Author(s): Kevin D. Mitnick
Written from the unique perspective of a former hacker, this title advises anyone involved with information security protection and policies on how social engineering attacks are executed and how they can be prevented.
authoritative (Retail Systems, December 2005) "...an interesting read..." (www.infosecnews.com, 17 July 2002) "...highly entertaining...will appeal to a broad audience..." (Publishing News, 26 July 2002) "required reading for IT professionals, [and] is highly recommended for public, academic, and corporate libraries." (Library Journal, August 2002) "This is Mitnick s account, complete with advice for how to protect yourself from similar attacks. I believe his story." (Wired, October 2002) "does deliver on social engineering exercises." And "[o]ne way or another, you ll find the information useful." (Red Herring, October 2002) "Mitnick outlines dozens of social engineering scenarios in his book, dissecting the ways attackers can easily exploit what he describes as that natural human desire to help others and be a good team player. " (Wired.com, October 3, 2002) "Most of the book, coauthored by William Simon ..., is a series of fictional episodes depictin g the many breathtakingly clever ways that hackers can d upe t rusting souls into breaching corporate and personal security information as simple as an unlisted phone number or as complicated as plans for a top secret pr oduct under development." (Forbes, October 14, 2002) "...the book describes how people can get sensitive information without even stepping near a computer through social engineering the use of manipulation or persuasion to deceive people by convincing them that you are someone else." (CNN.com s Technology section, October 9, 2002) "...engaging style...fascinating true stories..." (The CBL Source, October/December 2002) " the book describes how people can get information without even stepping near a computer " (CNN, 16 October 2002) " each vignette reads like a mini cybermystery thriller I willingly recommend The Art of Deception. It could save you from embarrassment or an even worse fate " (zdnet.co.uk, 15 October 2002) " details the ways that employees can inadvertently leak information that can be exploited by hackers to compromise computer systems the book is scary in ways that computer security texts usually do not manage to be " (BBC online, 14 October 2002) " more educational than tell all " (Forbes, 2 October 2002) " would put a shiver into anyone responsible for looking after valuable computer data the exploits are fictional but realistic the book is about hacking peoples heads " (The Independent, 21 October 2002) " the key strength of The Art of Deception is the stream of anecdotes with explanations about how and why hacks succeed provides a solid basis for staff training on security " (Information Age, October 2002) " should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is people and their human nature " (Unix Review, 18 October 2002) " disturbingly convincing " (Fraud Watch, Vol.10, No.5, 2002 " the worlds most authoritative handbook an unputdownable succession of case studies chilling trust me, Kevin Mitnick is right " (Business a.m, 29 October 2002) " a damn good read I would expect to see it as required reading on courses that cover business security Should you read this book? On several levels the answer has to be yes. If you run your own business, work in one, or just want a good read, this is worth it "(Acorn User, 29 October 2002) " the analysis of individual cases is carried out thoroughly ultimately, the value of the book is that it may encourage security managers to be more assiduous in teaching their staff to check the identities of the people they deal with, and better corporate security will be the result "(ITWeek, 1 November 2002) " a penetrating insight into the forgotten side of computer security " (IT Week, 4 November 2002) "...a highly entertaining read...Mitnick has a laid back style which makes the book easy to read and of great interest, even to those of us who have no interest in computers..."(Business Age, September 2002) "...one of the hacker gurus of our time...makes it abundantly clear that everyone can be fooled and cheated by the professionals..." (The Times Higher Education Supplement, 15 November 2002) "...focuses on teaching companies how to defeat someone like him full of specific examples of the ways apparently innocent bits of information can be stitched together to mount a comprehensive attack on an organisation s most prized information..." (New Scientist, 23 November 2002) "...all simple things, little titbits of seemingly innocuous information, which when gathered together give the hacker the power to cripple the biggest corporation or the smallest home business..." (New Media Age, 14 November 2002) " highly acclaimed a fascinating account " (Information Security Management, November 2002) "...His new book, The Art of Deception, presents itself as a manual to help companies defeat hackers..." Also listed in recommended reading list (The Guardian, 13 December 2002) "...gets it's point across and contains some valuable pointers..." (MacFormat, January 2003) "...supremely educational a sexy way to hammer home a relevant point...what makes it sing is the clear information that Mitnick brings to the table..." (Business Week, 8 January 2003) "...Indispensable..." (Focus, February 2003) "...incredibly intriguing...a superb book which would be beneficial for anyone to read..." (Telecomworldwire, 4 February 2003) "...a good overview of one of the most neglected aspects of computer security..." (Technology and Society, 7 February 2003) "...fascinating to read...should strike fear into the hearts of commercial computer security departments..." (Business Week, 3 September 2003) "...a penetrating insight into the forgotten side of computer security..." (Accountancy Age, 19 February 2003) Top 10 Popular Science Books (New Scientist, 21 February f2003) "...should be assigned as required reading in every IT department...excellent advice..." (Electronic Commerce Guide, 12 February 2003) an interesting and educational read for anyone with a role to play in corporate security (Computer Business Review, 6 March 2003) a good read, well written (Managing Information, March 2003) structured like a mini detective story series the unfolding attacks are compulsive reading (Aberdeen Evening Express, 7 June 21003) a real eye opener well written and produced an easy and valuable read (Accounting Web, 19 June 2003) a superb book which would be beneficial for anyone to read (M2 Best Books, 4 February 2003) the insights for earlier chapters are fascinationg, and that alone makes it worth blagging a copy for review (Mute, Summer/Autumn 2003) a good read, well written this accessibility makes it doubly important (Managing Information 5 star rating, October 2003)
KEVIN MITNICK is a security consultant to corporations worldwide and a cofounder of Defensive Thinking, a Los Angeles based consulting firm (defensivethinking.com). He has testified before the Senate Committee on Governmental Affairs on the need for legislation to ensure the security of the government s information systems. His articles have appeared in major news magazines and trade journals, and he has appeared on Court TV, Good Morning America, 60 Minutes, CNN s Burden of Proof and Headline News. He has also been a keynote speaker at numerous industry events and has hosted a weekly radio show on KFI AM 640 Los Angeles. WILLIAM SIMON is a bestselling author of more than a dozen books and an award winning film and television writer.
Foreword. Preface. Introduction. Part 1: Behind the Scenes. Chapter 1: Security s Weakest Link. Part 2: The Art of the Attacker. Chapter 2: When Innocuous Information Isn t. Chapter 3: The Direct Attack: Just Asking for It. Chapter 4: Building Trust. Chapter 5: "Let Me Help You". Chapter 6: "Can You Help Me?". Chapter 7: Phony Sites and Dangerous Attachments. Chapter 8: Using Sympathy, Guilt, and Intimidation. Chapter 9: The Reverse Sting. Part 3: Intruder Alert. Chapter 10: Entering the Premises. Chapter 11: Combining Technology and Social Engineering. Chapter 12: Attacks on the Entry Level Employee. Chapter 13: Clever Cons. Chapter 14: Industrial Espionage. Part 4: Raising the Bar. Chapter 15: Information Security Awareness and Training. Chapter 16: Recommended Corporate Information Security Policies. Security at a Glance. Sources. Acknowledgments. Index.