The Art of Intrusion
The real stories behind the exploits of
hackers, intruders and deceivers

Author: Kevin Mitnick & William Simon

Published by Wiley, 2005

ISBN: 0-7645-6959-7

Reduced to ~US$12 from Amazon
 

As with The Art of Deception, Mitnick tells a series of hackers’ stories, each one a basic case study illustrating a different person or group.

The techniques described include:

• Hardware hacking - reverse-engineering the pseudorandom number generators in slot machines and cloning mobile phones;
• Classical computer and network hacking - guessing or brute-force cracking of weak passwords, sniffing network traffic, SQL injection, oh-days, running secret warez servers, stealing intellectual property;
• Social engineering - dumpster diving, email spoofing and confidence tricks;
• Physical penetration - tailgating and impersonation;
• Phreaking - hacking telephone and voicemail systems;
• Keylogging using hardware loggers and malware.

While the technical descriptions are not particularly enlightening and the language fairly mundane, the book is littered with references to the underground hacker culture, that parallel universe where ordinary ethical considerations are set aside in the interest of hackers achieving their narrow goals. The book is worth reading in the sense of “know your enemy” and learning a little about the sociology of hackers, short of actually immersing oneself in the hacker culture and becoming one. The case studies would make interesting pieces for security awareness purposes - for class discussion or illustrative background reading in company newsletters and briefings.

Like so many sequels, the book doesn’t quite live up to the expectations set by its predecessor and in some ways is just filling time until Mitnick is released from the legal restrictions on profiting from his own stories.  Still, it’s definitely worth the price.