Fortean Times, June 2004
The art of deception:
Controlling the human element of security
Kevin D Mitnick & William L Simon
PB, $16.05/£9.99, pp352, INDEX ISBN: 0 7645 4280 X
Marketed as a handbook to help corporate IT managers protect their systems, 'The Art of Deception' actually belongs to the old and honourable genre of the retired con artist revealing the tricks of his trade.
Kevin Mitnick is a semi-mythical figure in the shady world of hacking, although he insists his exploits were all motivated by intellectual curiosity rather than by greed or malice. But after the media dubbed him 'the Darkside Hacker', the FBI caught up in 1995 and sent him down for five years.
Mitnick's plea bargaining means he can't discuss his own exploits, so what he presents here is a series of fictionalised accounts of other people using similar techniques to his own. The objects of the scams described here are generally what you'd expect: confidential corporate information; valuable personal data; revenge on a former employer. But what makes them remarkable, and all the more difficult to defend against, is that the tools used are those of psychology, persuasion and deception.
Mitnick calls these techniques 'social engineering', but most readers will recognise them as good old-fashioned confidence tricks. In contrast to the stereotype of a hacker using his intimate knowledge of software and hardware to break into IT systems, the main technical skill is a basic knowledge of the jargon used by your target organisation. The rest is down to the very human skills of charm and chutzpah.
Because the emphasis is on the human rather than the technical, it's a fascinating read even if you don't know your FTP from a USB. For the intended audience of IT professionals, the book is a necessary warning Mitnick thoughtfully provides proposals for a complete policy on corporate information security. And for those whose inclinations lie on the other side of the law, the details of the scams may just prove inspiring...