Book Review – The Art of Deception

by john on February 4, 2003


I wanted to enjoy The Art of Deception: Controlling the Human Element of Security, I really did. I have some connections with Kevin Mitnick and his ilk and the teaser for the book sounds good: A legendary hacker reveals how to guard against the gravest security risk of all – human nature. Human nature is the focus of the book – the manipulating of it for gain called Social Engineering. This concept would make a terrific chapter or two in a comprehensive book on security. As a book it drags on and is extremely repetitive.

The book would have been better with real stories from Mitnick’s past – instead we are presented with a series of examples from anonymous contributors. Sure, it could be that Mitnick really did all of this and he is making it look like stories from others, but I don’t think so. People enjoying reading about the real stories behind Gates, Jobs, Wozniak, etc. (not to compare Kevin Mitnick to any of them) and if Mitnick had made the story more personal I would have enjoyed it more. Instead we get teases of his past, such the time he and a friend earned $300 at a tradeshow by getting around the security of a new security product. I would want to see more of that.

By reading this book you will learn that people can be gullible and they can be stupid; they can be helpful and they can be duped – and that someone can take advantage of that.

Well duh.

{ 5 comments }

elaine February 4, 2003 at 10:36 pm

I heard he couldn’t use too much of his personal experience, as part of the terms of his sentence – something about not profiting from his crimes. which, given how enlightening it could’ve been, is unfortunate.

john February 4, 2003 at 11:00 pm

You could be right Elaine. It is mentioned more than a few times that this book is his redemption for a life of crime, and perhaps reflecting on those crimes within the same book did not make sense.

Joe Grossberg February 5, 2003 at 8:01 am

Seriously though, was Kevin Mitnick special in any way, *other than* the fact he got caught? (And the fact there was a lot of publicity?)

I mean, the hackers who didn’t get caught, by definition, are more expert in this domain.

david March 15, 2003 at 6:02 pm

I am very much aware of the Kevin Mitnick case. The only reason he was caught, as Joe points out, is that he trusted the wrong people. The FBI was able to finally nail him when his partners in crime ratted him out. The fact that he was caught had nothing to do with his skills as hacker, but his choice to work with others that betrayed him. The FBI already had built a case against him LONG before Shimomura helped the Feds find him.

ObsidiaN May 29, 2003 at 8:44 am

FAO Joe Grossberg:

How many hackers do you know who have released a book about their life, the way they’d spent it, feature examples of things they had done, friends had done and other people with similar skills had done?

I think Kevin’s done a fantastic job considering he’s guarded so closely and feared so much by officials the he wasn’t allowed a simple phonecall in prison for ages. It’s like giving a watercolour artist everything he’ll need to paint a masterpiece and then tying his arms behind his back so he can hardly move.

{ 1 trackback }

Previous post:

Next post: