Read NBlog, the NoticeBored blog
Click banner for site map
Review: The Art of Deception

Click here to buy meThe Art of Deception
Controlling the Human Element of Security

Author: Kevin Mitnick & William Simon

Published by Wiley, 2002

ISBN: 0-471-23712-4

~US$23 from Amazon
 

Story by story, Mitnick (once described as the FBI’s ‘most wanted hacker’) reveals some tricks-of-the-trade . Fair enough. But if you are expecting technical details about defeating system login controls or busting through firewalls, you will be disappointed. Mitnick’s favorite hacking tools are the telephone, plus the experience and nerve to deceive unsuspecting members of the organizations he is attacking into defeating the controls from the inside.

Reading this book, you will quickly come to realize that Mitnick’s toolbox is every bit as effective as the hacking and cracking technology ... and as you read further, it may dawn on you just how hard it is to counter the social engineering attack. After all, much as you might like to, you can’t simply plug in a new program to security-patch your employees, friends and family!

Mitnick’s suggested countermeasures in section 4 of the book are fairly straightforward (a wide-ranging security awareness program and a decent set of policies) but implementing them effectively and persuading employees to pay attention requires those very social engineering skills described in sections 1-3 [or something like, ahem, the NoticeBored security awareness service of course].

Readers are left with the distinct impression that Mitnick is teasing us by describing a few simple deceptions whilst keeping the best to himself. But think for a moment about the success of the ‘419’ advance fee scams. Otherwise sane, intelligent individuals are evidently being drawn into parting with their hard-earned cash on the basis of these crude deceptions. The implications are truly frightening.

The bottom line: take this book on holiday with you. Once you start, you will not want to put it down and you can reflect on it at the bar. Free drinks anyone?

 

PS  Mitnick’s The Art of Intrusion and Ghost in the Wires are also reviewed on this site.
HomeBook reviews > Art of Deception >

Copyright © 2013  IsecT Ltd.