Nonfiction

The Art of Deception: Controlling the Human Element of Security

The Art of Deception: Controlling the Human Element of Security

  • Downloads:6956
  • Type:Epub+TxT+PDF+Mobi
  • Create Date:2021-03-10 08:11:56
  • Update Date:2025-09-06
  • Status:finish
  • Author:Kevin D. Mitnick
  • ISBN:B006BBZHAK
  • Environment:PC/Android/iPhone/iPad/Kindle
  • Download

Summary

The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries。 Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide。 Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief。"
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system。 With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent。 Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel。 And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security。

Download

Reviews

Giacomo Kyle

Some really brilliant heists in this book。Also a truly obscene amount of typos。 Astoundingly redundant content (I've never read a book where the author repeats himself so much)。 And a lot of it is very poorly, vaguely organized (many chapters are essentially the same subject。 Many of the stories could have easily fit into other chapters。 There's even two separate lists he gives toward the end that are literally about the same thing)。Overall, brilliant core content but maddeningly poor editing。 Some really brilliant heists in this book。Also a truly obscene amount of typos。 Astoundingly redundant content (I've never read a book where the author repeats himself so much)。 And a lot of it is very poorly, vaguely organized (many chapters are essentially the same subject。 Many of the stories could have easily fit into other chapters。 There's even two separate lists he gives toward the end that are literally about the same thing)。Overall, brilliant core content but maddeningly poor editing。 。。。more

James Siegel

I came to read this book because my firm uses Mr。 Mitnick's training videos/tools。 I enjoyed many of the social engineering stories, but several of them felt very dated by the time I read it (video stores, fax machines, etc。)。 The author also reveals himself to be quite a misogynist while insisting he is not: he says more than once than most social engineers are men (he can't help it!) and in the examples he gives of women being social engineers, they are typically relying on their powers of sed I came to read this book because my firm uses Mr。 Mitnick's training videos/tools。 I enjoyed many of the social engineering stories, but several of them felt very dated by the time I read it (video stores, fax machines, etc。)。 The author also reveals himself to be quite a misogynist while insisting he is not: he says more than once than most social engineers are men (he can't help it!) and in the examples he gives of women being social engineers, they are typically relying on their powers of seduction to get what they want (blergh)。 The policy/practice recommendations made at the end are sound。 。。。more

Fernando Cárcamo

Al inicio, dudé en leer este libro porque pensé que iba a estar muy desfasado desde un punto de vista técnico con respecto a los retos actuales en cuanto a seguridad de la información se refiere。 Sin embargo, el nombre de Kevin Mitnick es demasiado legendario como para dejarlo pasar desapercibido así que pensé que seria bueno darle una oportunidad desde un punto de vista histórico。 Debo enfatizar que, aunque la tecnología ha cambiado muchísimo, los temas tratados sobre ingeniería social siguen e Al inicio, dudé en leer este libro porque pensé que iba a estar muy desfasado desde un punto de vista técnico con respecto a los retos actuales en cuanto a seguridad de la información se refiere。 Sin embargo, el nombre de Kevin Mitnick es demasiado legendario como para dejarlo pasar desapercibido así que pensé que seria bueno darle una oportunidad desde un punto de vista histórico。 Debo enfatizar que, aunque la tecnología ha cambiado muchísimo, los temas tratados sobre ingeniería social siguen estando muy vigentes。 Y a pesar de que los elementos centrales del libro me son muy familiares, encontré muy entretenidas (y en ocasiones exageradamente hilarantes) las historias descritas por Mitnick。 Este es un libro que sin duda recomiendo a todos los entusiastas de la informática y sobre todo a aquellos que se preocupan por su privacidad en tiempos digitales。 。。。more

Henrikas Kuryla

The book reveals a specter of tricks so called "social engineers" use to obtain information they are not supposed to have access to。 Although technical means play a significant role, the most emphasis is placed on human element。 The deceit schemes are split into multiple steps in which people are tricked into submitting seemingly insignificant information。 But when put together those insignificant elements result in a loss of valuable information。I must admit that some trickery schemes seemed fa The book reveals a specter of tricks so called "social engineers" use to obtain information they are not supposed to have access to。 Although technical means play a significant role, the most emphasis is placed on human element。 The deceit schemes are split into multiple steps in which people are tricked into submitting seemingly insignificant information。 But when put together those insignificant elements result in a loss of valuable information。I must admit that some trickery schemes seemed fascinating to me。 The ingenuity and the aspiration to find ways around seemingly fail-safe system deserves admiration。 On the other hand, most "social engineers" are imitators, the real geniuses among them are rare。I put the term "social engineer" in quotation marks because I don't think it is a right term for naming deceitful practices described in this book。 The real meaning of a term "social engineering" I would demonstrate by one Sufi story from Idries Shah's book "A veiled gazelle"。In this story a traveling Sufi master once encountered peasants who argued on who should farm a certain piece of land。 The master approached peasants and in some ways know only to him (!) persuaded those people to submit the land to him。 He settled there and after several years, when peasants learned to work the land by sharing it, the master gave the land back。 This is a social engineering。What happened here was that the master manipulated people to establish practices that were beneficial to the community。 After achieving his goal he returned the property he obtained by trickery。An example of social engineering in a context of this book could be an effort to grow awareness of deceitful practices。So, how do we name those so called "social engineers"? Tricksters, swindlers, grifters or just thieves。Does the book teach how to become a "social engineer"? Well, for people with a certain mindset and loose moral restraints - maybe。But the real value of this book is bringing into awareness existence of deceitful practices, explaining how to recognize them and giving an outline of procedures that help protecting your information。 。。。more

Michał

Czy wystawianie recenzji opartej o własne oczekiwania wobec książki jest obiektywne? Nie wiem。 Jednak po opisie spodziewałem się czegoś zupełnie innego。 Liczyłem na historie rzeczywistych włamań do systemów i firm, przeprowadzonych przez najgroźniejszego i najbardziej poszukiwanego hackera w historii :) Zamiast tego otrzymałem podręcznik technik socjotechnicznych z przykładami, podobno opartymi na faktach, ale ze zmyślonymi nazwiskami。 Trzeba przyznać, że podręcznik trochę nieaktualny, gdyż pewn Czy wystawianie recenzji opartej o własne oczekiwania wobec książki jest obiektywne? Nie wiem。 Jednak po opisie spodziewałem się czegoś zupełnie innego。 Liczyłem na historie rzeczywistych włamań do systemów i firm, przeprowadzonych przez najgroźniejszego i najbardziej poszukiwanego hackera w historii :) Zamiast tego otrzymałem podręcznik technik socjotechnicznych z przykładami, podobno opartymi na faktach, ale ze zmyślonymi nazwiskami。 Trzeba przyznać, że podręcznik trochę nieaktualny, gdyż pewne technologie stosowane w latach '90 dziś wyszły już z użycia。 Zamiast centralek telefonicznych firmy używają VoIP, nikt nie używa faksów, karty dostępu stały się standardem。 Niektóre strategie mogą jednak być z powodzeniem stosowane - podstawą jest zdobycie zaufania kogoś z pracowników firmy, przeważnie poprzez podszywanie się pod kogoś z wewnątrz。 Mimo że książka nie jest wciągająca, warto ją przeczytać, zwłaszcza jeśli ktoś interesuje się zagadnieniami bezpieczeństwa informacji, aby zyskać wiedzę o potencjalnych źródłach ataku i słabych punktach。 。。。more

Wayne's

A lot more to this than you might think。

Colin

An entertaining book riddled with spelling errors and peppered with a slight attitude of conceit。

Aston

social engineering

Hmert

asdasdadasda

David

No doubt much more impactful 20 years ago, now dated (technically) and repetitive。 Some of the phone based social engineering was, however, astonished and worth the price of admission。

Chris Norbury

First 3/4 was interesting and informative。 Illustrated many common hacks, social engineering tricks, and other ways to obtain information via computers (mostly illegally)。 Mitnick certainly knows his stuff and does a decent job explaining。The last part of the book is mostly for business owners or executives who want a blueprint and actionable solutions to improving their company's security。 I skimmed it because I'm a company of one and don't have to worry about anyone but me getting hacked。 (I t First 3/4 was interesting and informative。 Illustrated many common hacks, social engineering tricks, and other ways to obtain information via computers (mostly illegally)。 Mitnick certainly knows his stuff and does a decent job explaining。The last part of the book is mostly for business owners or executives who want a blueprint and actionable solutions to improving their company's security。 I skimmed it because I'm a company of one and don't have to worry about anyone but me getting hacked。 (I take basic precautions of course)。I do think the next Black Swan (after COVID knocked us all for a loop) will be a large-scale disruption of the electronic/financial system, which will bring the world economy to a dead stop (as opposed to the pandemic merely throttling it back by 50%)。 。。。more

Dianne Trautmann

This is a good solid book on Social Engineering。 I would recommend this to anyone who uses social media and anyone who uses computers, to raise their awareness on phishing schemes and just to be more vigilant with passwords and personal information security。 I read this all the way through, which I would not recommend, since it is more manual than reading book。 Even 10 years out of date, what is presented in the first part of the book is still valuable。

David

I like to periodically review the scenarios in this book so that I can be more familiar with techniques the influencers might use。

Hannele Kormano

Definitely repetitive - the stories are still useful, but I'd recommend picking one or two chapters out of each section instead of reading all of it。 There are parts that feel less like cautionary tales and more like an instruction manual for carrying out social engineering attacks, although that might be difficult to avoid entirely。There's definitely also a few misogynist moments that I can't help but keep thinking about -- for example, one of the only women social engineers is getting back at Definitely repetitive - the stories are still useful, but I'd recommend picking one or two chapters out of each section instead of reading all of it。 There are parts that feel less like cautionary tales and more like an instruction manual for carrying out social engineering attacks, although that might be difficult to avoid entirely。There's definitely also a few misogynist moments that I can't help but keep thinking about -- for example, one of the only women social engineers is getting back at an ex, and not only is this sigh inducing to begin with, but I get the heavy feeling that this is a gender swapped story in an attempt to make stalker behaviour more socially acceptable。 In another story it's suggested that a woman should show her gratitude for the male hacker's prowess in some way, and you can all but hear the wink wink nudge nudge。 It is mainly those two stories out of dozens, but it still sucks and I do feel like I have to call it out。The format didn't bug me as much, the Mitnick messages etc felt very in line with the tech books of the day, your Idiot's Guides and the like。 But it was a bit annoying that the one piece of jargon I would have wanted explained was not。On the whole, I expect there are probably better resources for learning about this sort of thing nowadays。 。。。more

George Fischer

A bit out of date, but still useful

Velo

While the technology described in the book is outdated, the ideas provided are definitely not。 The crucial factor of security even in today's technological society is the human factor。 People who read this book hoping they will become cybersecurity experts or hackers, depeneding on what side of the law they see themselves, will be dissapointed。 The book isn't meant to teach you about technology, but to help you build a sense of awareness of the possibilty that everyone can become a victim of a s While the technology described in the book is outdated, the ideas provided are definitely not。 The crucial factor of security even in today's technological society is the human factor。 People who read this book hoping they will become cybersecurity experts or hackers, depeneding on what side of the law they see themselves, will be dissapointed。 The book isn't meant to teach you about technology, but to help you build a sense of awareness of the possibilty that everyone can become a victim of a social enginnering attack。 The stories provided are an eye-opening experience that will help you become more alert and mindful when dealing with people in your life, and thereby greatly reduce the risk of being decieved。 I find that some of the stories provided were a bit redundant, and that the book could have been shorter and more concise。 。。。more

Wellington Watt

My account was hacked and I lost almost everything $520,000 I have saved over the years until I found a legit hacker who helped me recover a lot of money in 3 days it was a surprise to me because I do not believe that one can hack money from account just with the bank and front picture of the credit or debit card without holding the card or asking for more details this was the best experience ever if you have a credit of debit card with good funds and you are ready to transfer the money to your My account was hacked and I lost almost everything $520,000 I have saved over the years until I found a legit hacker who helped me recover a lot of money in 3 days it was a surprise to me because I do not believe that one can hack money from account just with the bank and front picture of the credit or debit card without holding the card or asking for more details this was the best experience ever if you have a credit of debit card with good funds and you are ready to transfer the money to your personal account without any trace and you can invest in any business of your choice and enjoy life to the fullest here is the contact of the best hacker in the world I call him GURUcontact him here= +1 (424) 283 6238 ) wisetechhacker @ gmail com 。。。more

Bartekwiec

A bunch of nice stories, most of the scams via phone。 General concepts valid, but the details naturally quite outdated in 2020。

Yates Buckley

This book remains extremely relevant to system security problems。 Kevin Mitnick, one of the most effective hackers in the end of 20th century describes simple examples that tear at the seems of organised corporate culture security。 Really, everyone should have a read to get a sense of how systems can suffer huge damaging impact despite them being carefully certified, monitored and updated。 Psychology can have more impact that technology。

Aaroh Gokhale

Pretty good examples of how social engineering can easily break through the toughest security systems, and how human error is what usually causes breeches of security。 However, the examples got repetitive quite quickly。

Bradley

Pubbed almost two decades ago, the technology angle in this book is largely, although not completely, out of date。Fortunately, that isn't the primary reason I picked up this book。 It's right there in the title。 We may as well call is Social Engineering。 Others might call it a con。 But either way, human psychology being what it is, the underlying vulnerability to network or corporate structures never really goes out of style。PEBCAK。 Problem Exists Between Chair and Computer。 This book does a very Pubbed almost two decades ago, the technology angle in this book is largely, although not completely, out of date。Fortunately, that isn't the primary reason I picked up this book。 It's right there in the title。 We may as well call is Social Engineering。 Others might call it a con。 But either way, human psychology being what it is, the underlying vulnerability to network or corporate structures never really goes out of style。PEBCAK。 Problem Exists Between Chair and Computer。 This book does a very serviceable job outlining most of the ways that people can be conned out of information。 My favorite is just in looking or acting the part that people expect。 I've been hearing that advice from the early Robert A。 Heinlein days。 People trust others who seem just like them。 Confident behavior sends up no red flags。A lot of this is common sense, but you and I know that Social Engineering is still a growth industry。Every day, every sector, someone, somewhere is conning us。 A lot of this book is still very timely, but I'm also sure that there are a lot of updated techniques out there。 。。。more

Srivatssan

This book might have been of some value 10 years ago, I personally feel that this is can be considered as a Security primer to those who have no idea about the field of computer security。 The book is too verbose to my liking and if you strip off all the stories, this book will not even come to 100 pages which is the only valid contents。 While I admire the author's background in this field and how he came forward to share his knowledge for the benefit of the society, the content of this book is d This book might have been of some value 10 years ago, I personally feel that this is can be considered as a Security primer to those who have no idea about the field of computer security。 The book is too verbose to my liking and if you strip off all the stories, this book will not even come to 100 pages which is the only valid contents。 While I admire the author's background in this field and how he came forward to share his knowledge for the benefit of the society, the content of this book is depicts the state of cyber security about 10 years ago。 This is no longer relevant to the modern world。 Just my 2 cents。 。。。more

Daniel

I read this after The Art of Intrusion and I consider that to be the more entertaining book of the two。 This one is okay, but it really gets into the weeds with security policies in the last chapter。 And that will be good for somebody who needs to implement those policies, but it doesn't make for light reading。 I think it would have been better to include them as appendices。 I read this after The Art of Intrusion and I consider that to be the more entertaining book of the two。 This one is okay, but it really gets into the weeds with security policies in the last chapter。 And that will be good for somebody who needs to implement those policies, but it doesn't make for light reading。 I think it would have been better to include them as appendices。 。。。more

Eren

Kitabın anlattığı şeyler bir sistemi hacklemekten öte insanları nasıl manipüle edeceğimiz。 Her alandan insan okuyup dersler çıkarabilir。 İşlenen senaryolar da oldukça zevkli vakit geçirmeme sebep oldu。 Hayatımın ilerleyen sahalarında kullanmayı düşünmesem bile kullanan insanları anlamamı sağladı。 Üçkağıta alavere dalavereye geçiş yok

Lütfi Dereli

Dünyanın ünlü siber güvenlik uzmanları arasında olan Kevin D。 Mitnick'in anlattığı olaylar, referans gösterdiği durumlar güvenlik yazılımlarının kendi başına yeterli olmadığını örnekler ile gösteriyor。 Bugün firmalar tek başına güvenliklerini sağlama konusunda yeterli değildirler。 Güvenliği tam anlamıyla sağlamak imkansıza yakın Dünyanın ünlü siber güvenlik uzmanları arasında olan Kevin D。 Mitnick'in anlattığı olaylar, referans gösterdiği durumlar güvenlik yazılımlarının kendi başına yeterli olmadığını örnekler ile gösteriyor。 Bugün firmalar tek başına güvenliklerini sağlama konusunda yeterli değildirler。 Güvenliği tam anlamıyla sağlamak imkansıza yakın 。。。more

Jan

A very comprehensive guide for any organization dealing with sensitive data。 Maybe a little too common sensical in terms of what effective countermeasures to use。But it offers a lot of examples and true stories of how people tricked companies and officials into getting the information they wanted。The best, or worst, depending on point of view, is how simple can it be, and with how little effort, if you know what you are doing, you can get classified information。Ofcourse now that it is known, the A very comprehensive guide for any organization dealing with sensitive data。 Maybe a little too common sensical in terms of what effective countermeasures to use。But it offers a lot of examples and true stories of how people tricked companies and officials into getting the information they wanted。The best, or worst, depending on point of view, is how simple can it be, and with how little effort, if you know what you are doing, you can get classified information。Ofcourse now that it is known, the tactics will or are already changed。 Nevertheless very surreal read that is not spy novel fiction。 。。。more

Frank Thiemonge

It's been years since I read this one, but the lessons in it are more important than ever。 I mean, folks are pretending to be COVID-19 contacts tracers these days to get your credit card information for goodness sakes。 When someone comes to you, in person or by phone, or email, or whatever communication medium, never assume they are who they say they are, especially when they're asking for financial information, personally identifiable information, or company secrets。 Verify, verify, verify。 The It's been years since I read this one, but the lessons in it are more important than ever。 I mean, folks are pretending to be COVID-19 contacts tracers these days to get your credit card information for goodness sakes。 When someone comes to you, in person or by phone, or email, or whatever communication medium, never assume they are who they say they are, especially when they're asking for financial information, personally identifiable information, or company secrets。 Verify, verify, verify。 They say they're from the IRS? Great, ask them for their name, extension, office location, etc, and you'll call the IRS back at their publicly listed phone number (not any number this unverified person gives you)。 That sort of thing。 Social engineers are clever。 They can spoof the phone number they're calling from, email they're sending from, etc, to make it look like it's from who they say they are。 Always verify before handing over any information。 Having said this, there are lots of examples in this book well worth reading。 It's as much of a must read today as it was when it came out。 。。。more

David Ross

Not quite as entertaining as his biography, this is a series of real life incidents where companies/government have been duped by social enginneers。 If you're an overconfident CEO of a firm entrusted with seriously confidential material then this book will open your eyes to the ease with which these engineers work their magic。 Great book for research。 Not quite as entertaining as his biography, this is a series of real life incidents where companies/government have been duped by social enginneers。 If you're an overconfident CEO of a firm entrusted with seriously confidential material then this book will open your eyes to the ease with which these engineers work their magic。 Great book for research。 。。。more

Erhan YILDIRIM

Başlığına aldanıp aldım ama pişmanım。 Düşündüğüm gibi bir kitap çıkmadı。 80'li ve 90'lı yıllarda yaşanmış ancak hayali kurgu üzerinden anlatılan sosyal mühendislik olaylarını tek düze önümüze sunan sayfalar yığını。 Yarısına zor geldim, kalan yarısı fikrimi değiştirir mi bilmem dedim ama hiç devam edemedim。 Tavsiye etmiyorum。 Başlığına aldanıp aldım ama pişmanım。 Düşündüğüm gibi bir kitap çıkmadı。 80'li ve 90'lı yıllarda yaşanmış ancak hayali kurgu üzerinden anlatılan sosyal mühendislik olaylarını tek düze önümüze sunan sayfalar yığını。 Yarısına zor geldim, kalan yarısı fikrimi değiştirir mi bilmem dedim ama hiç devam edemedim。 Tavsiye etmiyorum。 。。。more

Stefano Mastella

L'approccio per casi già ritrovato in altri libri di Mitnick è interessante ma l'ho trovato un po' stucchevole in questo anche se offre spunti interessanti。Da salvare, rileggere e studiare il vademecum e l'appendice。 L'approccio per casi già ritrovato in altri libri di Mitnick è interessante ma l'ho trovato un po' stucchevole in questo anche se offre spunti interessanti。Da salvare, rileggere e studiare il vademecum e l'appendice。 。。。more

Reference

google book https://www.google.com/search?tbm=bks&q=The Art of Deception: Controlling the Human Element of Security

hathitrust digital library https://babel.hathitrust.org/cgi/ls?q1=The Art of Deception: Controlling the Human Element of Security&field1=ocr&a=srchls&ft=ft&lmt=ft

The British Library https://bll01.primo.exlibrisgroup.com/discovery/search?query=any,contains,The Art of Deception: Controlling the Human Element of Security&tab=LibraryCatalog&search_scope=Not_BL_Suppress&vid=44BL_INST:BLL01&lang=en&offset=0