Book Review – The Art of Deception

The Art of Deception
By Kevin Mitnick and William M. Simon

$227.50 US
$39.95 CAN
£19.95 UK
ISBN: 0-471-23712-4
http://www.wiley.com

What is a computer networks greatest vulnerability? Turns out the weakest spot of any network (computer or otherwise) are the human elements. Solution: kill everyone with access to your computer system. Just kidding. The solution, predictably, is training and awareness. Those are the conclusions of The Art of Deception and I suppose more training and heightened awareness of system security is solid advice but only a few folks are going to read The Art of Deception for the insights into system security. The majority of readers are going to pick up The Art of Deception to read the delicious subterfuges and insights into human credulity (a very few may pick it up to hone their own scamming techniques).

If you want to learn a bit about hacking and/or conning people (called social engineering by Kevin Mitnick) or just read stories about the aforementioned topic Kevin Mitnick is the guy with the best stories. For the uninformed reader Kevin Mitnick is probably the most notorious hacker in US history. He’s served jail time, company’s claim he cost them millions of dollars and the government tracked him for years before capturing the super cyber fugitive. Of course some argue that Kevin Mitnick really didn’t do too much wrong and even if he did it was more out of curiosity than malice. I haven’t researched the topic enough to form a definitive opinion but I have seen and read enough to know that Kevin Mitnick is hacker supreme. Once you read The Art of Deception you won’t doubt Kevin Mitnick’s abilities and you’ll see why he was able to get away with so much for so long. All this adds up to making Kevin Mitnick probably the single most authoritative person to write this kind of book.

First off let me say the scams that Kevin Mitnick references actually work, I know cause I tried one. I picked a company I knew a little about called the receptionist and asked for her user name and password. She told me her password and user name, no questions asked. I was startled by how easy the process was but I attempted no further hacking (not because I was scared or suddenly moral but because the company makes extremely boring stuff). Calling up and asking someone for a password is the simplest ruse of all and probably the most often used con. The trick, naturally, is to make the person on the other end of the phone think that you’re entitled to the information somehow, and that’s where the real “social engineering” starts. While the crux of any scam may be the same the road getting to that point can be very interesting. In The Art of Deception there are some scams so complicated they would make David Mamet salivate and these are the scams that are particularly enthralling to read even though the occasionally stretch the limits of plausibility. Regardless of the believability of the retold ruses they all have a common theme: they are very enjoyable short tales of human fallibility.

The cons and seductions are enough to carry The Art of Deception; less entertaining are the solutions to prevent said miracles of flimflam. Of course the prevention of the scheme is always less exciting than the actual scam so it’s no surprise when you find yourself skimming the “what Bob could’ve done” sections. There are a few scams that may be directly useful to the average Joe (which one of these says PAYPAL: paypal or paypa1?) but most of the beguilements solutions will be of interest to IT directors and tech support folks. In fact I can reveal the solutions to the scams: know whom you’re talking to and don’t give out your password. That advice, while predictable, doesn’t carry as much weight as it does when coupled with the scams and schemes presented in The Art of Deception. If you’re one of the folks who think that you could never get suckered Kevin Mitnick will make you a believer.

Who is this book really for? Well if you’re an IT director the book will be very useful. If you’re a company that deals with very sensitive information you may want to make The Art of Deception required reading for anyone with a password. If you’re in Sales and don’t mind walking on slightly on the seamy side (if you’re the type that snatches business cards out of restaurant fishbowls and passes the cards of as “calls”) then some of the information gathering techniques may also be of interest. The casual reader will not find the information as useful as the previously mentioned professionals but will find The Art of Deception very diverting.

Bottom Line: Anyone who reads The Art of Deception will find it entertaining, and some people will find the book very useful.

MacMice Rating: 3 out of 5


Chris Seibold

Leave a Reply