The Art of Deception and over one million other books are available for Amazon Kindle. Learn more

Quantity:

Buy New


	Amazon Prime Free Trial required. Sign up when you check out. Learn More

Buy Used

Used - Acceptable See details

$5.02 & eligible for FREE Super Saver Shipping on orders over $25. Details

Fulfilled by Amazon

Sell Back Your Copy

For a $0.10 Gift Card

Learn more

More Buying Choices

Have one to sell? Sell yours here

See all product images
See 1 customer image

Share your own customer images

Search inside this book

Start reading The Art of Deception on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

The Art of Deception: Controlling the Human Element of Security [Hardcover]

Kevin D. Mitnick (Author), William L. Simon (Author), Steve Wozniak (Foreword)

4.2 out of 5 stars See all reviews (144 customer reviews) |

List Price:	$39.95
Price:	$23.79 & eligible for FREE Super Saver Shipping on orders over $25. Details
Deal Price:
You Save:	$16.16 (40%)
	Special Offers Available
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Only 1 left in stock--order soon (more on the way).

Want it delivered Tuesday, January 31? Choose One-Day Shipping at checkout. Details

FREE Two-Day Shipping for Students. Learn more

	Amazon Price		New from	Used from
Kindle Edition	$8.09		--	--
See # more Kindle books
Show fewer Kindle books
Hardcover	$23.79		--	--
See # more hardcovers
Show fewer hardcovers
Paperback	$10.32		--	--
See # more paperbacks
Show fewer paperbacks
Audible Audio Edition, Unabridged	$21.95	or Free with Audible 30-day free trial

Sell Back Your Copy for $0.10

Whether you buy it used on Amazon for $3.93 or somewhere else, you can sell it back through our Book Trade-In Program at the current price of $0.10.

Used Price$3.93
Trade-in Price$0.10

Price after
Trade-in$3.83

› See more product promotions

Book Description

Publication Date: October 4, 2002

The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

#outer_postBodyPS { display: none; } #psGradient { display: none; } #psPlaceHolder { display: none; } #psExpand { display: none; } The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

Special Offers and Product Promotions

Buy $50 in qualifying physical textbooks, get $5 in Amazon MP3 Credit. Here's how (restrictions apply)

Frequently Bought Together

Price For All Three: $60.91

Some of these items ship sooner than the others. Show details

Buy the selected items together

This item: The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick Hardcover $23.79

In Stock.
Ships from and sold by Amazon.com.
Eligible for FREE Super Saver Shipping on orders over $25. Details
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin D. Mitnick Hardcover $21.97

In Stock.
Ships from and sold by Amazon.com.
Eligible for FREE Super Saver Shipping on orders over $25. Details
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick Hardcover $15.15

In stock on February 1, 2012.
Order it now.
Ships from and sold by Amazon.com.
Eligible for FREE Super Saver Shipping on orders over $25. Details

Customers Who Bought This Item Also Bought

Ghost in the Wires: My Adventures as the World... by Kevin Mitnick
4.8 out of 5 stars (323)

$15.15
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
4.7 out of 5 stars (50)

$20.55
Kingpin: How One Hacker Took Over the Billion-Do... by Kevin Poulsen
4.6 out of 5 stars (62)

$16.50
The Art of Intrusion: The Real Stories Behind... by Kevin D. Mitnick
4.0 out of 5 stars (52)

$21.97
The Art of Intrusion: The Real Stories Behind... by Kevin D. Mitnick
4.0 out of 5 stars (52)

$10.40
Secrets and Lies: Digital Security in a Network... by Bruce Schneier
4.4 out of 5 stars (132)

Editorial Reviews

Amazon.com Review

The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk

From Publishers Weekly

Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying.
Copyright 2002 Cahners Business Information, Inc.

See all Editorial Reviews

Product Details

Hardcover: 304 pages
Publisher: Wiley; 1 edition (October 4, 2002)
Language: English
ISBN-10: 0471237124
ISBN-13: 978-0471237129
Product Dimensions: 9.2 x 6.4 x 1.1 inches
Shipping Weight: 1.4 pounds (View shipping rates and policies)

Average Customer Review: 4.2 out of 5 stars See all reviews (144 customer reviews)

Amazon Best Sellers Rank: #131,166 in Books (See Top 100 in Books)
- #86 in Books > Computers & Technology > Certification > CompTIA
- #87 in Books > Computers & Technology > Business & Culture > Hacking

Would you like to update product info or give feedback on images?

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Kevin D. ...

William L....

Customer Reviews

144 Reviews

5 star:		(80)
4 star:		(29)
3 star:		(20)
2 star:		(7)
1 star:		(8)

Average Customer Review

4.2 out of 5 stars (144 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

65 of 67 people found the following review helpful:

5.0 out of 5 stars Interesting & timely about the dangers of social engineering, October 14, 2002

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)

This review is from: The Art of Deception: Controlling the Human Element of Security (Hardcover)

Kevin Mitnick says "the term 'social engineering' is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole for them to slip through." It's suitable that Mitnick, once vilified for his cracking exploits, has written a book about the human element of social engineering - that most subtle of information security threats.

Some readers may find a book on computer security penned by a convicted computer criminal blasphemous. Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption.

The Art of Deception: Controlling the Human Element of Security states that even if an organization has the best information systems security policies and procedures; most tightly controlled firewall, encrypted traffic, DMZ's, hardened operating systems patched servers and more; all of these security controls can be obviated via social engineering.

Social engineering is a method of gaining someone's trust by lying to them and then abusing that trust for malicious purposes - primarily gaining access to systems. Every user in an organization, be it a receptionist or a systems administrator, needs to know that when someone requesting information has some knowledge about company procedures or uses the corporate vernacular, that alone should not be authorization to provide controlled information.

The Art of Deception: Controlling the Human Element of Security spends most of its time discussing many different social engineering scenarios. At the end of each chapter, the book analyzes what went wrong and how the attack could have been prevented.

The book is quite absorbing and makes for fascinating reading. With chapter titles such as The Direct Attack; Just Asking for it; the Reverse Sting; and Using Sympathy, Guilt and Intimidation, readers will find the narratives interesting, and often they relate to daily life at work.

Fourteen of the 16 chapters give examples of social engineering covering many different corporate sectors, including financial, manufacturing, medical, and legal. Mitnick notes that while companies are busy rolling out firewalls and other security paraphernalia, there are often unaware of the threats of social engineering. The menace of social engineering is that it does not take any deep technical skills - no protocol decoders, no kernel recompiling, no port scans - just some smooth talk and a little confidence.

Most of the stories in the book detail elementary social engineering escapades, but chapter 14 details one particularly nasty story where a social engineer showed up on-site at a robotics company. With some glib talk, combined with some drinks at a fancy restaurant, he ultimately was able to get all of the design specifications for a leading-edge product.

In order for an organization to develop a successful training program against the threats of social engineering, they must understand why people are vulnerable to attack in the first place. Chapter 15 explains of how attackers take advantage of human nature. Only by identifying and understanding these tendencies (namely, Authority, Liking, Reciprocation, Consistency, Social Validation, and Scarcity), can companies ensure employees understand why social engineers can manipulate us all.

After more than 200 pages of horror stories, Part 4 (Chapters 15 and 16) details the need for information security awareness and training. But even with 100 pages of security policies and procedures (much of it based on ideas from Charles Cresson Wood's seminal book Information Security Policies Made Easy) the truth is that nothing in Mitnick's security advice is revolutionary - it's information security 101. Namely, educate end-users to the risks and threats of non-technical attacks.

While there are many books on nearly every aspect of information security, The Art of Deception is one of the first (Bruce Schneier's Secrets and Lies being another) to deal with the human aspect of security; a topic that has long been neglected. For too long, corporate America has been fixated with cryptographic key lengths, and not focused enough on the human element of security.

From a management perspective, The Art of Deception: Controlling the Human Element of Security should be on the list of required reading. Mitnick has done an effective job of showing exactly what the greatest threat of attack is - people and their human nature.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

45 of 48 people found the following review helpful:

3.0 out of 5 stars Interesting cons, but repetitive and ego-trippy, March 24, 2006

Luke Meyers (Seattle, WA USA) - See all my reviews
(REAL NAME)

This review is from: The Art of Deception: Controlling the Human Element of Security (Hardcover)

Mitnick has his own reputation to live up to with this book, which sets a pretty high bar for the audience who knows him as the "World's Most Notorious Hacker." Unfortunately, while he knows the material cold, his skills as an author are less stellar.

The vignettes describing various cons are, in the large, very entertaining. They're fictionalized, and sometimes the dialogue feels artificial. This book is supposed to convince us how easily people are victimized by social engineers. When the victim's dialogue plays too obviously into the con man's hands (for the purpose of illustrating the point relevant to the enclosing chapter/section), this goal is to some extent defeated. It's too easy to read unnatural dialogue and use that as an excuse to tell oneself, "I don't have to worry about that sort of attack -- I'm not that dumb!" More effort could have been expended in fictionalizing these scenarios without making them so difficult to relate to. Seeing how a con is performed is kind of like learning how a magic trick works -- it holds a similar fascination. Imagine seeing an amazing magic trick performed on television, wondering how it was possibly accomplished, and then learning that the trick was all in the video editing. That really sucks the fun out of the magic -- analogously, when the "trick" in one of these cons is just that the victim does something obviously stupid at just the right moment, the believability and enjoyment are damaged.

Despite what I've said, the cons are definitely enjoyable to read and do offer some genuine insights. Not all suffer from believability problems. However, the supporting material discussing these scenarios is pretty weak. There's a rigid format ("Analyzing the con," "Preventing the con," etc.) which leads the author to repeat the same points over and over again with very little variation, at times seemingly just to fit the format. The purpose of all this material is to give useful security recommendations and proper motivation for following them. The recommendations are on-target, but repeated ad nauseum.

The descriptions of social engineers also suffer from a tendency to stroke the author's own ego -- the bigger the con, the thicker the language about how smart, handsome, and clever the con man is. I'd like to be convinced by facts, not hyperbole.

I think this would really have worked better as two books, for two different audiences. One for entertainment, to read about all the cons and how they work, to get a little history of social engineering. And one for serious security discussion. The blend of the two leads to a schizoid work that's simply mediocre.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment (1)

28 of 30 people found the following review helpful:

5.0 out of 5 stars Amazing! This book will make you think, October 9, 2002

By A Customer

This review is from: The Art of Deception: Controlling the Human Element of Security (Hardcover)

I went into this book thinking I knew a fair amount about security in general. You know, don't leave your network password on a post-it on your bulletin board, be aware of strangers in your office, that kind of thing. Then, I finished reading the book, and realized that it challenged all the assumptions that I had about the way I react in these situations. Mitnick's right - we as human beings are conditioned to be polite and trusting, and as horrible as it seems, that's not always right. But you don't have to become nasty and distrustful, just aware. That's what this book is talking about. The examples are wonderful - they really do read like a mystery thriller. And the advice is really sound. It doesn't mention it here, but there is a great flowchart in the back of the book that I've copied for everyone in my office. It details what to do if someone calls you for information that you are not sure they need or should be getting. All in all, The Art of Deception is a must read for many of us.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

Share your thoughts with other customers: Create your own review

› See all 144 customer reviews...

Most Recent Customer Reviews

5.0 out of 5 stars Riveting tales of today's security weaknesses...
This book is a must read if you are even remotely interested in security and the security weaknesses of our ever day world. Read more

Published 3 months ago by Jaylinde

5.0 out of 5 stars If you are concerned about security - READ THIS BOOK!
As an IT/Software Developer for over 15 years, this book is one of the best and sobering books about security I have ever read. Read more

Published 3 months ago by Michael D. Valverde

5.0 out of 5 stars The Art of Deception
The good ways never stop working. Kevin brings to life the best techniques for influencing your way to success in this deception-ridden world.

Published 5 months ago by nomdeplume

4.0 out of 5 stars Interesting
Interesting book by a famous hacker about how social engineers fool security systems not by hacking but mostly by fooling people. Read more

Published 5 months ago by Antonio Canas

2.0 out of 5 stars fun read but outdated
The stories told by Mitnick in this book are very entertaining to read, but I do think that businesses today (certainly enterprises) have done a lot of work in countering... Read more

Published 6 months ago by gamblor

3.0 out of 5 stars Starts ok, becomes repetitive & boring.
I'm a big fan of social engineering. I find it supremely interesting. This book starts out alright, with a couple of interesting examples, but as you get deeper into the book, it... Read more

Published 6 months ago by R. Tabula

5.0 out of 5 stars Berglund Center for Internet Studies Review by Jeffrey Barlow
The book has real value. Mitnick demonstrates how very important it is that corporations and institutions train their employees in properly controlling all information pertinent... Read more

Published 8 months ago by Berglund Center for Internet S...

4.0 out of 5 stars pretty good
I've been doing computer security for years and I'm wasn't positive what I expected to get out of the book - I guess I was expecting to learn something that I didn't already know... Read more

Published 10 months ago by jcm800

5.0 out of 5 stars Great Book...a must read
I am a Private Investigator by profession for over 25 years...and this book still had some eye openers and tips and tricks I have picked up on and used. Read more

Published 13 months ago by Rich U

5.0 out of 5 stars Outstanding for INFOSEC Professionals
I found this book both entertaining and informative. If you are an information security professional, it is a must read!

Published 13 months ago by Brant Huff

› See all 144 customer reviews...

Inside This Book (learn more)

First Sentence:
a company may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business. Read the first page

Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
speakeasy security, intracompany mail, heart stent, computer intruders, voice mail passwords, social engineering tactics, good social engineer, social engineering attacks, social engineering skills, social engineering methods, sig card, information thieves, invalid login attempts, security awareness program, corporate computer systems, information security program, legitimate employees, phone phreaks, innocuous information, information security policies, social engineers, employee badge, privileged accounts, company computer systems, voice mailbox

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Trojan Horse, New York, Tom Stilton, Unverified Person, Los Angeles, May Linn, Social Security Administration, Thousand Oaks, Secure Communications Group, Ten North, United States, Honorable Auto Parts, Industrial Federal Bank, Michael Parker, National Bank, Public Defender's Office, San Diego, Accounts Receivable, Bob Billings, Development Center, General Telephone, Obtain Authority, Office of the Inspector General, Peter Milton, Ron Vittaro

New!
Books on Related Topics | Concordance | Text Stats

Citations (learn more)

This book cites 5 books:

Information Security Policies Made Easy (Version #7) by Cresson Wood Wood in Back Matter
Spectacular Computer Crimes: What They Are and How They Cost American Business Half a Billion Dollars a Year by Buck Bloombecker in Back Matter
The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman in Back Matter
The Diamond Invention by Edward Jay Epstein in Back Matter
Influence: Science and Practice (4th Edition) by Robert B. Cialdini in Back Matter

18 books cite this book:

Behind the Private Eye: Suveillance Tales & Techniques by Chris Cooper on page 103, and page 120
Information Security Practice and Experience: First International Conference, ISPEC 2005, Singapore, April 11-14, 2005, Proceedings (Lecture Notes in Computer Science / Security and Cryptology) by Robert H. Deng on page 132, and page 143
Firewalls and Internet Security: Repelling the Wily Hacker (2nd Edition) by William R. Cheswick in Back Matter
Sicheres Netzwerkmanagement: Konzepte, Protokolle, Tools (X.systems.press) (German Edition) by Thomas Schwenkler in Back Matter
Biometric User Authentication for IT Security: From Fundamentals to Handwriting (Advances in Information Security) by Claus Vielhauer in Back Matter

See all 18 books citing this book

Books on Related Topics (learn more)

Official by Susan Hansche

Discusses:

The Art of Intrusion by William L. Simon

Discusses:

Network Security by Roberta Bragg

Discusses:

Spies Among Us by Ira Winkler

Discusses:

What Other Items Do Customers Buy After Viewing This Item?

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick Hardcover
4.8 out of 5 stars (323)

$15.15

Social Engineering: The Art of Human Hacking by Christopher Hadnagy Paperback
4.7 out of 5 stars (50)

$20.55

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) by Patrick Engebretson Paperback
4.8 out of 5 stars (13)

$18.03

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen Hardcover
4.6 out of 5 stars (62)

$16.50

› Explore similar items

Tags Customers Associate with This Product

(What's this?)

Click on a tag to find related items, discussions, and people.

security(7)

information security(6)

espionage(4)

hacker book(4)

social engineering(4)

book(3)

computer security(3)

sysadmin(3)

work(3)

computer(2)

Agree with these tags?

See all 23 tags...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }

Customer Discussions

This product's forum

Discussion	Replies	Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight

Start a new discussion

Topic:

First post:

Receive e-mail when new posts are made

Prompts for sign-in

Guidelines

Active discussions in related forums

Discussion	Replies	Latest Post
Textbook Buyback forum Ebooks	8	44 minutes ago
Textbook Buyback forum I have only one ISBN number	0	47 minutes ago
Textbook Buyback forum Different Cover, same ISBN	0	49 minutes ago
Textbook Buyback forum Missed shipping date	0	2 hours ago
Textbook Buyback forum Directed here to Textbook Buyback Forum by Amazon	0	10 hours ago
Textbook Buyback forum Name on book	4	12 hours ago
Textbook forum Never Again	28	1 day ago
Textbook forum I just received a "very good" textbook without its disc - what are your thoughts?	168	2 days ago