The Art of Deception is an in depth look at the vulnerability that the common man has to the social engineer. Mitnick’s perspective comes from a social angle instead of a technological one, seeing as he is known as the greatest hacker all over media and most of his methods weren’t technologically inclined but socially. A quick look into Mitnick’s background, he was an only child who had a knack for understanding the Nitti Gritty of technology. As a child, he managed to ‘hack’ the bus system in Los Angeles and travel for free, exploited telephone networks as a teen and in college, infiltrated their network and was later hired because it was either that or expulsion. These are just a few of his many hacking exhibitions. He has served jail time because he realised what he did was wrong and is now helping companies avoid similar exploitations through his security company, public talks and through his books.
In this day and age, where information is the new currency on the block, criminals are on the rise to acquire this information. The book highlights the different techniques and attacks of the social engineer and how easily we are persuaded into thinking that technology has secured us from these attacks. He shows these through a variety of stories that have actually happened as indications of our negligence to these attacks, but as well points out ways that we can protect ourselves from these attacks and become less victimized by the social engineer. He gets us to look through the lens of the attacker and the victim, playing predator and playing prey.
The book is broken into four parts, namely; Behind the Scenes, The Art of the Attacker, Intruder Alert and Raising the Bar. The first part explains how mankind is the biggest security flaw in an information system, next two parts focus on the social engineer’s craftiness to bypass security and the last one focuses on the way of protecting a business from being duped. Mitnick points out that you are never really secure because the biggest flaw is not the technology but the human. “Only two things are infinite, the universe and human stupidity, and I’m not sure of the former.” This basically means that the naivety and gullibility of the human race is the crevice that a social engineer exploits to breach security.
There’s a saying that goes “innocent till proven guilty” , meaning we choose to see the good in a person and never expect them to harm us, most especially one who comes politely and in good manner. It’s easier to believe the devil in a suit and tie than the angel in rags. Mitnick points out how the social engineer ‘dresses’ the part to blend in with the environment. He familiarises himself with common terminology, company associates and even personal detail of a certain employee to con his way through security. Chapter 4 is clear indication of how we get...