The Art of Deception

The Art of Deception: Controlling the Human Element of Security
© 2005 Kevin Mitnick
352 pages

The Art of Deception is interesting at first, but very repetitive. Mitnick, who claims his career as a hacker was passed solely on manipulating people to gain information and access, shares stories of others who did the same. These mostly include private investigators, with at least one pair of curious teenagers and a few bits of corporate espionage. The modus operandi in all the cases is very similar: the actor engages in background research to learn a few names and some of the lingo of the business, then makes phone calls to different people and departments within the company. Information is solicited under false pretense from various people, then combined to gain further access or the answers. Mitnick refers to this as social engineering, and it’s obvious from his collection that a high degree of charisma is required to gain the trust or goodwill of subjects; Mitnick also points out how the actors manipulate the people they’re interacting with, pushing buttons for sympathy and fear. There are very few cases included here of people working in person; the simplest case involved a man studying a business to find out when the office staff left, and when the janitors arrived. He then approached the place in a suit and briefcase, and pretended to be an office worker who needed to run in and get a few things from his office — allowing him free run of the place. Mitnick ends each section, and the book in total, with advice on how to secure and compartmentalize information so employees don’t accidentally give the farm away. This includes strict policies and training to control the flow of information, emphasizing the need to verify the identity and need of people requesting information.

About smellincoffee

Citizen, librarian, reader with a boundless wonder for the world and a curiosity about all the beings inside it.
This entry was posted in Reviews, Uncategorized and tagged , . Bookmark the permalink.

4 Responses to The Art of Deception

  1. R.T. says:

    You make me wonder: who buys such books? Your review persuades me: I ain't buying it!

  2. Stephen says:

    The first book was stranger…it mostly appealed to people with an interest in IT security, but Mitnick laboriously explained internet and computer basics. I think he could have combined the two volumes for more general — and less repetitive — appeal.

  3. CyberKitten says:

    I actually *have* this book! Although you're not exactly encouraging me to *read* it… [lol]

  4. Stephen says:

    If you read the first few chapters and then Mitnick's concluding advice, that's pretty much it, content-wise.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s