When ‘The Hacker Crackdown’ - written by the cyberpunk novelist Bruce Sterling – was released in 1992, it was a hugely acclaimed journalistic study ofWhen ‘The Hacker Crackdown’ - written by the cyberpunk novelist Bruce Sterling – was released in 1992, it was a hugely acclaimed journalistic study of the cyberspace of the late 80s and early 90s detailing the affairs and people who have influenced this chaotic electronic frontier. Written during a period when the modern day Internet was taking it’s first steps, this book is a historic chronicle of the outlaw culture of the electronic frontier right from it’s beginner days, and inspects the series of criminal activities that plunged this frontier into chaos and law enforcement activities that were set in motion to counter these criminal activities.
This is a book, which stands at par with ‘Hackers: Heroes of the Computer Revolution’ written in 1984 while dissecting and presenting the hacker subculture. It is one of those early books that discussed criminals on the cyber world; cyber crimes; the shortcomings and frustrations of traditional law enforcement agencies in effectively curbing these computer crimes; the emergence of various special task forces aimed at defending against this serious threat; the first civil liberties movements on the cyberspace and the ethics and legal issues connected to the countering of cyber crimes.
By delving deep into the world of actual participants in these activities – both from the criminal and law enforcement side – the author has created a pretty accurate historical snapshot of the 90s electronic frontier which was thriving with multitudes of characters like hackers, rebels, outlaws, cops, cybercops, cyber civil rights activists and bureaucrats.
Since this is a book from the early 1990s - when we consider the lightning speed in which modern Information Technology & Internet got evolved and is still evolving - most of the technology and concepts that it describes are outdated but from a historical perspective this is a great read for those who are interested in the evolution of computer crime, cyber civil liberties movements and cyberspace in general. ...more
The adage is true that the security systems have to win every time, the attacker only has to win once. – Dustin Dykes
Art of Intrusion by Kevin D. MitThe adage is true that the security systems have to win every time, the attacker only has to win once. – Dustin Dykes
Art of Intrusion by Kevin D. Mitnick, the legendary cyber desperado turned computer security consultant, is a compilation of security related case studies presented as fascinating anecdotes or techno-thriller stories, which explains some of the real-life methodologies and exploits that are employed in computer break-ins and cyber crimes. What makes these stories valuable is the fact that instead of writing fictitious accounts of cyber crimes to illustrate each threat these anecdotes are a result of the interviews that Mitnick and his co-author William L. Simon conducts with former hackers, phone phreaks and hacker turned cyber security specialists.
Through Art of Intrusion, Kevin Mitnick attempts to make the reader aware of the common threats in the cyber domain and give him insights on counter-measures that can be employed against these threats. Mitnick describes this goal in the acknowledgement section of Art of Intrusion.
We wanted to write a book that would be both a crime thriller and an eye-opening guide to helping businesses protect their valuable information and computing resources. We strongly believe that by disclosing the common methodologies and techniques used by hackers to break into systems and networks, we can influence the community at large to adequately address these risks and threats posed by savvy adversaries.
Each of the scenarios that Mitnick presents are detailed with insider information on real-life descriptions and methods of breaching security and at times getting pretty technical. The Insights and Countermeasures section that follows each anecdote will provide the reader with essential tips on preventing such attacks. Each of the exploits and the related anecdotes that are discussed in this book adds to the arsenal of a Security/ Information Security professional, as it will give him a change of perspective about the ingenuity shown by the attacker. It can help the security professional in cultivating an attitude of resolve and to shed the dangerous lethargy of overconfidence.
Some of the technical aspects of these exploits that Mitnick discusses in this book may be outdated and software or hardware vulnerabilities that are taken advantage of are patched and made secure from the current viewpoint – not surprising since these incidences are from pre 2006 – but there is one true lesson that every information security professional can take from this book; those who try to breach any system will continue to do so by discovering brand new vulnerabilities and crafty methods to exploit those weaknesses. Learning this mindset will make him prepared and able to cope with cyber crimes and much of the concepts are still relevant, especially those that exploit the human trust to perform a security breach.
This book is recommended for anyone with an interest in information security, corporate security and law enforcement. Since the contents can be a bit technical, having some background in the information security arena is desired, else the book may seem confusing or even hard to follow....more
“I went to prison for my hacking. Now people hire me to do the same things I went to prison for, but in a legal and beneficial way.” – Kevin D. Mitnic“I went to prison for my hacking. Now people hire me to do the same things I went to prison for, but in a legal and beneficial way.” – Kevin D. Mitnick, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker.
Reading ‘The Art of Deception’ is like hearing it straight from the horse's mouth. Kevin D. Mitnick, one of the legendary cyber desperado turned computer security consultant, takes the reader into the complex, supremely confident – often misunderstood as arrogance and curiosity driven mindset of the hacker world as he describes the human element of computer security. In this book with the help of very plausible scenarios and stories he demonstrates the Art of exploiting the human mind – other wise known as ‘Social Engineering’ - to gain access to computer networks.
In the forward to this book, Steve Wozniak sums up ‘The Art of Deception’ nicely with these words:
The art of Deception shows how vulnerable we all are – government, business, and each of us personally – to the intrusions of the social engineer. In this security-conscious era, we spend huge sums on technology to protect our computer networks and data. This book points out how easy it is to trick insiders and circumvent all this technological protection.
In the first three sections of this book the author explains in great details on how attackers gain entry into fortified assets by simply taking advantage of the trusting & sympathizing nature of the human mind. Mitnick covers almost all possible basic attack scenarios, which a real-life attacker uses in conning an unsuspecting computer user for gaining entry into a closed network. By attacking the weakest link in the security apparatus, this book shows how a skilled social engineer can take complete control of a system by pulling the strings on an unsuspecting victim like a master puppeteer and making him do things which favors the attacker. After showing each scenario, Mitnick explains the various factors, which made each scenario work, and gives valuable inputs and strategies on how organizations can prevent each scenario from happening with in their working environment.
For those who have a professional interest in corporate security or information security the section titled ‘Raising the Bar’ will be a valuable resource. In this section Mitnick provides a very detailed outline of ‘practical corporate information security policies’ and training methodologies for staff, which in a combined manner can mitigate the risks of an intrusion.
Some readers may find the style of writing employed in the book not up to the mark, but as a practical book on analyzing and getting aware of the threat of Social Engineering and as an Information Security Policy reference this book has some valuable content. In the present time you may find more detailed books on Social Engineering, but when this book came out in 2003, it had some sensational content which I still remember reading with great thrill. Some of the technical exploits related to the telephone systems that are mentioned in the book are a bit outdated but the methods and philosophy of exploits that target the human mind is very relevant even today.
This book is a recommended read for anyone who is interested in computer security and the hacker subculture. ...more
Loading...
