Info Feed Weblog
The Art of Deception: Controlling the Human Element of Security (by Kevin D. Mitnick & William L. Simon)
Kevin Mitnick was often referred to as the most famous or most notorious hacker on Earth. The interesting thing with his hacking however had always been that, a large part of it was based on so-called "social engineering", i.e. the manipulation of people.
In his book "The Art of Deception: Controlling the Human Element of Security", written by Mitnick a couple of years after getting out of prison, he explains how exactly security attacks are being carried out and how humans are being manipulated for that purpose.
After a short introduction, he dedicates more than a hundred pages to detailed accounts of different types of security attacks (sample chapter headlines are "The Direct Attack: Just Asking for It" or "Using Sympathy, Guilt, and Intimidation"). After having read this, I got kind of scared about how easy it is for the deliberate attacker to pry secrets out of even the most suspecting individual. A combination of deception, technology manipulation, and good faith on the other end will let you in almost anywhere if you know how to do it. That's at least what comes across in this part of the book, and it is very fascinating.
The second part of the book is then used to explain counter-attacks and preventive measures, which is of course important, but nevertheless not that interesting for me as a casual reader. I skipped most of it, but would recommend it to anyone professionally or personally interested in security.
Altogether, this is a good book to gain some awareness that humans are most likely the weak link in any security attack and to entertain oneself with stories about it. Thanks for the gift, Patrick!
- Book Title: The Art of Deception: Controlling the Human Element of Security
- Book Authors: Kevin D. Mitnick & William L. Simon
- Year of Publication: 2002
- Buy the book at Amazon.com.
- My rating:
More book reviews here.