulation. However, we just read five chapters about how the rich and powerful hack regulations to their favor. It's a very good book, but the present state of elites hacking normal people is dim, and its only going to get worse.
So just who are these hackers? Mostly, the very rich and very powerful. Tax loopholes are hacks. Gerrymandering is a hack. Online scams are hacks. And if you can get in charge of those systems--either directly or indirectly, or curry some influence with the people who do control them--in order to make sure those hacks stay in place and/or continue to benefit you, now you're really hacking. We see how time and time again, the rich and powerful use hacks to get richer and more powerful. And pretty soon AI is going to hack those systems. Or just hack us.
What's a normal person to do? Unfortunately the "how to bend them back" of the title is a little thin. The solution, Bruce Schneier say, is robust and transparent regulation. However, we just read five chapters about how the rich and powerful hack regulations to their favor. It's a very good book, but the present state of elites hacking normal people is dim, and its only going to get worse.
February 6, 2023
This review is based on an advance reading copy.
The overall idea behind this book to show the reader that everything is a system and that all systems can be hacked. Basically, this expands what most people think of as "hacks" from the hoodie wearing computer guru mashing keys and saying "I'm in" to what we tend to think of as more of loopholes - in laws, the tax code, social and financial systems, and our brains. There is nothing new or mind blowing here, but I suppose this could be an interesting book for people who aren't used to seeing the world this way.
The book is very repetitive and dull. It gives only a very high level, superficial view of these hacks. Many potentially interesting examples are mentioned, but that is it....they are just mentioned. Schneier doesn't go into any of them in any depth. There isn't more than a short paragraph on any example.
There is also very little on "how to bend them back". It is more of a "the government needs to do this" than much of anything individuals can do.
This 250 page book has 60 chapters, which I guess is a cognitive hack to help me finish it. When the chapters are only about 4 pages long it is easy to force myself to read just one more.
The overall idea behind this book to show the reader that everything is a system and that all systems can be hacked. Basically, this expands what most people think of as "hacks" from the hoodie wearing computer guru mashing keys and saying "I'm in" to what we tend to think of as more of loopholes - in laws, the tax code, social and financial systems, and our brains. There is nothing new or mind blowing here, but I suppose this could be an interesting book for people who aren't used to seeing the world this way.
The book is very repetitive and dull. It gives only a very high level, superficial view of these hacks. Many potentially interesting examples are mentioned, but that is it....they are just mentioned. Schneier doesn't go into any of them in any depth. There isn't more than a short paragraph on any example.
There is also very little on "how to bend them back". It is more of a "the government needs to do this" than much of anything individuals can do.
This 250 page book has 60 chapters, which I guess is a cognitive hack to help me finish it. When the chapters are only about 4 pages long it is easy to force myself to read just one more.
February 19, 2023
Good book about hackers' mentality and hacking. Note, that hacking IT systems is just a small part of the book. The book discuss hacking financial systems, legal systems, political systems, etc. Possible consequences of artificial intelligence hacking the systems is also discussed. Technical expertise is not needed to read this book.
February 24, 2023
I expected a book about how computer programs have been and could be hacked but it soon expanded the definition of hacking into a cautionary tale about how regulations, laws, and social systems can be hacked for financial gain and power.
Thanks to W. W. Norton and NetGalley for this ARC to review.
Thanks to W. W. Norton and NetGalley for this ARC to review.
April 27, 2023
I usually love reading Bruce Schneier: no one else understands digital security so well and explains it in such easily understandable terms. Unfortunately this offering is a bit of a dud. Here he explains what a "hack" is in the computer context, and then tries to apply the notion to various other contexts, like hacks of the stock market or hacks of biology/evolution, hacks of the tax code by the wealthy, etc. The first roughly 80% of the book is just examples of clever hacks in various domains which are amusing, but don't really seem to go anywhere. In the last 20% of the book he describes how AI is going to facilitate hacks in all of these domains and how they'll be misused by the wealthy to their own advantage. He also aims to put forward a coherent analysis of the consequences and the strategies to resist it, but he fails to really successfully do either due to his inability to really identify economic inequality itself as really being at or near the root of these problems, and instead coming up a grab bag of band-aid half measures.
April 23, 2023
I think I may have loved this book partially because of my day job (cyber security). Even though the book itself is not so much about computer hacking as it is the hacker’s mindset and the social, technological, legal, and human constraints and environments that make people, systems, and laws hackable, it was thoroughly enjoyable because it challenged me to look at the works differently. This book is especially important with emerging technologies and the digital ethics that must be but are but often enough considered when innovation is at work. It also points out another reason why the rich get richer and the poor get poorer, why the equity gap between the privileged and disadvantaged keeps growing, and why social and economical injustice will persist. I feel like I just sat in his class essentially, for free (he teaches at Harvard).
January 30, 2023
Thank you to #GoodreadsGiveaway for providing me an advance copy of Bruce Schneier’s latest security book, A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend Them Back, in exchange for an honest review.
#AHackersMind is security expert Bruce Schneider’s latest nonfiction work. Instead of focusing solely on tech, the author applies hacking principles to offline frameworks, such as legal systems, real estate, sports, banking, and politics, along with various digital systems, including AI, robots, ATMs, airlines, and casinos. The book is divided into seven parts based on a system category that contain five or more short chapters, depending on the subject matter.
The work was clearly written for the general public, as opposed to industry and legal experts. On the one hand, the information provides a generic overview of complex topics in a succinct and digestible format. It is a great resource for those looking to learn more and wanting to know where to begin their research. On the other hand, those who are already experts or are looking for an in-depth view on the subjects may need to supplement this with a more substantial or individual work (e.g., a book solely focused on hacking AI or bank software).
The other positive (or negative, depending on your needs) is that the pages are clean and omit any pesky footnotes at the bottom of every page; though it is lacking from an expert perspective and relies on very little resources (he is an expert after all) provided as notes in the back of the work.
I’d recommend it for the average reader looking to get into this space or those wanting to learn interesting facts about how we arrived at where we are in time in regard to technology, politics, economics, legal, and social systems.
#AHackersMind is security expert Bruce Schneider’s latest nonfiction work. Instead of focusing solely on tech, the author applies hacking principles to offline frameworks, such as legal systems, real estate, sports, banking, and politics, along with various digital systems, including AI, robots, ATMs, airlines, and casinos. The book is divided into seven parts based on a system category that contain five or more short chapters, depending on the subject matter.
The work was clearly written for the general public, as opposed to industry and legal experts. On the one hand, the information provides a generic overview of complex topics in a succinct and digestible format. It is a great resource for those looking to learn more and wanting to know where to begin their research. On the other hand, those who are already experts or are looking for an in-depth view on the subjects may need to supplement this with a more substantial or individual work (e.g., a book solely focused on hacking AI or bank software).
The other positive (or negative, depending on your needs) is that the pages are clean and omit any pesky footnotes at the bottom of every page; though it is lacking from an expert perspective and relies on very little resources (he is an expert after all) provided as notes in the back of the work.
I’d recommend it for the average reader looking to get into this space or those wanting to learn interesting facts about how we arrived at where we are in time in regard to technology, politics, economics, legal, and social systems.
March 20, 2023
Very well written summary of hacks in different walks of life. The author explains all of them in the context of programming. Most of the topics are well known but the presentation of topics including the author's own hacking of the airline boarding pass system were interesting nuggets. With the dawn of GPT(n)' the last chapter on AI hacking is the most relevant for modern times. Hopefully we will have a HGS soon. Highly recommend this book.
July 19, 2024
Don’t think that the title is accurate. More of an overview of all the outward forms of hacks. But not less interesting. The real ‘juice’ is at the end where one learns the ways in which our minds are hacked on a daily basis: the Minority Report has already become reality.
If I’ve understood the message correctly, we can’t avoid what’s coming but we can be prepared; “The future belongs to those who prepare for it today”
If I’ve understood the message correctly, we can’t avoid what’s coming but we can be prepared; “The future belongs to those who prepare for it today”
April 14, 2023
Very repetitive with very few original ideas. Reads like an introductory textbook at best.
April 15, 2023
I loved this book because it explains who and what hacking is beyond the stereotypical IT hackers.
June 11, 2023
This was very insightful-it was a good vacation read for me.
October 21, 2024
A bit too thin for my taste, but generally not that bad. The AI section is surprisingly well-written and relevant.
May 9, 2023
An essential read to understand the philosophy--and long history--of hacking.
April 29, 2023
Such a broad definition of hack.
February 25, 2023
Great book. The author helps you to see the concept of hacking in a very different way.
June 15, 2023
OK technically I listen to this book but they did not have an audiobook edition. Since it was an audiobook let's get out of the way it's read very well by the narrator. Now I picked up this book because it was going to help me think like a hacker... Maybe some inside tips… Backdoor strategies… Instead the book essentially is about how the one percent and their government elected cronies have been basically hacking the system to keep the rest of us in the down unders… Not to be confused with the upside down #strangerThings. I think the book is worth three but it's gonna piss you off… Unless you are one of the 1% taking advantage of the rest of us. I don't know that it was anything that was shocking but it was like more a oh here's the actual proof that everything I thought about the 1% in the electeds in power is on the nose! If you're somehow brainwashed and think that really rich people deserve what they have you should probably read this book… You should also probably read this book if you think somehow you're going to be one of those really rich people… Because we don't read the book and learn how they're taking advantage of the system of the time to be those rich people you're definitely not going to be one of those rich people.
April 6, 2023
"A Hacker's Mind" starts out slowly but quickly gains some steam in subsequent chapters. First, author Bruce Schneier must explain to the reader that his idea of a hacker is greatly expanded from what most of us commonly believe to be hacking. In this expanded universe, Schneier equates the selling of indulgences in the early church to hacking as well as the actions of Donald Trump in breaking the norms of society.
However, once you get beyond this novel interpretation of hacking, the book is fascinating in recounting some of the more notorious hacking episodes of history. Nevertheless, the really scary part comes at the end of the book when Schneier talks about the perils posed by AI (artificial intelligence). After reading this segment, I now understand why some of the biggest characters in the tech industry have called for a moratorium on AI development and implementation. This is scary stuff!
We need some heavy duty regulation to make sure this potentially powerful tool or weapon is controlled correctly to benefit society rather than destroying it.
Unfortunately Schneier doesn't provide us with much of a reason to be optimistic. During most of the book he points out how everyone with the intent has been able to subvert previous tech and finance regulations. My conclusion when I closed the book was simple. The rich and powerful will learn to manipulate AI just has they have learned to manipulate earlier innovations. I don't see much potential for "bending back" rules and regulations as he maintains in the subtitle of the book.
However, once you get beyond this novel interpretation of hacking, the book is fascinating in recounting some of the more notorious hacking episodes of history. Nevertheless, the really scary part comes at the end of the book when Schneier talks about the perils posed by AI (artificial intelligence). After reading this segment, I now understand why some of the biggest characters in the tech industry have called for a moratorium on AI development and implementation. This is scary stuff!
We need some heavy duty regulation to make sure this potentially powerful tool or weapon is controlled correctly to benefit society rather than destroying it.
Unfortunately Schneier doesn't provide us with much of a reason to be optimistic. During most of the book he points out how everyone with the intent has been able to subvert previous tech and finance regulations. My conclusion when I closed the book was simple. The rich and powerful will learn to manipulate AI just has they have learned to manipulate earlier innovations. I don't see much potential for "bending back" rules and regulations as he maintains in the subtitle of the book.
February 14, 2023
it’s hard to explain the offensive security mindset but Schneier brings it off
People who see the world orthogonally, like Bruce Schneier, are somewhat cursed. Schneier explains how, with that mindset, it’s difficult to *not* see insecurities, breaks in the system, opportunities for stressing any system using its own rules against it, and the gaps where there are assumptions instead of tested security measures.
The analogies are clear and useful, the narrative is a quick read, and Schneier actually explains a method for learning how to think like a hacker. I’ll be recommending it to the people I know who want to understand how a particular mindset can both be a problem and a prerequisite for a well-paying job.
Disclaimer: I read and gave comments on a prior version, but this is the beautiful finished product. Good work.
People who see the world orthogonally, like Bruce Schneier, are somewhat cursed. Schneier explains how, with that mindset, it’s difficult to *not* see insecurities, breaks in the system, opportunities for stressing any system using its own rules against it, and the gaps where there are assumptions instead of tested security measures.
The analogies are clear and useful, the narrative is a quick read, and Schneier actually explains a method for learning how to think like a hacker. I’ll be recommending it to the people I know who want to understand how a particular mindset can both be a problem and a prerequisite for a well-paying job.
Disclaimer: I read and gave comments on a prior version, but this is the beautiful finished product. Good work.
March 30, 2023
Schneier is mostly known as a cryptographer and security advocate. Here he looks at a larger part of the world, but using the same mindset, that of a securty auditor.
He defined 'hacking' as 'subverting the spirit of the law, without actually breaking it', and shows numerous examples, from various fields. From tax law to politics and loyalty schemes.
He consistently blames 'the rich and powerful' for creating and maintaining complex systems with loopholes, and in the end the politics get in the way of the real story.
Still a very good read
He defined 'hacking' as 'subverting the spirit of the law, without actually breaking it', and shows numerous examples, from various fields. From tax law to politics and loyalty schemes.
He consistently blames 'the rich and powerful' for creating and maintaining complex systems with loopholes, and in the end the politics get in the way of the real story.
Still a very good read
April 2, 2023
Another solid book from Schneier on the security mindset, this time focusing on the offensive side or hacking, that is finding loopholes and subverting systems to use in ways other than their intended purpose. Schneier provides a broad view of hacking not only for information technologies but also in financial, legal and political systems. A little thin on the solutions or defensive side, but a very accessible read on designing reliable resilient systems.
December 14, 2023
This is a book for extreme simpletons. The title of the book is misleading. There is almost no "how", as that word is mentioned not once but twice in the title. It's all just a bunch of what, and it's repeated over and over again, and it wasn't particularly clever or novel in the first place. It's was of no use to me in a functional or leisure sense. I would not recommend this book unless you're really naive or ignorant.
1/10
1/10
March 29, 2023
A collection of interesting ideas, presenting in ways I hadn't thought about before. Presenting hacking as ways of exploiting "the system" (whether you're talking about professional sports, airline loyalty programs, tax loopholes, etc.) that then become mainstream, and using that common thread to tie multiple industries and fields together, is an intriguing theory.
March 26, 2023
Clear political bias, lots of cherry-picking, and barely disguisded propaganda.
Ah, and clickbait title.
Ah, and clickbait title.
July 26, 2023
It's hard to enjoy a book when the author chooses to engage in what clearly appears to be partisan politics. I stopped reading at page 198.
July 14, 2023
When asked to name the world's largest hacking firm, most people would think along the lines of Rapid 7 or Check Point. But in truth, it is Deloitte and PwC who are the largest hacking firms. It's not because they have so many penetration testers. Instead, it is due to how many accountants and lawyers they employ.
And that is the underlying theme Bruce Schneier makes in his excellent new book A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back (W.W. Norton Publishing). His premise is that hacking is, in fact, a universal trait. While those in the information security field think of hacking in terms of zero days and Windows vulnerabilities, finding gaps in things is a normal human response.
Schneier writes that all systems will have ambiguities, inconsistencies, and oversights, and they will always be exploitable. Systems of rules, in particular, have to tread the fine line between being complete and being comprehensive within the many limits of human language and understanding. Combine that with the natural human need to push against constraints and test limits, and with the inevitability of vulnerabilities, and you get everything being hacked all the time.
This is a delightful and readable book where he discusses how hacking is pervasive across all systems. From hacking financial and legal systems, to political systems, cognitive systems, and more. Not only that, creating an unbreakable system, based on Gödel's incompleteness theorems, is fundamentally unattainable.
Created in the 1930s, German logician Kurt Gödel proved that all of mathematics is fundamentally incomplete. As Schneier shows so articulately, what that means for computer security is that all systems will have ambiguities, inconsistencies, and oversights. And they will forever be vulnerable and hackable. And for those that remember the claim of Larry Ellison of Oracle, about 20 years ago, that their systems were unbreakable, that will certainly bring back a humorous blast from the past.
In the context of the book, Schneier defines a hack as a technique that adheres to the rules of the system, but subverts its intent. But this isn't always a bad thing, as some hacks are also beneficial innovations. This, though, leads to the obvious question – who gets to define intent? Who decides whether a hack is beneficial or not, or whether the subverted system is better or not? This is a highly complex matter, especially in systems with multiple designers, or that have evolved over time. Hacks are beneficial to some and detrimental to others.
As Schneier notes, everything can be hacked, and blogs and books about these hacks abound. One popular example is Brian Kelly, AKA The Points Guy. He created a website to hack airline frequent flyer programs. This can be done via various methods, optimizing airline credit card offers, and more. And this is just one example of hundreds.
Another hack the book goes into detail about is the US tax code. And it's the tax code that the Big 4 firm auditors review deeply to find loopholes to save their client's money. There is a lot of money for tax attorneys and tax accountants to do these hacks. And Congress and regulators are unable to do anything to stop it. And when they try to, the ensuing laws and regulations, with their inevitable vulnerabilities, will also be hacked.
So what can be done to fix the nefarious hacks? There are not many solutions. In fact, artificial intelligence and machine learning will only make these hacks worse. Machine learning, ChatGPT, and other methods are able to find software vulnerabilities. It's still in its infancy, but the trajectory is increasing.
Schneier writes that we must find a way to use hacking for social progress. But doing that in practice is exceedingly difficult. And the fact that the book has over 200 pages of narratives about the hacks, and not a whole lot about solutions shows how challenging the problem is.
This enjoyable book is relevant to most people; they don't have to be security or technology savvy. In the Harvard Business Review, Sabina Nawaz writes that it's time to retire the saying, "Don't bring me problems; bring me solutions." But in deference to Ms. Nawaz, Bruce Schneier has laid out a lot of the problem. And while the solutions are not necessarily definitively here, the book is a wake-up call that a lot needs to be done to do that.
And that is the underlying theme Bruce Schneier makes in his excellent new book A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back (W.W. Norton Publishing). His premise is that hacking is, in fact, a universal trait. While those in the information security field think of hacking in terms of zero days and Windows vulnerabilities, finding gaps in things is a normal human response.
Schneier writes that all systems will have ambiguities, inconsistencies, and oversights, and they will always be exploitable. Systems of rules, in particular, have to tread the fine line between being complete and being comprehensive within the many limits of human language and understanding. Combine that with the natural human need to push against constraints and test limits, and with the inevitability of vulnerabilities, and you get everything being hacked all the time.
This is a delightful and readable book where he discusses how hacking is pervasive across all systems. From hacking financial and legal systems, to political systems, cognitive systems, and more. Not only that, creating an unbreakable system, based on Gödel's incompleteness theorems, is fundamentally unattainable.
Created in the 1930s, German logician Kurt Gödel proved that all of mathematics is fundamentally incomplete. As Schneier shows so articulately, what that means for computer security is that all systems will have ambiguities, inconsistencies, and oversights. And they will forever be vulnerable and hackable. And for those that remember the claim of Larry Ellison of Oracle, about 20 years ago, that their systems were unbreakable, that will certainly bring back a humorous blast from the past.
In the context of the book, Schneier defines a hack as a technique that adheres to the rules of the system, but subverts its intent. But this isn't always a bad thing, as some hacks are also beneficial innovations. This, though, leads to the obvious question – who gets to define intent? Who decides whether a hack is beneficial or not, or whether the subverted system is better or not? This is a highly complex matter, especially in systems with multiple designers, or that have evolved over time. Hacks are beneficial to some and detrimental to others.
As Schneier notes, everything can be hacked, and blogs and books about these hacks abound. One popular example is Brian Kelly, AKA The Points Guy. He created a website to hack airline frequent flyer programs. This can be done via various methods, optimizing airline credit card offers, and more. And this is just one example of hundreds.
Another hack the book goes into detail about is the US tax code. And it's the tax code that the Big 4 firm auditors review deeply to find loopholes to save their client's money. There is a lot of money for tax attorneys and tax accountants to do these hacks. And Congress and regulators are unable to do anything to stop it. And when they try to, the ensuing laws and regulations, with their inevitable vulnerabilities, will also be hacked.
So what can be done to fix the nefarious hacks? There are not many solutions. In fact, artificial intelligence and machine learning will only make these hacks worse. Machine learning, ChatGPT, and other methods are able to find software vulnerabilities. It's still in its infancy, but the trajectory is increasing.
Schneier writes that we must find a way to use hacking for social progress. But doing that in practice is exceedingly difficult. And the fact that the book has over 200 pages of narratives about the hacks, and not a whole lot about solutions shows how challenging the problem is.
This enjoyable book is relevant to most people; they don't have to be security or technology savvy. In the Harvard Business Review, Sabina Nawaz writes that it's time to retire the saying, "Don't bring me problems; bring me solutions." But in deference to Ms. Nawaz, Bruce Schneier has laid out a lot of the problem. And while the solutions are not necessarily definitively here, the book is a wake-up call that a lot needs to be done to do that.
May 20, 2024
I was going to give this book a 2-star rating but after thinking about it, part of the issue I have with it is my assumptions about what it was going to be vs. what it actually is, so I added a star.
What I thought this book would be about: A security expert and "natural life hacker" talks about the hacking mindset and how to think more like a hacker with lots of everyday examples.
What the book is actually about: A security expert with an apparent chip on his shoulder tediously enumerates the many ways rich people get away with stuff at your expense.
My main frustration is that I would love to read the first one and would absolutely avoid the second one, but I do have other issues with this book. It is fairly well written but does seem to repeat things a lot. Almost like it started out as a collection of stand-alone pieces that were shoehorned into a book. Like a published blog, you might say. I say this because he will often define some term in an early chapter and then redefine it the same (or very similar) way in subsequent chapters. Just in case I forgot, I suppose. There's lots of tease-text about the hacker mindset and how hackers see the world differently, but there is never any real delivery on that theme. Instead, there is chapter after chapter that start out talking about a type of "hack" (tax code, financial systems, social systems, etc.) that all eventually end with repeating that rich and powerful people are better positioned for identifying, using, and preserving these hacks than the regular guy.
It started out promising. The author gives an example of his first hack when, as a kid, he realized that because of the way live ants were delivered to go with the old "ant farm" toys sold by the millions back in the day, he could easily send live ants to anyone he wanted just to mess with them for free. This is the kind of thing I was interested in, not because I want to send ants to anyone, but because I too see holes in systems that if I had a different moral structure, I could easily use to subvert having to pay for things or having to follow the rules. Although I don't act on these observations, I am fascinated with their existence and the apparent inability for others to see them.
After the reading second chapter that ended with what I began to recognize as the theme of "Rich and Powerful People Cheat and Get Away With It", I started to wonder exactly who the intended audience for this book is. It's obviously not rich powerful people and corporations because, if this book is to be believed, they all already know about and use the hacks discussed to increase their ill-gotten gains, plus this book is back-handedly complimentary of their exploits at best. At the same time, it doesn't seem to be for the regular (i.e. NOT rich and powerful) person because if this book is to be believed, those people are pretty much powerless to use the hacks due to limited resources and will always end up holding the bag for the rich folks. There is similar semi-insulting language sprinkled through that points out that Rich and Powerful People get away with these hacks even though they aren't very good at hacking while at the same time implying that regular people just can't pull them off. In other words, "even these dumb rich people are better at hacking that you are". And it obviously isn't for the person wanting to learn how to recognize everyday hacks and practice them for fun and profit because it offers no actual insight into that process, only examples of hacks others have found and how they all benefit rich and powerful.
After hearing the same drumbeat for chapter after chapter, I finally decided that the audience must be regular people who hate Rich and Powerful People and enjoy being rage-baited by someone pointing out all of the ways that those Rich and Powerful People are getting it over on the rest of us with no consequences. That's really the only people I can think of that this book would appeal to.
To be fair, this is what the title stated that it was about, but even if I had gone into it expecting that book, I still would have been disappointed in the repetitive and biased nature that it was written and the lack of real insight into the process of identifying and leveraging system hacks.
What I thought this book would be about: A security expert and "natural life hacker" talks about the hacking mindset and how to think more like a hacker with lots of everyday examples.
What the book is actually about: A security expert with an apparent chip on his shoulder tediously enumerates the many ways rich people get away with stuff at your expense.
My main frustration is that I would love to read the first one and would absolutely avoid the second one, but I do have other issues with this book. It is fairly well written but does seem to repeat things a lot. Almost like it started out as a collection of stand-alone pieces that were shoehorned into a book. Like a published blog, you might say. I say this because he will often define some term in an early chapter and then redefine it the same (or very similar) way in subsequent chapters. Just in case I forgot, I suppose. There's lots of tease-text about the hacker mindset and how hackers see the world differently, but there is never any real delivery on that theme. Instead, there is chapter after chapter that start out talking about a type of "hack" (tax code, financial systems, social systems, etc.) that all eventually end with repeating that rich and powerful people are better positioned for identifying, using, and preserving these hacks than the regular guy.
It started out promising. The author gives an example of his first hack when, as a kid, he realized that because of the way live ants were delivered to go with the old "ant farm" toys sold by the millions back in the day, he could easily send live ants to anyone he wanted just to mess with them for free. This is the kind of thing I was interested in, not because I want to send ants to anyone, but because I too see holes in systems that if I had a different moral structure, I could easily use to subvert having to pay for things or having to follow the rules. Although I don't act on these observations, I am fascinated with their existence and the apparent inability for others to see them.
After the reading second chapter that ended with what I began to recognize as the theme of "Rich and Powerful People Cheat and Get Away With It", I started to wonder exactly who the intended audience for this book is. It's obviously not rich powerful people and corporations because, if this book is to be believed, they all already know about and use the hacks discussed to increase their ill-gotten gains, plus this book is back-handedly complimentary of their exploits at best. At the same time, it doesn't seem to be for the regular (i.e. NOT rich and powerful) person because if this book is to be believed, those people are pretty much powerless to use the hacks due to limited resources and will always end up holding the bag for the rich folks. There is similar semi-insulting language sprinkled through that points out that Rich and Powerful People get away with these hacks even though they aren't very good at hacking while at the same time implying that regular people just can't pull them off. In other words, "even these dumb rich people are better at hacking that you are". And it obviously isn't for the person wanting to learn how to recognize everyday hacks and practice them for fun and profit because it offers no actual insight into that process, only examples of hacks others have found and how they all benefit rich and powerful.
After hearing the same drumbeat for chapter after chapter, I finally decided that the audience must be regular people who hate Rich and Powerful People and enjoy being rage-baited by someone pointing out all of the ways that those Rich and Powerful People are getting it over on the rest of us with no consequences. That's really the only people I can think of that this book would appeal to.
To be fair, this is what the title stated that it was about, but even if I had gone into it expecting that book, I still would have been disappointed in the repetitive and biased nature that it was written and the lack of real insight into the process of identifying and leveraging system hacks.
March 11, 2025
When we think of a hacker, we think of a person wearing a black hoodie with a skull logo on the front. That is because we associate hacking with criminals and technology. However, that is not always the case, according to Bruce Schneier. In his latest book, “A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend Them Back,” the author, a seasoned security professional, defies this common notion. Schneier explains that hacking does not have to be associated only with technology and criminals. He explains that whenever we bend rules or find loopholes in the system, we are hacking the system.
In “A Hacker’s Mind,” Schneier explains how our legal, financial/taxation, political, and other systems are hacked. The most commonly hacked system is probably the taxation system. To a certain extent, we all hack the taxation system – after all, everyone likes to get some deductions on their tax return!
Although “A Hacker’s Mind” is focused on wealthy and influential people, the reality is that we all have hacked the system at one point or another. Think about a time when you talked to someone in a line to get into or cut the line. In this example, people forming a line or standing in line are following a system, and using the “chat and cut” technique to bypass most of the line (and the wait time) is the hack! The author illustrates his point with an example of the Airline Frequent Flyer hack. In 1999, David Phillips bought about 12,000 Healthy Choice pudding cups to take advantage of the airline’s frequent flyer affiliate program. David purchased about 12,000 of the cheapest Healthy Choice pudding cups for 25 cents each. That gave him over 1 million air miles and lifetime elite status for only about $3,000. The author has many such real life examples throughout the book. Schneier’s art of explaining makes the book a fascinating read and successfully keeps the reader interested and curious.
Is this illegal? No, it was not unlawful, and Phillips did not commit any crime or violate any frequent flyer program rules. But if you ask, “Was this ethical?” the answer is perhaps different. How do we know if something is being hacked? According to Schneier, the common reactions are “Is that allowed?” or “I didn’t know you could do that!” If you think something is “gray,” you are probably in the hacking territory.
Most non-technical hacks are unethical but legal. This is perhaps the big difference between the technical hacking we know and the hacking described in “A Hacker’s Mind.” Traditional technical hacking is almost always used to gain unauthorized information or monetary benefit, which is illegal. On the other hand, hacks used in society are not illegal. Schneier talks about how people use loopholes in the system or bend the rules to their advantage.
I can relate to the concept described in this book. Growing up in India, I witnessed people subvert the rules of society every day. Most people have to “hack” the system at almost every step of their lives—they don’t have to be rich or powerful. It is practically a necessity of society. Unfortunately, many do not even realize when they have crossed the line from unethical to illegal. This is probably true for most developing countries because of higher demands and limited resources.
Schneier has been recognized by the Cybersecurity Canon as a Lifetime Achievement Author. He is an industry veteran with more than 30 years of experience in cybersecurity. He has written many books and blogs and received an honorary doctorate from the University of Westminster, London, England. Bruce’s knowledge of the subject and writing experience make “A Hacker’s Mind” a must read for technical and non-technical readers.
In “A Hacker’s Mind,” Schneier explains how our legal, financial/taxation, political, and other systems are hacked. The most commonly hacked system is probably the taxation system. To a certain extent, we all hack the taxation system – after all, everyone likes to get some deductions on their tax return!
Although “A Hacker’s Mind” is focused on wealthy and influential people, the reality is that we all have hacked the system at one point or another. Think about a time when you talked to someone in a line to get into or cut the line. In this example, people forming a line or standing in line are following a system, and using the “chat and cut” technique to bypass most of the line (and the wait time) is the hack! The author illustrates his point with an example of the Airline Frequent Flyer hack. In 1999, David Phillips bought about 12,000 Healthy Choice pudding cups to take advantage of the airline’s frequent flyer affiliate program. David purchased about 12,000 of the cheapest Healthy Choice pudding cups for 25 cents each. That gave him over 1 million air miles and lifetime elite status for only about $3,000. The author has many such real life examples throughout the book. Schneier’s art of explaining makes the book a fascinating read and successfully keeps the reader interested and curious.
Is this illegal? No, it was not unlawful, and Phillips did not commit any crime or violate any frequent flyer program rules. But if you ask, “Was this ethical?” the answer is perhaps different. How do we know if something is being hacked? According to Schneier, the common reactions are “Is that allowed?” or “I didn’t know you could do that!” If you think something is “gray,” you are probably in the hacking territory.
Most non-technical hacks are unethical but legal. This is perhaps the big difference between the technical hacking we know and the hacking described in “A Hacker’s Mind.” Traditional technical hacking is almost always used to gain unauthorized information or monetary benefit, which is illegal. On the other hand, hacks used in society are not illegal. Schneier talks about how people use loopholes in the system or bend the rules to their advantage.
I can relate to the concept described in this book. Growing up in India, I witnessed people subvert the rules of society every day. Most people have to “hack” the system at almost every step of their lives—they don’t have to be rich or powerful. It is practically a necessity of society. Unfortunately, many do not even realize when they have crossed the line from unethical to illegal. This is probably true for most developing countries because of higher demands and limited resources.
Schneier has been recognized by the Cybersecurity Canon as a Lifetime Achievement Author. He is an industry veteran with more than 30 years of experience in cybersecurity. He has written many books and blogs and received an honorary doctorate from the University of Westminster, London, England. Bruce’s knowledge of the subject and writing experience make “A Hacker’s Mind” a must read for technical and non-technical readers.
April 10, 2025
I've had every phone, tablet, wifi, computer compromised by my abuser. My abuser installed recording devices in my home, cameras and gps trackers while on bail. Most of the time the ip address of my phone would lead to a home in Vaughan Ontario, far away from the city where I lived. I would just throw phones out the window driving at one point.
I feel these freaks have a history of abuse sometimes. I mean, domestic batterers often hack, use keyloggers, spyware - 98% of cases exhibit digital stalking. My abuser did it to me from 2005 onwards, every single website, keystroke, text, everything no matter where I stayed even with family. He has likely not stopped with me and I'd bet almost anything he monitors his current partner in the same manner. It's ultimate control. Gets them high.
And some love the thrill of control, watching people or having power at their work or over their partners so much that they learn about "cybersecurity" and present themselves as helpful individuals. Nothing could be more untrue. These men are extremely* dangerous. As the need for more dopamine through control gets worse, so do their activities.
Meanwhile nobody does a thorough background check and finds out, oh wow our "cybersecurity" guy in the next cubicle is actually an ex-con who served time in jail for crimes including severe gender-based violence and breaches of bail like cyber-stalking and rape.
Common Warning Signs:
1. Unusual Patterns
- frequently accesses files or systems
- logging in at odd times
- accessing sensitive data
2. Excessive Movement
- sudden increase in data being exported
- unauthorized downloads
- transfers to external drives or personal email accounts
3. Behavioral Changes
- making expensive purchases
- become secretive about their work
- show reluctance to share tasks
4. Resistance to Protocols
- resists implementing new security measures
- reluctance to comply with established protocols
- pushback against audits or monitoring tools
5. Unusual Relationships
- overly close with those who provide security tools for kickbacks or collusion
6. Tampering
- attempts to disable or modify monitoring
- bypassing security
- altering logs that track user activity
7. Frequent Requests
- attempts to gain higher levels of privileges
Preventive Measures
▪︎Robust Background Checks
▪︎Regular Audits
▪︎Continuous Monitoring
▪︎Ensure that no single person has control
▪︎Awareness programs on insider threats
▪︎Whistleblower Policies
I feel these freaks have a history of abuse sometimes. I mean, domestic batterers often hack, use keyloggers, spyware - 98% of cases exhibit digital stalking. My abuser did it to me from 2005 onwards, every single website, keystroke, text, everything no matter where I stayed even with family. He has likely not stopped with me and I'd bet almost anything he monitors his current partner in the same manner. It's ultimate control. Gets them high.
And some love the thrill of control, watching people or having power at their work or over their partners so much that they learn about "cybersecurity" and present themselves as helpful individuals. Nothing could be more untrue. These men are extremely* dangerous. As the need for more dopamine through control gets worse, so do their activities.
Meanwhile nobody does a thorough background check and finds out, oh wow our "cybersecurity" guy in the next cubicle is actually an ex-con who served time in jail for crimes including severe gender-based violence and breaches of bail like cyber-stalking and rape.
Common Warning Signs:
1. Unusual Patterns
- frequently accesses files or systems
- logging in at odd times
- accessing sensitive data
2. Excessive Movement
- sudden increase in data being exported
- unauthorized downloads
- transfers to external drives or personal email accounts
3. Behavioral Changes
- making expensive purchases
- become secretive about their work
- show reluctance to share tasks
4. Resistance to Protocols
- resists implementing new security measures
- reluctance to comply with established protocols
- pushback against audits or monitoring tools
5. Unusual Relationships
- overly close with those who provide security tools for kickbacks or collusion
6. Tampering
- attempts to disable or modify monitoring
- bypassing security
- altering logs that track user activity
7. Frequent Requests
- attempts to gain higher levels of privileges
Preventive Measures
▪︎Robust Background Checks
▪︎Regular Audits
▪︎Continuous Monitoring
▪︎Ensure that no single person has control
▪︎Awareness programs on insider threats
▪︎Whistleblower Policies
Displaying 1 - 30 of 124 reviews