The Art of Deception: Controlling the Human Element of Security Paperback – Oct 17 2003
Frequently Bought Together
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your mobile phone number.
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.
After Mitnick's first dozen examples anyone responsible for organisational security is going to lose the will to live. It's been said before but people and security are antithetical. Organisations exist to provide a good or service and want helpful friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.
Considering Mitnick's reputation as a hacker guru the least and last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organisations and were probably known to the Pheonicians. Technology simply makes it all easier. Phones are faster than letters after all and large organisations mean dealing with lots of strangers.
Much of Mitnick's security advice sounds practical until you think about implementation, when you realise more effective security means reducing organisational efficiency: an impossible trade in competitive business. And anyway, who wants to work in an organisation where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world effective organisations have to acknowledge total security is a chimera--and carry more insurance. --Steve Patient --This text refers to the Hardcover edition.
From Publishers Weekly
Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying.
Copyright 2002 Cahners Business Information, Inc. --This text refers to the Hardcover edition.
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
This book was primarily written to be a valuable source of information for small businesses and multinational companies alike. Designed to improve you companies security techniques and proceedures, this book highlights the biggest vunerability to any company, over-helpful people.
This book gives detailed descriptions of many different kinds of scams (Social Engineering Attacks), and then analyses each of the scams, and recommends ways for employee's to be more vigilant.
This book is easy to read. By which I mean it isn't too technical. And when something technical does arise, Kevin writes little 'Mitnick Messages' which explains it all using simple, easy to understand language.
NOTE: For anyone out there who may be a budding Social Engineer/Hacker/Phone Phreak. BUY THIS BOOK, because it is practically a manual on the subject. Plus it was written by the one and only Kevin David Mitnick, probably the greatest hacker on the face of the earth.
This book is totally unique in the information security field, because it focuses on strategies, tactics, and results and not on tools and technologies, which often times serve only to provide a false sense of security. This point is made most succinctly in Mitnick's tale of compromising (at the challenge of the manufacturer at a trade show) of a supposedly un-hackable operating system. Mitnick and his companion succeed in gaining administrator priveleges on the machine not by using traditional hacking techniques, rather by combining guile, amateur lock-picking skills, and exploiting carelesness and cockiness on the part of the developers (think of the Germans rolling around the Maginot line into France). After reading the stories in the book and the chapters at the end on security assesments and policies, you will have the knowledge to recognize the potential threats and to defend yourself and your company.
In addition to all of this, The Art of Deceptions is a captivating and enjoyable read.
What we in the IT world call 'social engineering' is nothing more than a con that exploits human trust. Mitnick was highly effective at social engineering and this book provides a wealth of information regarding his views of 'social engineering' vulnerabilities and how he exploited them. He exposes the details of some of the most effective techniques used by those who use social engineering to accomplish their goals - whether those goals are as sinister as corporate espionage or fraud, or merely to prove that they can gain access to systems and information. While some of the recommended countermeasures in this book may seem Draconian there is middle ground to implement effective controls that do not hamper business processes or impose overly restrictive policies.
The bottom line, though, is to learn from this book and distill the key lessons into knowledge throughout your organization. Awareness is one of the most powerful security tools, and this book promotes that. Also, while this book is ostensibly about IT security, the lessons imparted are as applicable to any other aspect of a business as they are to IT - in many ways there are even more applicable because the exploits are based on effective con games that were in existence long before computers came on the scene.
His book, The Art of Deception, is a thrilling read for both the technology sector and the average person on the street. Mitnick shows that even with the most sophisticated hardware and software in place, networks are still vulnerable and can be easily compromised by attacking the weakest link---humans.
In today's world, most of our personal data lives on a computer or computers somewhere. Identity theft is quickly becoming the crime of the decade, and a criminal doesn't need that much information to become someone else. Corporate and government espionage are also at an all-time high. One of the easiest lessons we have been taught as humans, is that if you act like you belong, others will usually accept that you do. Mitnick shows that by using this information, you can find out almost anything you need to know to attain entry into a computer network.
I think that this book is a "must read" for all individuals working in the IT/security sector, and its examples and techniques should be implemented into security awareness training programs everywhere. Forewarned is forearmed.
Most recent customer reviews
i thank you for the oportunity to write a few words describing my overall view of the book in question. Read morePublished 15 months ago by Gaston
Love that book. It's a must read if you want to know everything about social engineers and to counter their tactics.Published 17 months ago by Alexis Gagnon-Jalbert
Book is very informative in regards to how to prevent company or personal resources from getting into the wrong hands. Read morePublished on June 23 2014 by CSG
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Business & Investing > Industries & Professions > MIS
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > History & Culture > Culture
- Books > Computers & Technology > History & Culture > Security
- Books > Computers & Technology > Internet & Social Media > Hacking
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Software
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Professional & Technical > Business Management > Management & Leadership > Information Management
- Books > Textbooks