The following text is copyright 2002 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

What fools these mortals be

 

By Scott Bradner

 

I know it's not Halloween but if you want to read a scary book try  "The Art of Deception" by Kevin Mitnick. (ISBN 0-471-23712-4)  I challenge you to not recognize yourself in the role of the mark in at least some of his little vignettes.  And when you inevitably do, I challenge you to feel comfortable about the security of your network and corporate secrets.

 

As far as I know I have never met Kevin Mitnick and I have never been one of his fans.  In his heyday in the early '90s he created quite a stir for his hacking exploits and helped give hacking the bad name that it has these days.  His activities, some of them at least, got him an offer he could not refuse from federal authorities to spend some time in government housing.  Since he got out of federal prison in Jan 2000 he has been spending time since as a security consultant, radio show host, and not being on the Internet. (Apparently Internet absence is a condition of his parole.)   He has now written a how-to book for people who want to break into your secure environment by attacking the weakest link in any security system, the people.  As far as I can tell, his aim is to scare the begessus out of anyone remotely concerned with security, computer security, network security, personal security etc, then, when you are paying attention, give you some helpful hints on how not to be a victim.

 

The basic theme of the book is that the best technical security in the world, (and few of us have the wherewithal or clout to have the best technical security in the world,) can be rendered irrelevant by a little "social engineering."  If that happens with the best technical systems, just think of what someone practicing what Kevin teaches would do to your security systems. 

 

Social engineers of the type described in Kevin's basically play on the fact that most people want to be helpful, at least they want to be helpful to someone they see as being a colleague of some kind.  A few innocuous phone calls to get some background information and they are ready to be your best buddy and con you out of your shorts and you will never even feel the breeze.

 

The advice on how to minimize your risks that makes up the last 80 pages of the book is a mixture of what should be obvious and the "oh gee, I should have thought of that."  That part alone is well worth the price of admission. (Which is easy to say for me since I got a free review copy of the book.)  But even after reading all of the advice I do not think I would want to be standing between Kevin and something he wanted.

 

disclaimer: Harvard does have at least 4 schools (you can guess which ones) where an ability to con is not a disadvantage but the above book report is mine alone.