Mary's Reviews > The Art of Deception: Controlling the Human Element of Security

The Art of Deception by Kevin D. Mitnick
Rate this book
Clear rating

by
F 50x66
's review
Jun 04, 10

Read from March 22 to June 04, 2010

Kevin Mitnick (whose teenage exploits were speculated at in the film War Games) describes himself not as a hacker, but a social engineer- one who is able to manipulate people and events through his knowledge of the inner workings of society. In this book, Mitnick describes many scenarios- some true, some hypothetical- including bank robbery, teenage break-ins, identity theft, and corporate espionage. In each scenario, we see how, with a couple of phone calls and a few simple questions, the attacker was able to obtain information that we normally consider private, including social security numbers, bank accounts, source codes, passwords, PIN numbers, and even access to "secure" facilities. His goal is not to encourage this "art" of social engineering, but to prevent it, especially in the corporate world. The focus of the book is corporate security, complete with an entire chapter detailing what steps and policies companies should take to be sure that their employees' information is safe.
For the common, stay-at-home domestic engineer ("housewife") like me, the book opened my eyes to the importance of protecting my information. In many of the scenarios, attackers used easily obtainable information to get things that I thought were safe. My home address... my phone number... my birthday... things that I used to post on social networking sites all over the web... I now realize that with just a few more or less "public" pieces of information, an attacker can obtain something much more valuable, such as my bank account number or credit card information.
Something I've heard over and over again (including from my own family, and myself early on) is, "But no one wants to attack ME." Or "That only happens to other people." But, sadly, to the other 6 billion people in the world, I am that very vulnerable Somebody Else. And who would want to attack me? They may not be after you specifically. They may just need access to an account at your bank, and you are the lucky number of the day. They may just want to see some files at your company, files in a completely different department, but they're going to use your bad password to get in. Or maybe they need some quick cash, saw you type your pin # into the machine at the BiLo and then picked up the receipt you dropped in the parking lot. However it happens, it's a lot more common than it was before.
Grandma and Grandpa may lament the Good Ole Days when this kind of thing Never Happened (and thus be reluctant to protect their information), but I know better than to trust my generation. After reading this book, hopefully you will too.
Likeflag

Sign into Goodreads to see if any of your friends have read The Art of Deception.
Sign In »

No comments have been added yet.