Mitnick In The News
Kevin Mitnick “The Art of Deception” - Review
Today (as usual after a long pause) the entry is a kind of review or less discussion of the book "The Art of Deception" Kevin Mitnick. Reaching this book it was not planned that I write about it, but the theme of "The Art of ..." is ideally suited to the knowledge contained on my side, so I could not resist.
Who is Kevin Mitnick?
I'll start maybe with why I wanted to read this book. The main reason was an intriguing person', Kevin Mitnick, is probably the most well-known hacker in the world, and is now called. "White hat", which is a person who helps other companies and institutions to implement security procedures and defend against hacker attacks. He was born August 6, 1963 in Los Angeles, and as you might guess, his life looked very different than a typical representative of the American people. The beginnings of the road of a hacker are hinted in "The Art of Deception," and probably a whole shown in the book "The Spirit of the network" - above all it's an autobiography, published in Poland in 2012 (I plan to soon read it and review it). I will mention only that Kevin started very quickly to reveal special talents in manipulating people and devising clever fraud. In high school a friend, he showed him so. Phreaking, hacking or telephone networks, ideally he hits the preferences of young Mitnick.
The weakest link
The book "The Art of Deception" belies one of the biggest stereotypes about hacking - the hacker does it all through the code written on a computer. It turns out that a hacker doesn't have to be a a programmer, and almost even without knowing much about computers. The base is being a good social engineer - that is, having the skills to convince people to their case.
The author defines social engineering as follows:
Social engineering - to influence the people and the use of persuasion in order to deceive them as to believe that the techniques of social engineering is a person with suggested by himself, and created for manipulation, identity. Thanks to techniques of social engineering is able to use his interlocutors, with the additional (or not) to use technological means to obtain the desired information.
The effectiveness of social engineering data demonstrates perfectly what I heard during the lecture Peter Konieczny from niebezpiecznik.pl (if you are interested in topics in network security, it's definitely worth it to follow the said blog). Peter Company is engaged in testing security procedures in enterprises and institutions, which it will rent to. This is done by controlled hacking of predetermined order (ie. Penetration tests). During the speech came the following statistics regarding conducted by the attacks - when they tried to break through the code to the effectiveness to the order of 40% (unfortunately, I do not remember the exact data). However, if attacked by social engineering, the efficiency increased to 100%. There is no doubt what (or rather who) is the weakest link in the security systems. Similar conclusions can be drawn from reading Mitnick's books.
The structure of the book
"The Art of Deception" has a specific structure, which first told the story of a attack, and described its mechanisms. A person familiar with the rules of social influence of Robert Cialdini, very quickly picks up that much social engineering is based on them. Kevin Mitnick recalls the impact of the rules in Chapter 15. He describes there briefly each of them and gives examples of use in podstępach. Chapter 16 is particularly important for businesses because it provides ready-made policy recommendations on safety in the company, data classification schemes because of their need for protection and procedures for the implementation of the company in order to defend against attacks.
Summary:Why read this book:
- As I mentioned, most of the methods of social engineering are based on the rules of the influence of Robert Cialdini - for people who are familiar with them, it is a great opportunity to consolidate them
- Many stories of this book is really fascinating. Social engineering shows ways to achieve the objectives, though often morally reprehensible, arouse admiration when it comes to ingenuity and craftsmanship.
- It contains extremely valuable knowledge for companies operating know-how, exposed for spying technology, etc.
Disadvantages of the book:
Mitnick at the time of writing was the subject of a judicial ban disclosing details of his activities, which is why most of the history contained in it is a fiction;
Somewhat "American style" books - eg. a few stories to illustrate a simple thesis, which was lined in the style of "down to earth"; numerous replays of information (I suspect that this is intentional, to capture the reader to some things, but for some it can be a nuisance)
To whom this book is of particular interest:
Those developing and implementing safety procedures in companies:
- People that use social engineering tools in telephone conversations (mine of knowledge for beginners and headhunters infobrokerów);
- People who want to know the socio-cultural workshop for defensive purposes (for those "on the other hand," probably too);
- Anyone interested in the life and methods of the famous hacker;
In summary, "The Art of Deception" Kevin Mitnick is a book worth reading and, for certain professional groups simply priceless. "American style" transfer of knowledge can get a little irritating, but it is compensated by the extremely sophisticated intrigue socjotechników described in the book.