Goodreads helps you keep track of books you want to read.
Start by marking “The Art of Deception: Controlling the Human Element of Security” as Want to Read:
The Art of Deception: Controlling the Human Element of Security
Enlarge cover
Rate this book
Clear rating
Open Preview

The Art of Deception: Controlling the Human Element of Security

3.76  ·  Rating details ·  6,440 ratings  ·  379 reviews
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and
Paperback, 352 pages
Published October 17th 2003 by Wiley (first published January 1st 2001)
More Details... Edit Details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Art of Deception, please sign up.
Popular Answered Questions
Muhammad Ali Real stories, with change of name and place (Understandable). Worth a read if you are interested in knowing what social engineering is and how do they…moreReal stories, with change of name and place (Understandable). Worth a read if you are interested in knowing what social engineering is and how do they function.(less)

Community Reviews

Showing 1-30
Average rating 3.76  · 
Rating details
 ·  6,440 ratings  ·  379 reviews

More filters
Sort order
Start your review of The Art of Deception: Controlling the Human Element of Security
Rod Hilton
Sep 26, 2008 rated it did not like it
The Art of Deception is one of two books by famous hacker Kevin Mitnick, the other being "The Art of Intrusion". Intrusion focuses primarily on physical or technological hacks, while this book focuses almost exclusively on social engineering attacks.

A number of problems prevented this book from being very good. The main problem is simply that Mitnick did not have enough material to fill an entire book. This book would have been better if it were shorter and simply one section in a larger book ab
Jun 14, 2020 rated it really liked it
Pubbed almost two decades ago, the technology angle in this book is largely, although not completely, out of date.

Fortunately, that isn't the primary reason I picked up this book. It's right there in the title. We may as well call is Social Engineering. Others might call it a con. But either way, human psychology being what it is, the underlying vulnerability to network or corporate structures never really goes out of style.

PEBCAK. Problem Exists Between Chair and Computer.

This book does a very
Mar 06, 2008 rated it really liked it
Shelves: read-in-2008
Kevin Mitnick, probably the most famous (and controversial) computer hacker of the 1990's, has spent several years of his life on the run, as well as a few years in jail. For years after leaving prison he was forbidden to log on to a computer, a prohibition he appealed successfully. He now runs a computer security business, lectures to large corporations, and has co-authored two books on computer network security.

This book focuses on the human element of computer security. Reminding us that eve
Pramod Nair
Jan 27, 2015 rated it really liked it
I went to prison for my hacking. Now people hire me to do the same things I went to prison for, but in a legal and beneficial way.” – Kevin D. Mitnick, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker.

Reading ‘The Art of Deception’ is like hearing it straight from the horse's mouth. Kevin D. Mitnick, one of the legendary cyber desperado turned computer security consultant, takes the reader into the complex, supremely confident – often misunderstood as arrogance and curiosity
Dec 22, 2013 rated it liked it
I suspect that if you're reading for entertainment, then you probably want Mitnick's The Art of Intrusion or Ghost in the Wires instead. This book is split 2/3 and 1/3 between a series of fictionalized anecdotes--based on or representative of real incidents--and a corporate policy guide. The guide, like all such specifications, is deadly dry and would require several readings and much thought to fully internalize.

The anecdotes are more interesting than entertaining, and all proceed by the same b
Aug 26, 2011 rated it really liked it
Shelves: read-non-fiction
We think of computer hackers as sitting in an isolated room, endlessly probing corporate and private networks from their screen. Actually, almost all deep hacking starts with the manipulation of people to do something that allows the hacker to move to the next level. The Art of Deception tells how Mitnick used "social engineering" skills to get people to unknowingly provide critical assistance, from simply being polite and opening a secure door to setting up restricted user accounts. Having read ...more
Henrikas Kuryla
Jan 31, 2021 rated it it was amazing
The book reveals a specter of tricks so called "social engineers" use to obtain information they are not supposed to have access to. Although technical means play a significant role, the most emphasis is placed on human element. The deceit schemes are split into multiple steps in which people are tricked into submitting seemingly insignificant information. But when put together those insignificant elements result in a loss of valuable information.

I must admit that some trickery schemes seemed fa
Koen Crolla
Jan 31, 2015 rated it liked it
Almost all of this book consists of infinitesimal variations on the same point, communicated through accounts of apparently real events fictionalised by someone who clearly desperately wanted to write short stories instead of ghost-writing for minor celebrities but couldn't find a publisher for them. That every story reads like a bad (and I mean bad) noir film isn't just annoying; it makes them much less credible.
It's clear that Mitnick thinks very highly of himself and his accomplishments, occa
Jeff Yoak
This book is really creepy.

It serves as a how-to, and to a lesser extent a how-to-prevent, book on social engineering attacks. Most professionals in the industry understand that attacks are rarely purely technology-based. Much more often companies are compromised through a combination of human and computer vulnerabilities.

This book focuses on the human component of such attacks and is written from the perspective of someone who was extremely effective at executing such attacks. Though I was alre
Oct 26, 2016 rated it liked it
So ... Interesting read. Social engineering has been going on a long time and has impacted many corporations, governments, etc. I felt this book did a great job documenting examples of what has taken place as well as provided insights for what you and your organization can do to help prevent, the best that you can, social engineering attacks.

This book definitely irritated me as I had not thought about the detailed level of attacks folks have gone through. Thinking back, there have probably been
Apr 08, 2008 rated it really liked it
Human's are like bad Microsoft coding. ...more
The Moon
Feb 22, 2022 rated it it was ok
For a person who's the best hacker in the US and a book on social engineering, there's an obvious lack in knowledge of marketing. It's mainly for business leaders, business leaders that don't know what Trojan, http is. At the same time you're not able to make a difference between a dozen of similar stories with a same message if you don't know what a Trojan is, if you do have technological know-how the book is way too basic. And then you have a summary at the end. Could've been done better ...more
Sep 09, 2021 rated it it was amazing
The Art do Deception is a great book because it points to the single issue with security - humans. The human element is a massive problem because unlike AI, humans rely on hunches and benefit of the doubt as part of their judgement. Eye opening
Jun 22, 2007 rated it liked it
Shelves: already-read
In The Art of Deception, [Kevin Mitnick] discusses the thing he's best at: Social Engineering. Social engineering is the term used in computer security to describe the manipulation of humans in order to break through a security barrier, and is sometimes referred to as hacking the mind.

In the first chapter of his book, usually referred to as The Lost Chapter (As it wasn't published with the final version of the book), Kevin Mitnick tries to convince his readers that he is innocent – or at least
Sep 06, 2022 rated it liked it
America's greatest hacker, not America's greatest storyteller. If one were to treat the book as a piece of code, debugging it to remove the duplication and redundancies would make it a far more pleasant and informative read.
That aside, hacking is a timeless skill which only serves to make me moist. 3/5
Son Tung
Jan 22, 2016 rated it really liked it
Kevin D. Mitnick - a former hacker turned security expert - gives an excellent view on security threats posed by human factor in modern world.

The common sense that computer geeks are often fat, unpopular with heavy glasses and nerdy faces is not applicable in "Social Engineer" category. Social engineer is someone with talent and understanding for both social behavior and technical command. He/she can infiltrate in a company system by manipulating human psychology (unshakeable confidence, empat
G.M. Lupo
Mar 01, 2015 rated it really liked it
Kevin Mitnick is probably best known for being a phone phreak and fugitive computer hacker in the late-80s and early 90s, who was the focus of a considerable manhunt. Following his capture and time in prison, he's become an Internet security consultant and turned his talents to helping people avoid the sort of hacks he became famous for perpetrating. This book is a chronicle of numerous social engineering attacks, some hypothetical, some based on real-world examples (which may or may not have be ...more
Mar 29, 2013 rated it liked it
I found the most valuable sections in this book to be the policy recommendations and information security practices described in the last chapters (despite their age). The anecdotal and fictionalized scenarios were effective up to a point, but there are so many of them that it wore me down and I just started scanning them when I was about 3/4 of the way through. Mitnick's "messages" provided helpful suggestions and contextual gotchas interspersed with the social engineering/con situations, but t ...more
Jul 30, 2014 rated it did not like it  ·  review of another edition
Zzzzzzzzzz, Oh sorry..... This was a tough read. Very dry and if you've ever worked in a corporate environment, or IT at all, most of this is simply common sense.
Some of the 'examples' used are repeated in Kevin's other book, Ghost in the Wires, which I read before this one. GitW is a good read, this one, not so much.....
Jul 07, 2010 rated it it was ok
While the book demonstrates the basic concept of social engineering quite well, it would never have got so much attention if Mitnick's name wasn't on the cover. It's okay, but it's not extraordinary. ...more
Nov 01, 2018 rated it liked it
This one had been sitting on my shelf for a loooong time.

As a nerdy kid growing up I was fascinated by computers and the then-emerging Internet. Dial-up to AOL and local BBSes had me feeling pretty fly. I remember stumbling onto the "Anarchist Cookbook", and finding a few issues of the hacker magazine 2600 at a Barnes and Noble. The checkout lady gave me a concerned frown and told me to be careful. Haha, joke was on her! I had no idea what I was reading.

Except for the parts about Kevin Mitnick,
Jun 19, 2018 rated it really liked it
I started to read this book last night and turned sleepless due to some similarity that i have encountered in the morning. A mail came to my email box saying someone in Ukraine using my email address to sign in a so called Gaijin. Net. they suspect it could be a hacking so sending me a mail to verify. "Someone signed in to your account using the device through the Windows app" as title.
This email was sent to you for security reasons. We were not able to determine whether the previous login to
Aug 20, 2017 rated it liked it
Shelves: security
Interesting at first, but very repetitive. Mitnick, who claims his career as a hacker was passed solely on manipulating people to gain information and access, shares stories of others who did the same. These mostly include private investigators, with at least one pair of curious teenagers and a few bits of corporate espionage. The modus operandi in all the cases is very similar: the actor engages in background research to learn a few names and some of the lingo of the business, then makes phone ...more
Ilya Nepomnyashchiy
(Note: it's my understanding that there's some [well-deserved] controversy around Mitnick in the Infosec community, but my hope is to stay out of that and merely review the book)

Kevin Mitnick's book on social engineering, The Art of Deception, is a mix of lightly fictionalized anecdotes about successful social engineering schemes and a set of recommendations for any organization's security policy for thwarting them. Given Mitnick's background as a hacker, there is necessarily a slight technologi
Julien Sobczak
Oct 24, 2019 rated it really liked it
True stories demonstrating why we stay indisputably the security's weakest link.

It so common to hear that we, humans, are the bigger threat in security. But before reading this book, I was seriously underestimating how difficult, if not impossible, it is to mitigate social engineering attacks. This book helped me consider how we are “designed” to be an excellent target for attackers. We are eager to trust and cooperate.

As Kevin Mitnick says: “People are not stupid, they are ignorant.” This book
Hannele Kormano
Sep 20, 2020 rated it it was ok
Definitely repetitive - the stories are still useful, but I'd recommend picking one or two chapters out of each section instead of reading all of it. There are parts that feel less like cautionary tales and more like an instruction manual for carrying out social engineering attacks, although that might be difficult to avoid entirely.

There's definitely also a few misogynist moments that I can't help but keep thinking about -- for example, one of the only women social engineers is getting back at
TL Kett
Oct 04, 2019 rated it really liked it
This book is an oldie but a goodie. Keeping in mind that it was published in 2002, some of the specific advice is a little outdated, but most of the underlying concepts are still applicable simply because human nature doesn't change that quickly.

The anecdotes can get repetitive, but they're all trying to drive the same points home about the true value of information and not giving it away just because someone on the other end of the phone or email is asking for it. For those who already know and
Mar 03, 2019 rated it liked it
This had been on my to read shelf for quite some time so happy to finally give it a read. Unfortunately this book has aged considerably. There are dozens of case studies throughout which discuss social engineering situations that have occurred and why they were successful, and for a non technical person, they may be interesting or at least informative as to what's possible - although these aren't the types of people who would be reading this book. So I am a bit confused to the target audience. A ...more
May 02, 2019 rated it really liked it
I've finished it thinking, as any other Joe would do, that this book is nothing more than a log list of examples on how one can be fooled if he is not smart enough, followed by some other basic examples on how the same victim (being that a person or a corporation/firm) can be protected against the damages done by a possible attacker.
But it also took me a couple of minutes to figure out that, in this we-all-want-to-fit-in world, a chink in our personal intelligence armour is not so hard to spot a
Jun 22, 2017 rated it did not like it
As the title suggests, the focus of this book is social engineering-based security threats. While I think it's generally accepted that this is the least controllable and therefore weakest element of security, if you're wondering how this ballooned into 350 pages...well, I am, too. The summary of pretty much every story in every chapter is "be sure to conclusively verify the identity of anyone you're giving information to."

While I picked this up completely voluntarily, reading it was a chore. It
« previous 1 3 4 5 6 7 8 9 10 11 12 next »
topics  posts  views  last activity   
Goodreads Librari...: ISBN-13 9780471237129 2 24 Feb 04, 2012 06:39PM  

Readers also enjoyed

  • Social Engineering: The Art of Human Hacking
  • The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
  • Hackers: Heroes of the Computer Revolution
  • Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
  • Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
  • We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
  • Red Team Field Manual
  • Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
  • Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door
  • Ethical Hacking: A Hands-on Introduction to Breaking In
  • Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
  • Zero Day (Jeff Aiken, #1)
  • Blue Team Field Manual (BTFM)
  • Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
  • The Fugitive Game: Online with Kevin Mitnick
  • Permanent Record
  • Dark Territory: The Secret History of Cyber War
See similar books…

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »
See top shelves…
Kevin Mitnick, the world's most famous (former) computer hacker, has been the subject of countless news and magazine articles, the idol of thousands of would-be hackers, and a one-time "most wanted" criminal of cyberspace, on the run from the bewildered Feds. Now a security consultant, he has spoken to audiences at conventions around the world, been on dozens of major national TV and radio shows, ...more

Related Articles

The internet, on balance, has been something of a mixed-blessing for our species. But one thing everyone agrees on: It’s a great place to watch...
4 likes · 0 comments
“One noted software libertarian, Richard Stallman, even refused to protect his account with a password.” 4 likes
“Anyone who thinks that security products alone offer true security is settling for the illusion of security.” 3 likes
More quotes…