Build your security assuming that the enemy knows as much about
your security and what you are doing as you do.
The lesson of history, InfoSec, industry, literature, warfare and politics tells us this is so.
What enables the enlightened rulers and good generals to conquer
the enemy at every move and achieve extraordinary success is
Foreknowledge cannot be elicited from ghosts and spirits; it
cannot be inferred from comparison of previous events, or from
the calculations of the heavens, but must be obtained from
people who have knowledge of the enemy’s situation.
Therefore there are five kinds of spies used:
Local spies, internal spies, double spies, dead spies, and
He goes on to say
Only the wisest ruler can use spies; only the most benevolent
and upright general can use spies, and only the most alert and
observant person can get the truth using spies.
Which is of course pandering. And then:
It is subtle, subtle!
Which is pandering still, but none the less true.
There is nowhere that spies cannot be used.
Which is also true. Hence http://privateeyespyshop.com/
Generally, if you want to attack an army, besiege a walled city,
assassinate individuals, you must know the identities of the
defending generals, assistants, associates, gate guards, and
officers. You must have spies seek and learn them.
However these days, many companies and countries publish all this information on the web. The identity theft in “Day of The Jackal” (which has been copied by many other authors since) can now be performed from the comfort of you local hot-spot equipped café or in some locals commuter train.