The Art of Deception: Controlling the Human Element of Security - Hardcover

The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk

A legendary hacker reveals how to guard against the gravest security risk of all-human nature

"...a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other" --Publishers Weekly

Kevin Mitnick's exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison in 2000, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most famous hacker gives new meaning to the old adage, "It takes a thief to catch a thief."

Inviting you into the complex mind of the hacker, Mitnick provides realistic scenarios of cons, swindles, and social engineering attacks on businesses-and the consequences. Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. He illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent or any other seemingly innocent character. Narrated from the points of view of both the attacker and the victim, The Art of Deception explores why each attack was so successful and how it could have been averted in an engaging and highly readable manner reminiscent of a true-crime novel.

Most importantly, Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a company's sophisticated technical security investment will not be for naught. He shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of all-human nature.