Product Details

• Amazon Sales Rank: #18462 in Books
• Published on: 2003-10-17
• Original language: English
• Number of items: 1
• Binding: Paperback
• 368 pages

Amazon.co.uk Review
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organisational security is going to lose the will to live. It's been said before but people and security are antithetical. Organisations exist to provide a good or service and want helpful friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru the least and last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organisations and were probably known to the Pheonicians. Technology simply makes it all easier. Phones are faster than letters after all and large organisations mean dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realise more effective security means reducing organisational efficiency: an impossible trade in competitive business. And anyway, who wants to work in an organisation where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world effective organisations have to acknowledge total security is a chimera--and carry more insurance. --Steve Patient

Computer Weekly, 23 January 2003
"..should be required reading for every IT director and chief information officer.."

The Guardian, 23 January 2003
"..catalogues a whole spectrum of scams where naive employees are duped into revealing information..."

Customer Reviews

Hacking made frighteningly easy
Story by story, Mitnick (once described as the FBI's "most wanted hacker") reveals some tricks-of-the-trade. Fair enough. But if you are expecting technical details about defeating system login controls or busting through firewalls, you will be disappointed. Mitnick's favorite hacking tools are the telephone, plus the experience and nerve to deceive unsuspecting members of the organizations he is attacking into defeating the controls from the inside.

Reading this book, you will quickly come to realize that Mitnick's toolbox is every bit as effective as the hacking and cracking technology ... and as you read further, it may dawn on you just how hard it is to counter the social engineering attack. After all, much as you might like to, you can't simply plug in a new program to security-patch your employees!

Mitnick's suggested countermeasures in section 4 of the book are fairly straightforward (a wide-ranging security awareness program and a decent set of policies) but implementing them effectively and persuading employees to pay attention requires those very social engineering skills described in sections 1-3.

I'm left with the distinct impression that Mitnick is teasing us by describing a few simple deceptions whilst keeping the best to himself. But think for a moment about the success of the "419" advance fee scams. Otherwise sane, intelligent individuals are evidently being drawn into parting with their hard-earned cash on the basis of these crude deceptions. The implications are truly frightening.

My bottom line: take this book on holiday with you. Once you start, you will not want to put it down and you can reflect on it at the bar. Free drinks anyone?

Entertaining Read
The Art of Deception provided more of an entertaining read, than a "How To" book. Whilst I would reccomend the book to anyone interested in network security, I wouldnt reccomend it to those who physically want to go and do it themselves. The book is influenced more on to defending yourself, than attacking others.

The book is full of entertaining little stories about how 'social engineers' are able to obtain sensitive information, just by 'asking for it', along with explainations of the techniques used, why it worked, and how you can prevent something similar happening to you.

Given the content, and the quality of the book, it is definitely worth the money. Just dont be dissapointed if you were looking to be able to go and do it yourself.

Easy to read, lacking in detail - One for the management,
Easy to read, lacking in detail - One for the management.

This statement is not meant to be critical of either the book or of IT\business managers. It is a potential strength of this book. It should have a wide appeal as it is not filled with too much technical detail, and as such could potentially be the catalyst for gaining\increasing management "buy-in" to raising security awareness in an interesting way.

Mitnik's book outlines the key concepts of the most common forms of social engineering attacks and makes the point (several times in fact) that the weakest security link is people and process and not technology. A common theme communicated by many IT security writers and professionals alike.

This is the strength of the book, not as a technical resource or a detailed review of historic attacks and countermeasures, but as an easy to read eye-opener. It is fun to read and leaves the reader with a slightly uncomfortable view of the world, but it does make you think the next time someone asks you one of those seemingly innocent questions.

The most valuable sections are the closing chapters, these contain some good guidelines and ideas for policies, training and awareness raising.

Definitely worth a read, I enjoyed it.