Kevin Mitnick’s ‘The Art of Deception.’
When the world’s most famous hacker and phone phreak writes a book on security, you read it. What I found when I read Kevin Mitnick’s “The Art of Deception” was unexpected, to say the least. I expected to find a solid book on the technical issues surrounding computer networks–firewalls, encryption, virus protection, and the like. Instead, the book reads like a set of case studies on phone security, that little talked-about, often exploited point of corporate contact.
Mitnick diverges from network security because it has been covered thoroughly in other books. What he writes about instead is social engineering–the less publicized art of gaining the trust of an employee to get vital inside information. Oftentimes, hackers use social-engineering skills to get pieces of vital data such as passwords, account numbers, and Social Security numbers. They use this data in a variety of ways to commit fraud or to access areas of a network that are too hard to crack with computer tools.
Companies have developed a false sense of security by simply locking down their networks without locking down information given to employees who attend to the phones. Our natural tendency to trust people makes us extremely vulnerable to outsiders, especially those posing as employees. Through a slew of case studies combined with analysis, Mitnick is able to show how companies should lock down their phones: Train employees to give out information over the phone only to those who can prove that they are who they claim to be.
Though the book deserves a place on the shelves of all corporate and government security personnel, it is a bit thick and redundant to serve its full purpose. I found myself wanting to skim it and wishing for a short handbook instead of this heavy tome.