The Art of Deception by Kevin Mitnick, E-book, English
[ Pobierz całość w formacie PDF ]
Scanned by kineticstomp
THE ART OF DECEPTION
Controlling the Human Element of Security
KEVIN D. MITNICK
& William L. Simon
Foreword by Steve Wozniak
For Reba Vartanian, Shelly Jaffe, Chickie Leventhal, and Mitchell
Mitnick, and for the late Alan Mitnick, Adam Mitnick,
and Jack Biello
For Arynne, Victoria, and David, Sheldon,Vincent, and Elena.
Social Engineering
Social Engineering uses influence and persuasion to deceive people
by convincing them that the social engineer is someone he is not,
or by manipulation. As a result, the social engineer is able to take
advantage of people to obtain information with or without the use of
technology.
Contents
Foreword
Preface
Introduction
Part 1 Behind the Scenes
Chapter 1 Security's Weakest Link
Part 2 The Art of the Attacker
Chapter 2 When Innocuous Information Isn't
Chapter 3 The Direct Attack: Just Asking for it
Chapter 4 Building Trust
Chapter 5 "Let Me Help You"
Chapter 6 "Can You Help Me?"
Chapter 7 Phony Sites and Dangerous Attachments
Chapter 8 Using Sympathy, Guilt and Intimidation
Chapter 9 The Reverse Sting
Part 3 Intruder Alert
Chapter 10 Entering the Premises
Chapter 11 Combining Technology and Social Engineering
Chapter 12 Attacks on the Entry-Level Employee
Chapter 13 Clever Cons
Chapter 14 Industrial Espionage
Part 4 Raising the Bar
Chapter 15 Information Security Awareness and Training
Chapter 16 Recommended Corporate Information Security Policies
Security at a Glance
Sources
Acknowledgments
Foreword
We humans are born with an inner drive to explore the nature
of our surroundings. As young men, both Kevin Mitnick and
I were intensely curious about the world and eager to prove
ourselves. We were rewarded often in our attempts to learn new things,
solve puzzles, and win at games. But at the same time, the world around
us taught us rules of behavior that constrained our inner urge toward free
exploration. For our boldest scientists and technological entrepreneurs, as
well as for people like Kevin Mitnick, following this inner urge offers the
greatest thrills, letting us accomplish things that others believe cannot be
done.
Kevin Mitnick is one of the finest people I know. Ask him, and he will
say forthrightly that what he used to do - social engineering - involes
conning people. But Kevin is no longer a social engineer. And even when
he was, his motive never was to enrich himself or damage others. That's
not to say that there aren't dangerous and destructive criminals out there
who use social engineering to cause real harm. In fact, that's exactly why
Kevin wrote this book - to warn you about them.
The Art of Deception shows how vulnerable we all are - government,
business, and each of us personally - to the intrusions of the social
engineer. In this security-conscious era, we spend huge sums on
technology
to protect our computer networks and data. This book points out how easy
it is to trick insiders and circumvent all this technological protection.
Whether you work in business or government, this book provides a
powerful road map to help you understand how social engineers work and
what you can do to foil them. Using fictionalized stories that are both
entertaining and eye-opening, Kevin and co-author Bill Simon bring to
life
the techniques of the social engineering underworld. After each story,
they offer practical guidelines to help you guard against the breaches and
threats they're described.
Technological security leaves major gaps that people like Kevin can help
us close. Read this book and you may finally realize that we all need to
turn to the Mitnick's among us for guidance.
-Steve Wozniak
PREFACE
Some hackers destroy people's files or entire hard drives; they're called
crackers or vandals. Some novice hackers don't bother learning the
technology, but simply download hacker tools to break into computer
systems; they're called script kiddies. More experienced hackers with
programming skills develop hacker programs and post them to the Web
and to bulletin board systems. And then there are individuals who have no
interest in the technology, but use the computer merely as a tool to aid
them in stealing money, goods, or services.
Despite the media-created myth of Kevin Mitnick, I am not a malicious
hacker.
But I'm getting ahead of myself.
STARTING OUT
My path was probably set early in life. I was a happy-go-lucky kid, but
bored. After my father split when I was three, my mother worked as a
waitress to support us. To see me then - an only child being raised by a
mother who put in long, harried days on a sometimes-erratic schedule -
would have been to see a youngster on his own almost all his waking
hours. I was my own babysitter.
Growing up in a San Fernando Valley community gave me the whole of
Los Angeles to explore, and by the age of twelve I had discovered a way
to travel free throughout the whole greater L.A. area. I realized one day
while riding the bus that the security of the bus transfer I had purchased
relied on the unusual pattern of the paper-punch, that the drivers used to
mark day; time, and route on the transfer slips. A friendly driver,
answering my carefully planted question, told me where to buy that
special type of punch.
The transfers are meant to let you change buses and continue a journey to
your destination, but I worked out how to use them to travel anywhere I
wanted to go for free. Obtaining blank transfers was a walk in the park.
[ Pobierz całość w formacie PDF ]