The Art of Deception and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $16.95
  • Save: $6.77 (40%)
FREE Shipping on orders over $35.
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
The Art of Deception: Con... has been added to your Cart
FREE Shipping on orders over $35.
Condition: Used: Good
Comment: PLEASE READ FULL DESCRIPTION -USED GOOD- This book has been read and may show wear to the cover and or pages. There may be some dog-eared pages. In some cases the internal pages may contain highlighting/margin notes/underlining or any combination of these markings. The binding will be secure in all cases. This is a good reading and studying copy and has been verified that all pages are legible and intact. If the book contained a CD it is not guaranteed to still be included. Your purchase directly supports our scholarship program as well as our partner charities. All items are packed and shipped from the Amazon warehouse. Thanks so much for your purchase!
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

The Art of Deception: Controlling the Human Element of Security Paperback – October 17, 2003


See all 12 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$10.18
$5.97 $0.97
Amazon%20Web%20Services
Run Virtually Everything in the AWS Cloud From websites and mobile apps to big data projects and enterprise applications. Get started for free.

Frequently Bought Together

The Art of Deception: Controlling the Human Element of Security + The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers + Social Engineering: The Art of Human Hacking
Price for all three: $43.87

Buy the selected items together

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 368 pages
  • Publisher: Wiley; 1 edition (October 17, 2003)
  • Language: English
  • ISBN-10: 076454280X
  • ISBN-13: 978-0764542800
  • Product Dimensions: 9 x 6 x 1 inches
  • Shipping Weight: 1 pounds (View shipping rates and policies)
  • Average Customer Review: 4.2 out of 5 stars  See all reviews (183 customer reviews)
  • Amazon Best Sellers Rank: #25,330 in Books (See Top 100 in Books)

Editorial Reviews

Amazon.com Review

The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.

After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.

Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.

Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk --This text refers to the Hardcover edition.

From Publishers Weekly

Mitnick is the most famous computer hacker in the world. Since his first arrest in 1981, at age 17, he has spent nearly half his adult life either in prison or as a fugitive. He has been the subject of three books and his alleged 1982 hack into NORAD inspired the movie War Games. Since his plea-bargain release in 2000, he says he has reformed and is devoting his talents to helping computer security. It's not clear whether this book is a means toward that end or a, wink-wink, fictionalized account of his exploits, with his name changed to protect his parole terms. Either way, it's a tour de force, a series of tales of how some old-fashioned blarney and high-tech skills can pry any information from anyone. As entertainment, it's like reading the climaxes of a dozen complex thrillers, one after the other. As a security education, it's a great series of cautionary tales; however, the advice to employees not to give anyone their passwords is bland compared to the depth and energy of Mitnick's descriptions of how he actually hacked into systems. As a manual for a would-be hacker, it's dated and nonspecific better stuff is available on the Internet but it teaches the timeless spirit of the hack. Between the lines, a portrait emerges of the old-fashioned hacker stereotype: a socially challenged, obsessive loser addicted to an intoxicating sense of power that comes only from stalking and spying.
Copyright 2002 Cahners Business Information, Inc. --This text refers to the Hardcover edition.

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

If you are serious about REAL computer security that is effective, you must read this book.
Randy Given
Not only is the information really valuable -- it's a very good, fast paced read with as much suspense as you'd get from most mystery books.
J. Rootenberg
It's truly amazing how effective Social Engineering can be against security systems of any kind.
Shawn R. Nunley

Most Helpful Customer Reviews

66 of 69 people found the following review helpful By Luke Meyers on March 24, 2006
Format: Hardcover
Mitnick has his own reputation to live up to with this book, which sets a pretty high bar for the audience who knows him as the "World's Most Notorious Hacker." Unfortunately, while he knows the material cold, his skills as an author are less stellar.

The vignettes describing various cons are, in the large, very entertaining. They're fictionalized, and sometimes the dialogue feels artificial. This book is supposed to convince us how easily people are victimized by social engineers. When the victim's dialogue plays too obviously into the con man's hands (for the purpose of illustrating the point relevant to the enclosing chapter/section), this goal is to some extent defeated. It's too easy to read unnatural dialogue and use that as an excuse to tell oneself, "I don't have to worry about that sort of attack -- I'm not that dumb!" More effort could have been expended in fictionalizing these scenarios without making them so difficult to relate to. Seeing how a con is performed is kind of like learning how a magic trick works -- it holds a similar fascination. Imagine seeing an amazing magic trick performed on television, wondering how it was possibly accomplished, and then learning that the trick was all in the video editing. That really sucks the fun out of the magic -- analogously, when the "trick" in one of these cons is just that the victim does something obviously stupid at just the right moment, the believability and enjoyment are damaged.

Despite what I've said, the cons are definitely enjoyable to read and do offer some genuine insights. Not all suffer from believability problems. However, the supporting material discussing these scenarios is pretty weak. There's a rigid format ("Analyzing the con," "Preventing the con," etc.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
62 of 68 people found the following review helpful By Ben Rothke on October 14, 2002
Format: Hardcover
Kevin Mitnick says "the term 'social engineering' is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole for them to slip through." It's suitable that Mitnick, once vilified for his cracking exploits, has written a book about the human element of social engineering - that most subtle of information security threats.
Some readers may find a book on computer security penned by a convicted computer criminal blasphemous. Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption.
The Art of Deception: Controlling the Human Element of Security states that even if an organization has the best information systems security policies and procedures; most tightly controlled firewall, encrypted traffic, DMZ's, hardened operating systems patched servers and more; all of these security controls can be obviated via social engineering.
Social engineering is a method of gaining someone's trust by lying to them and then abusing that trust for malicious purposes - primarily gaining access to systems. Every user in an organization, be it a receptionist or a systems administrator, needs to know that when someone requesting information has some knowledge about company procedures or uses the corporate vernacular, that alone should not be authorization to provide controlled information.
The Art of Deception: Controlling the Human Element of Security spends most of its time discussing many different social engineering scenarios.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
23 of 25 people found the following review helpful By Erica Phillipson (Hawaii) on October 15, 2002
Format: Hardcover Verified Purchase
Now that Kevin Mitnick is out of prison he has written "The Art of Deception". I rate this book as four stars. Has good insight regarding how Kevin was able to gain large company employee's trust by using social engineering methods. He gives great examples of how he would simply use a telephone to gain user id's and passwords, even from high tech security departments.
Most employee's don't think they are allowed to say 'no' to giving out information over the phone or email in the name of great customer service. There may be company policies but they 'still try to do the right thing' to help a co-worker regain access to the system, when in fact the person is a hacker.
Many solutions are offered to help small and large companies balance the choice of customer service over security and trust. One funny chapter was how Mr. Mitnick's used the same social engineering methods in prison to get additional phone calls, better food, and increase family visits. Classic... He didn't stop even in prison.
I recommend this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
18 of 19 people found the following review helpful By Dr Anton Chuvakin on October 30, 2002
Format: Hardcover
I waited for the book of the famous hacker Kevin Mitnick for a long
time, checking my mailbox every day after my pre-order was
completed. The book was almost worth the wait!
Its a fun book with lots of entertaining and education stories on what
is possible by means of social engineering attacks. The characters
clearly push the limits of this "human technology".
One of the articles I have read on the book called it "Kevin Mitnick's
Latest Deception" due to his downplaying of technology security
controls and emphasizing people skills and weaknesses. However, the
human weaknesses do nullify the strengths of technology defenses and
humans are much harder to "harden" than UNIX machines.
The attack side is stronger in the book than the defense side,
naturally following from the author's background. However, there are
some great defense resource on policy design, awareness and needed
vigilance. However, there is this "minor" issues with defense against
social engineering: one of the definitions called it a "hacker's
clever manipulation of the natural human tendency to trust". The word
"natural" is key; if we are to believe the definition, all defenses
against social engineering will be going against _nature_ and, as a
result, will be ineffective for most environments. Author also
advocates social engineering penetration testing, which appears to be
the best way to prepare for such attacks. Security awareness, while
needed, will get you so far.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews