Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of Deception
Kevin Mitnick, the worlds most celebrated hacker, now devotes his life to helping businesses and governments combat data thieves, cybervandals, and other malicious computer intruders. In his bestselling The Art of Deception, Mitnick presented fictionalized case studies that illustrated how savvy computer crackers use social engineering to compromise even the most technically secure computer systems. Now, in his new book, Mitnick goes one step further, offering hair raising stories of real life computer break ins and showing how the victims could have prevented them. Mitnicks reputation within the hacker community gave him unique credibility with the perpetrators of these crimes, who freely shared their stories with him and whose exploits Mitnick now reveals in detail for the first time, including: A group of friends who won nearly a million dollars in Las Vegas by reverse engineering slot machines Two teenagers who were persuaded by terrorists to hack into the Lockheed Martin computer systems Two convicts who joined forces to become hackers inside a Texas prison A Robin Hood hacker who penetrated the computer systems of many prominent companies andthen told them how he gained access With riveting you are there descriptions of real computer break ins, indispensable tips on countermeasures security professionals need to implement now, and Mitnicks own acerbic commentary on the crimes he describes, this book is sure to reach a wide audience and attract the attention of both law enforcement agencies and the media. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Although a somewhat old book now at 8 years old, both the author and publication are well known subjects in the security world. No matter your opinion of the author who has collated the stories from various black hat sources (and who himself famously spent time in incarceration prior to this for IT systems penetration) it's worthwhile to read the publication in order to 'know your enemy' as Sun Tzu would have advised.Since it's a collection of what appear to be true stories of penetrations of organisations systems, it's a welcome break from drier technical publications that you might be used to as revision reference and similar. The book features less on technical procedures, checklists and exact tools/procedures and facts and on the process and social engineering behind real world penetration attacks against the IT industry as such the book ages well and is still insightful despite the age.It feels like the majority of stories revolve around the attackers finding overlooked small flaws in a sites security, and then spending time turning this single flaw into a larger penetration, growing in depth of compromise over time. This is quite a contrast to the usual mainstream view of a single flaw causing the compromise of an organisation the book implies that it's likely a string of flaws, each on its own not a great issue (and probably existing due to lack of staff time or knowledge) but when combined they provide an attacker with a route in.The story of the attacker who spends a year breaking into a company also challenges the traditional view of attackers that compromise a system, cause damage or send as much spam as possible until detected and then the issue is fixed by the IT staff. Instead the attacker gets access and spends time slowly moving through the network to get to the desired systems (in this case a source code repository).Another eye opener is the scorn the attackers repeatedly give towards systems when the systems administrators dont take action against persistent obvious attacks. It's hard to read the book and not come away thinking that perhaps it really is time to cure the false positives coming from the organisations intrusion detection system and pay some real attention to configuring it. You think of your own organisations systems, and the minor outstanding security measures you've been meaning to spend time on but other tasks took priory. It's a healthy kick in the posterior to pay attention to both due care in setting up security prevention and detection systems and due diligence in monitoring the resulting logs (and taking action when necessary).The book is an IT security classic which ages well in terms of technical content (due to the discussion of timeless subjects such as social engineering rather than software versions) and should be required reading for IT professionals, especially those who might be feeling that their IT security is impenetrable. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers A very interesting collection of stories if you want to look over the shoulders of people who one day may fancy 0wning you. You can get a fell for what they are capable of. Especially regarding patience, single mindedness and inventiveness in worrying the locks physical and virtual until they break. Or in finding that one passage that non one thought manageable, discoverable or exploitable. Reads like good heist stories without the steamy and ultra violent parts. And with well meaning advice to boot.Some notions of networking required, but neophythes dont need to fear: the authors dont leave you hanging and try to explain the basics sometimes not too successfully, but then this *is* a hairy subject. Hard core network admins will not be surprised by anything in here but will get a view of the bigger picture that lies beyond the suspicious activity seen in the log files.The stories related in the book have, according to the authors, been well checked an corroborated as explained in the preface. Technically they are absolutely believable.So what do you get for your money:Chapter 1: Buy a video poker machine, reverse engineer it, find out its predictable then make big bucks in Vegas.Chapter 2: Try to break into the govnmt while being egged on by real (or fake?) Pakistani terrorists.Chapter 3: Build your own Internet connection from inside prison while running rings around the wardens. The Shawshank Redemption, a bit differently.Chapter 4: Break into Boeing while there is a computer forensics class in progress. Bad idea!Chapter 5: The famous Adrian Lamo in action. The New York Times network is opened up. The Gray Lady then goes into payback mode.Chapter 6: Your company wants a penetration test? Think twice, you may get than you bargained for. (There should be contest for guessing at the Real Names of the companies mentioned. Hmmm?)Chapter 7: You bank is secure, right? Actually, no!Chapter 8: Hello, operations? I thought this machine where we had our source code was secure. Now its on a warez site!Chapter 9: Hacking for profit: A forgotten console cable around a firewall and PC Anywhere carelessly installed on a mobile computer eventually brings about the targeted companiess undoing.Chapter 10: Social engineering. Ok, so we have seen this in Mitnicks previous volume.Chapter 11: Odds and sods (i.e. assorted hacks).Contrary to what wombatboy1975 says, Mitnick keeps the ego firmly in check (compare this to his erstwhile antagonists, the duo terrible Shimomura/Markoff whose book was made unreadable among others by ego inflation).The conclusion that you can draw from the stories is that hackers are not unlike a flu virus. If there is a surface protein that one of them can lock unto, one of them might do it tomorrow. Or never. Or maybe just not on your watch.Work on reducing your systemss cross section. And good luck. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers In the same writing style as The Art of Deception: Controlling the Human Element of Security , Kevin Mitnick gives us stories which show the workings of a hacker's mind. In the stories I noticed the evolution of real technical hacking techniques to a combination of with social engineering. The stories are both interesting and amusing. Some technical knowledge will help you to understand these stories, although the mentioned technical concepts, ideas and technologies are explained too. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers The stories illustrated within this book are very fascinating, however the style, and approach taken on this book isn't the greatest. The writer keeps referring back to himself and his days, in pretty much every chapter, that could be written in a book of its own.For that, I give it a 3 star rating. Otherwise the approach is good, and the book is enjoyable. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers The book has been an extremely interesting read as well as a little bit of a history lesson. Under no circumstances is this an instruction book, but of a look of where companies went wrong and ways we can all learn to mitigate these risks. Whether you're a professional or someone interested in security then I would happily suggest anyone reads this book.This book not only looks at the technical challenges but also the physical and social ones; many areas covered.As a placement student from reading this I have learnt a few things about how I should apply good practices in my work, No one will go to the trouble of doing that, there is some kid that will.. Overall a good read. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
