Amazon.co.uk
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.
After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.
Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.
Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk
From Publishers Weekly
Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying. Copyright 2002 Cahners Business Information, Inc.
From Library Journal
The world's most famous computer hacker and cybercult hero, once the subject of a massive FBI manhunt for computer fraud, has written a blueprint for system security based on his own experiences. Mitnick, who was released from federal prison in 1998 after serving a 22-month term, explains that unauthorized intrusion into computer networks is not limited to exploiting security holes in hardware and software. He focuses instead on a common hacker technique known as social engineering in which a cybercriminal deceives an individual into providing key information rather than trying to use technology to reveal it. Mitnick illustrates the tactics comprising this "art of deception" through actual case studies, showing that even state-of-the-art security software can't protect businesses from the dangers of human error. With Mitnick's recommended security policies, readers gain the information their organizations need to detect and ward off the threat of social engineering. Required reading for IT professionals, this book is highly recommended for public, academic, and corporate libraries. Joe Accardi, William Rainey Harper Coll. Lib., Palatine, ILCopyright 2002 Cahners Business Information, Inc.
From Book News, Inc.
Portrayed by the media as one of the most notorious hackers of all time, Kevin Mitnick has reinvented himself as a computer security consultant. Along with his co-author, he describes successful hackers as a form of "social engineer" who can exploit human factors to overcome technological safeguards businesses put in place to protect their computer and information systems. He accomplishes his task primarily through recounting stories of these modern day "grifters" in action and explaining how they exploit human weakness to achieve their goals.Copyright © 2004 Book News, Inc., Portland, OR
Review
Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie WarGames. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's description of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific -- better stuff is available on the Internet—but it teaches the timeless spirit of th e hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxication sense of power that comes from stalking and spying. (Oct.)
Forecast: Mitnick's notoriety and his well written, entertaining stories should generate positive word-of-mouth. With the double appeal of a true-crime memoir and a manual for computer security, this book will enjoy good sales. (Publishers Weekly, June 24, 2002)
"...an interesting read..." (www.infosecnews.com, 17 July 2002)
"...highly entertaining...will appeal to a broad audience..." (Publishing News, 26 July 2002)
The world's most famous computer hacker and cybercult hero, once the subject of a massive FBI manhunt for computer fraud, has written a blueprint for system security based on his own experiences. Mitnick, who was released from federal prison in 1998 after serving a 22-month term, explains that unauthorized intrusion into computer networks is not limited to exploiting security holes in hardware and software. He focuses instead on a common hacker technique known as social engineering in which a cybercriminal deceives an individual into providing key information rather than trying to use technology to reveal it. Mitnick illustrates the tactics comprising this "art of deception" through actual case studies, showing that even state-of-the-art security software can't protect businesses from the dangers of human error. With Mitnick's recommended security policies, readers gain the information their organizations need to detect and ward off the threat of social engineering. Required reading for IT professionals, this book is highly recommended for public, academic, and corporate libraries. [This should not be confused with Ridley Pearson's new thriller, The Art of Deception. —Ed]—Joe Accardi, William Rainey Harper Coll. Lib., Palatine, IL (Library Journal, August 2002)
He was the FBI's most-wanted hacker. But in his own eyes, Mitnick was simply a small-time con artist with an incredible memory, a knack for social engineering, and an enemy at The New York Times. That foe, John Markoff, made big bucks selling two books about Mitnick - without ever interviewing him. This is Mitnick's account, complete with advice for how to protect yourself from similar attacks. I believe his story. (WIRED Magazine, October 2002)
Kevin Mitnick spent five years in jail at the federal authorities' behest, but The Art of Deception: Controlling the Human Element of Security (Kevin Mitnick and William Simon), reveals that he was no lowly grifter. Rather, by impersonating others in order to talk guileless employees out of access protocols, Mr. Mitnick was practicing "the performance art called social engineering."
While every society has had its demimonde-like the Elizabethan coney catchers who duped visitors to 16th-century London--it's in the United States that con artists assumedlegendary status. The definitive book is still The Big Con from 1940 (Anchor Books), which commemorates a golden age already receding when it was published: the grifters it describes--like the High Ass Kid and Slobbering Bob--thrived between 1914 and 1929, when technological advances and unparalleled prosperity generated a roller-coaster stock market.
That sounds a lot like the past decade. So how did the culture of the con do during the Internet era? On Mr. Mitnick's evidence, it flourished and evolved. The Art of Deception is itself a bit of a fraud as far as advice on upgrading security. But the book does deliver on "social engineering" exercises. Some aren't even illegal and Mr. Mitnick -- weasel that he is -- lovingly records their most elaborate convolutions. One way or another, you'll find the information useful. (Red Herring, October 2002)
"Mitnick outlines dozens of social engineering scenarios in his book, dissecting the ways attackers can easily exploit what he describes as 'that natural human desire to help others and be a good team player.'" (Wired.com, October 3, 2002)
Finally someone is on to the real cause of data security breaches--stupid humans. Notorious hacker Kevin Mitnick--released from federal prison in January 2000 and still on probation--reveals clever tricks of the "social engineering" trade and shows how to fend them off in The Art of Deception: Controlling the Human Element of Security (Wiley, $27.50).
Most of the book, coauthored by William Simon (not the one running for governor of California), is a series of fictional episodes depicting the many breathtakingly clever ways that hackers can dupe trusting souls into breaching corporate and personal security--information as simple as an unlisted phone number or as complicated as plans for a top-secret product under development. The rest lays out a fairly draconian plan of action for companies that want to strengthen their defenses. Takeaway: You can put all the technology you want around critical information, but all it takes to break through is one dolt who gives up his password to a "colleague" who claims to be working from the Peoria office.
What's useful about this book is its explanation of risks in seemingly innocuous systems few people think about. The caller ID notification that proves you're talking to a top executive of your firm? Easily forged. The password your assistant logs in with? Easily guessed. The memos you toss into the cheap office shredder? Easily reconstructed. The extension that you call in the IT department? Easily forwarded.
Physical security can be compromised, too. It's not hard to gain access to a building by "piggybacking" your way in the door amid the happy throng returning from lunch. You'd better have confidence in your IT professionals, because they're likely to have access to everything on the corporate system, including your salary and personal information. Mitnick offers some ideas for plugging these holes, like color-coded ID cards with really big photos.
Implementing the book's security action plan in full seems impossible, but it's a good idea to warn employees from the boss down to the receptionist and janitors not to give out even innocuous information to people claiming to be helpful IT folks without confirming their identity--and to use things like encryption technology as fallbacks. Plenty of would-be Mitnicks--and worse--still ply their trade in spaces cyber and psychological. --S.M. (Forbes Magazine - October 14, 2002)
"...the book describes how people can get sensitive information without even stepping near a computer through 'social engineering' -- the use of manipulation or persuasion to deceive people by convincing them that you are someone else." (CNN.com's Technology section, October 9, 2002)
"...engaging style...fascinating true stories..." (The CBL Source, October/December 2002)
"…the book describes how people can get information without even stepping near a computer…" (CNN, 16 October 2002)
"…each vignette reads like a mini-cybermystery thriller…I willingly recommend The Art of Deception. It could save you from embarrassment or an even worse fate…" (zdnet.co.uk, 15 October 2002)
"…details the ways that employees can inadvertently leak information that can be exploited by hackers to compromise computer systems…the book is scary in ways that computer security texts usually do not manage to be…" (BBC online, 14 October 2002)
"…more educational than tell-all…" (Forbes, 2 October 2002)
"…would put a shiver into anyone responsible for looking after valuable computer data…the exploits are fictional but realistic…the book is about hacking peoples heads…" (The Independent, 21 October 2002)
"…the key strength of The Art of Deception is the stream of anecdotes - with explanations about how and why hacks succeed…provides a solid basis for staff training on security…" (Information Age, October 2002)
"…should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature…" (Unix Review, 18 October 2002
"…disturbingly convincing…" (Fraud Watch, Vol.10, No.5, 2002
"…the worlds most authoritative handbook…an unputdownable succession of case studies…chilling…trust me, Kevin Mitnick is right…" (Business a.m, 29 October 2002)
"…a damn good read…I would expect to see it as required reading on courses that cover business security…Should you read this book? On several levels the answer has to be yes. If you run your own business, work in one, or just want a good read, this is worth it…" (Acorn User, 29 October 2002)
"...the analysis of individual cases is carried out thoroughly...ultimately, the value of the book is that it may encourage security managers to be more assiduous in teaching their staff to check the identities of the people they deal with, and better corporate security will be the result..." (ITWeek, 1 November 2002)
"...a penetrating insight into the forgotten side of computer security..." (IT Week, 4 November 2002)
"...a highly entertaining read...Mitnick has a laid-back style which makes the book easy to read and of great interest, even to those of us who have no interest in computers..." (Business Age, September 2002)
"...one of the hacker gurus of our time...makes it abundantly clear that everyone can be fooled and cheated by the professionals...." (The Times Higher Education Supplement, 15 November 2002)
"...focuses on teaching companies how to defeat someone like him…full of specific examples of the ways apparently innocent bits of information can be stitched together to mount a comprehensive attack on an organisation's most prized information..." (New Scientist, 23 November 2002)
"...all simple things, little titbits of seemingly innocuous information, which when gathered together give the hacker the power to cripple the biggest corporation or the smallest home business..." (New Media Age, 14 November 2002)
"…highly acclaimed…a fascinating account…" (Information Security Management, November 2002)
"...His new book, The Art of Deception, presents itself as a manual to help companies defeat hackers..." Also listed in recommended reading list (The Guardian, 13 December 2002)
“…gets it’s point across and contains some valuable pointers…”(MacFormat, January 2003)
“…supremely educational…a sexy way to hammer home a relevant point…what makes it sing is the clear information that Mitnick brings to the table…”(Business Week, 8 January 2003)
“…Indispensable…”(Focus, February 2003)
"...incredibly intriguing...a superb book which would be beneficial for anyone to read..." (Telecomworldwire, 4 February 2003)
"...a good overview of one of the most neglected aspects of computer security..." (Technology and Society, 7 February 2003)
"...fascinating to read...should strike fear into the hearts of commercial computer security departments..." (Business Week, 3 September 2003)
"...a penetrating insight into the forgotten side of computer security..." (Accountancy Age, 19 February 2003)
Top 10 Popular Science Books (New Scientist, 21 February f2003)
"...should be assigned as required reading in every IT department...excellent advice..." (Electronic Commerce Guide, 12 February 2003)
“…an interesting and educational read for anyone with a role to play in corporate security…”(Computer Business Review, 6 March 2003)
“…if you were not having security nightmares before, read this book and you certainly will…” (IT Showcase News, 6 March 2003)
“….easy to understand and actually fun to read…”(Slashdot, 6 March 2003)
“…a good read, well written…” (Managing Information, March 2003)
“…structured like a mini detective story series…the unfolding attacks are compulsive reading…” (Aberdeen Evening Express, 7 June 21003)
“…a real eye-opener…well written and produced…an easy and valuable read…” (Accounting Web, 19 June 2003)
“…a superb book which would be beneficial for anyone to read…” (M2 Best Books, 4 February 2003)
“…the insights for earlier chapters are fascinationg, and that alone makes it worth blagging a copy for review…”(Mute, Summer/Autumn 2003)
“…a good read, well-written…this accessibility makes it doubly important…” (Managing Information – 5 star rating, October 2003)
Review
"...an interesting read..." (www.infosecnews.com, 17 July 2002)
"...highly entertaining...will appeal to a broad audience..." (Publishing News, 26 July 2002)
"required reading for IT professionals, [and] is highly recommended for public, academic, and corporate libraries." (Library Journal, August 2002)
"This is Mitnick's account, complete with advice for how to protect yourself from similar attacks. I believe his story." (Wired, October 2002)
"does deliver on 'social engineering' exercises." And "[o]ne way or another, you'll find the information useful." (Red Herring, October 2002)
"Mitnick outlines dozens of social engineering scenarios in his book, dissecting the ways attackers can easily exploit what he describes as 'that natural human desire to help others and be a good team player.'" (Wired.com, October 3, 2002)
"Most of the book, coauthored by William Simon ..., is a series of fictional episodes depictin g the many breathtakingly clever ways that hackers can d upe t rusting souls into breaching corporate and personal security - information as simple as an unlisted phone number or as complicated as plans for a top-secret pr oduct under development." (Forbes, October 14, 2002)
"...the book describes how people can get sensitive information without even stepping near a computer through 'social engineering' -- the use of manipulation or persuasion to deceive people by convincing them that you are someone else." (CNN.com's Technology section, October 9, 2002)
"...engaging style...fascinating true stories..." (The CBL Source, October/December 2002)
"…the book describes how people can get information without even stepping near a computer…" (CNN, 16 October 2002)
"…each vignette reads like a mini-cybermystery thriller…I willingly recommend The Art of Deception. It could save you from embarrassment or an even worse fate…" (zdnet.co.uk, 15 October 2002)
"…details the ways that employees can inadvertently leak information that can be exploited by hackers to compromise computer systems…the book is scary in ways that computer security texts usually do not manage to be…" (BBC online, 14 October 2002)
"…more educational than tell-all…" (Forbes, 2 October 2002)
"…would put a shiver into anyone responsible for looking after valuable computer data…the exploits are fictional but realistic…the book is about hacking peoples heads…" (The Independent, 21 October 2002)
"…the key strength of The Art of Deception is the stream of anecdotes - with explanations about how and why hacks succeed…provides a solid basis for staff training on security…" (Information Age, October 2002)
"…should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature…" (Unix Review, 18 October 2002)
"…disturbingly convincing…" (Fraud Watch, Vol.10, No.5, 2002
"…the worlds most authoritative handbook…an unputdownable succession of case studies…chilling…trust me, Kevin Mitnick is right…" (Business a.m, 29 October 2002)
"…a damn good read…I would expect to see it as required reading on courses that cover business security…Should you read this book? On several levels the answer has to be yes. If you run your own business, work in one, or just want a good read, this is worth it…"(Acorn User, 29 October 2002)
"…the analysis of individual cases is carried out thoroughly…ultimately, the value of the book is that it may encourage security managers to be more assiduous in teaching their staff to check the identities of the people they deal with, and better corporate security will be the result…"(ITWeek, 1 November 2002)
"…a penetrating insight into the forgotten side of computer security…" (IT Week, 4 November 2002)
"...a highly entertaining read...Mitnick has a laid-back style which makes the book easy to read and of great interest, even to those of us who have no interest in computers..."(Business Age, September 2002)
"...one of the hacker gurus of our time...makes it abundantly clear that everyone can be fooled and cheated by the professionals...." (The Times Higher Education Supplement, 15 November 2002)
"...focuses on teaching companies how to defeat someone like him…full of specific examples of the ways apparently innocent bits of information can be stitched together to mount a comprehensive attack on an organisation's most prized information..." (New Scientist, 23 November 2002)
"...all simple things, little titbits of seemingly innocuous information, which when gathered together give the hacker the power to cripple the biggest corporation or the smallest home business..." (New Media Age, 14 November 2002)
"…highly acclaimed…a fascinating account…" (Information Security Management, November 2002)
"...His new book, The Art of Deception, presents itself as a manual to help companies defeat hackers..." Also listed in recommended reading list (The Guardian, 13 December 2002)
"...gets it’s point across and contains some valuable pointers..." (MacFormat, January 2003)
"...supremely educational…a sexy way to hammer home a relevant point...what makes it sing is the clear information that Mitnick brings to the table..." (Business Week, 8 January 2003)
"...Indispensable..." (Focus, February 2003)
"...incredibly intriguing...a superb book which would be beneficial for anyone to read..." (Telecomworldwire, 4 February 2003)
"...a good overview of one of the most neglected aspects of computer security..." (Technology and Society, 7 February 2003)
"...fascinating to read...should strike fear into the hearts of commercial computer security departments..." (Business Week, 3 September 2003)
"...a penetrating insight into the forgotten side of computer security..." (Accountancy Age, 19 February 2003)
Top 10 Popular Science Books (New Scientist, 21 February f2003)
"...should be assigned as required reading in every IT department...excellent advice..." (Electronic Commerce Guide, 12 February 2003)
“…an interesting and educational read for anyone with a role to play in corporate security…”(Computer Business Review, 6 March 2003)
“…a good read, well written…” (Managing Information, March 2003)
“…structured like a mini detective story series…the unfolding attacks are compulsive reading…”(Aberdeen Evening Express, 7 June 21003)
“…a real eye-opener…well written and produced…an easy and valuable read…” (Accounting Web, 19 June 2003)
“…a superb book which would be beneficial for anyone to read…” (M2 Best Books, 4 February 2003)
“…the insights for earlier chapters are fascinationg, and that alone makes it worth blagging a copy for review…”(Mute, Summer/Autumn 2003)
“…a good read, well-written…this accessibility makes it doubly important…” (Managing Information – 5 star rating, October 2003)
Wired, October 2002
"This is Mitnick's account, complete with advice for how to protect yourself from similar attacks. I believe his story."
Focus, February 2003
"...Indispensable..."
infosecnews.com, 17 July 2002
"...an interesting read..."
Red Herring, October 2002
"does deliver on 'social engineering' exercises." And "[o]ne way or another, you'll find the information useful."
The CBL Source, October/December 2002
"...engaging style...fascinating true stories..."
CNN, 16 October 2002
"&the book describes how people can get information without even stepping near a computer&"
Forbes, 2 October 2002
"&more educational than tell-all&"
Business a.m, 29 October 2002
"&the worlds most authoritative handbook&an unputdownable succession of case studies&chilling&trust me, Kevin Mitnick is right&"
Book Description
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Book Info
A legendary hacker reveals how to guard against the gravest security risk of all-human nature. Author shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of all-human nature.
From the Inside Flap
Kevin Mitnicks exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison in 2000, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the worlds most famous hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Inviting you into the complex mind of the hacker, Mitnick provides realistic scenarios of cons, swindles, and social engineering attacks on businessesand the consequences. Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. He illustrates just how susceptible even the most locked-down information systems are to a determined con artist impersonating an IRS agent or any other seemingly innocent character. Narrated from the points of view of both the attacker and the victim, The Art of Deception explores why each attack was so successfuland how it could have been avertedin an engaging and highly readable manner reminiscent of a true-crime novel. Most importantly, Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a companys sophisticated technical security investment will not be for naught. He shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of allhuman nature.
From the Back Cover
A legendary hacker reveals how to guard against the gravest security risk of all-human nature "...a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other" —Publishers Weekly Kevin Mitnick's exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison in 2000, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most famous hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Inviting you into the complex mind of the hacker, Mitnick provides realistic scenarios of cons, swindles, and social engineering attacks on businesses-and the consequences. Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. He illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent or any other seemingly innocent character. Narrated from the points of view of both the attacker and the victim, The Art of Deception explores why each attack was so successful and how it could have been averted in an engaging and highly readable manner reminiscent of a true-crime novel. Most importantly, Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a company's sophisticated technical security investment will not be for naught. He shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of all-human nature.
About the Author
KEVIN MITNICK is a security consultant to corporations worldwide and a cofounder of Defensive Thinking, a Los Angeles-based consulting firm (defensivethinking.com). He has testified before the Senate Committee on Governmental Affairs on the need for legislation to ensure the security of the government's information systems. His articles have appeared in major news magazines and trade journals, and he has appeared on Court TV, Good Morning America, 60 Minutes, CNN's Burden of Proof and Headline News. He has also been a keynote speaker at numerous industry events and has hosted a weekly radio show on KFI AM 640 Los Angeles. WILLIAM SIMON is a bestselling author of more than a dozen books and an award-winning film and television writer.
The Art of Deception: Controlling the Human Element of Security FROM OUR EDITORS
The Barnes & Noble Review
The name ᄑKevin Mitnickᄑ is a Rorschach test for the digital age. To the government (and to companies like Sun Microsystems, whose Solaris source code he once appropriated), Mitnick was pure menace, marauding through computer systems that didnᄑt belong to him, causing millions of dollars of losses, and blazing a trail for even worse cybercriminals. To much of the hacker community, Mitnickᄑs a hero, unjustly persecuted by an ignorant Department of Justice: a prophet in the wilderness, warning folks who are too lazy or dumb to protect their digital assets. Perhaps youᄑve seen those Free Kevin bumper stickers. After five years in prison, Mitnickᄑs on parole and evidently following the straight and narrow, though heᄑs still not allowed a web connection -- or even a ham radio license.
Even if you could care less about Mitnick personally, though, his book The Art of Deception is indispensable if you care about the vulnerability of your business computer systems -- or your own personal information. Mitnick presents the best discussion of ᄑsocial engineeringᄑ weᄑve ever seen: the art of understanding how to trick people into voluntarily handing over the information needed to break into computer systems.
Itᄑs a shame you have to worry about folks ᄑtoy[ing] with your trust, your desire to be helpful, your sympathy, and your human gullibility to get what they want,ᄑ but you do -- and after youᄑve read Mitnickᄑs extensive collection of case studies, youᄑll be ready the next time someone tries social engineering on you.
Youᄑll learn how crackers have convinced even suspicious employees to reveal their usernames and passwords; six ways ᄑphone phreaksᄑ can get unlisted phone numbers from the telephone company; and how investigators can quickly discover a terrifying amount of information about you and your company. Youᄑll also learn how, through a chain of ᄑinnocuousᄑ conversations, a cracker can get into even the most well protected systems.
Mitnick closes with a detailed guide to preventing social engineering attacks on your organization, including practical recommendations for employee security training, and a complete, easy-to-adapt security policy you can start implementing now. This may not be where you expected to get your security advice from, but hey, who could possibly know your vulnerabilities better than Kevin Mitnick? Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.
FROM THE PUBLISHER
Kevin Mitnick's exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison in 2000, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most famous hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Inviting you into the complex mind of the hacker, Mitnick provides realistic scenarios of cons, swindles, and social engineering attacks on businesses -- and the consequences. Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. He illustrates just how susceptible even the most locked-down information systems are to a determined con artist impersonating an IRS agent or any other seemingly innocent character. Narrated from the points of view of both the attacker and the victim, The Art of Deception explores why each attack was so successful -- and how it could have been averted -- in an engaging and highly readable manner reminiscent of a true-crime novel.
Most importantly, Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a company's sophisticated technical security investment will not be for naught. He shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of all -- human nature.
SYNOPSIS
Portrayed by the media as one of the most notorious hackers of all time, Kevin Mitnick has reinvented himself as a computer security consultant. Along with his co-author, he describes successful hackers as a form of "social engineer" who can exploit human factors to overcome technological safeguards businesses put in place to protect their computer and information systems. He accomplishes his task primarily through recounting stories of these modern day "grifters" in action and explaining how they exploit human weakness to achieve their goals. Annotation ©2004 Book News, Inc., Portland, OR
FROM THE CRITICS
Wired Magazine
He was the FBI's most-wanted hacker. But in his own eyes, Mitnick was simply a small-time con artist with an incredible memory, a knack for social engineering, and an enemy at The New York Times. That foe, John Markoff, made big bucks selling two books about Mitnick -- without ever interviewing him. This is Mitnick's account, complete with advice for how to protect yourself from similar attacks. I believe his story.
Publishers Weekly
Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying. (Oct.) Forecast: Mitnick's notoriety and his well-written, entertaining stories should generate positive word-of-mouth. With the double appeal of a true-crime memoir and a manual for computer security, this book will enjoy good sales. Copyright 2002 Cahners Business Information.
Library Journal
The world's most famous computer hacker and cybercult hero, once the subject of a massive FBI manhunt for computer fraud, has written a blueprint for system security based on his own experiences. Mitnick, who was released from federal prison in 1998 after serving a 22-month term, explains that unauthorized intrusion into computer networks is not limited to exploiting security holes in hardware and software. He focuses instead on a common hacker technique known as social engineering in which a cybercriminal deceives an individual into providing key information rather than trying to use technology to reveal it. Mitnick illustrates the tactics comprising this "art of deception" through actual case studies, showing that even state-of-the-art security software can't protect businesses from the dangers of human error. With Mitnick's recommended security policies, readers gain the information their organizations need to detect and ward off the threat of social engineering. Required reading for IT professionals, this book is highly recommended for public, academic, and corporate libraries. [This should not be confused with Ridley Pearson's new thriller, The Art of Deception. Ed.] Joe Accardi, William Rainey Harper Coll. Lib., Palatine, IL