Customer Reviews

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

5 star:		(3)
4 star:		(3)
3 star:		(1)
2 star:		(1)
1 star:		(0)

 

 

I enjoyed this book. I was very much looking forward to it after reading The Art of Deception. This book follows the same format, with 11 chapters detailing a number of hackers/security consultants experiences breaking into systems in various ways. Unlike the Art of Deception which concentrated purely on social engineering techniques, this book (barring one chapter on social engineering) is largely more technical, detailing hack attacks from information gathering stage through to the hack itself and reporting (if this is done!). A couple of chapters do require technical knowledge, as whilst Mitnick describes a few technical terms, this certainly isn't done comprehensively to allow a novice to fully understand what is going on. As one other reviewer said, Mitnick does intersperse all the 'stories' with experiences from his own life, and whilst this could be construed as egotistical, I found it refreshing and often very funny. Each chapter also details how firms can protect against each attack mentioned, which is very useful, and makes this more than just another hacker culture reference.

This book is an amazing insight into the exploits and techniques used

by hackers, crackers and social engineers! it really is a truly gripping read which makes you think "Oh I'll read just one more chapter" I don't think I could pick out any real negative points in the book it was consistent throughout providing not only the great stories of the hacks but also offering some wonderful information,

this really is an absolute MUST for any IT or security fanatic and is well worth the money to add such an excellent book to your shelves!

A very interesting collection of stories if you want to look over the shoulders of people who one day may fancy "0wning you". You can get a fell for what they are capable of. Especially regarding patience, single-mindedness and inventiveness in worrying the locks - physical and virtual - until they break. Or in finding that one passage that non-one thought manageable, discoverable or exploitable. Reads like good heist stories without the steamy and ultra-violent parts. And with well-meaning advice to boot.

Some notions of networking required, but neophythes don't need to fear: the authors don't leave you hanging and try to explain the basics - sometimes not too successfully, but then this *is* a hairy subject. Hard-core network admins will not be surprised by anything in here but will get a view of the 'bigger picture' that lies beyond the suspicious activity seen in the log files.

The stories related in the book have, according to the authors, been well-checked an corroborated as explained in the preface. Technically they are absolutely believable.

So what do you get for your money:

Chapter 1: Buy a video poker machine, reverse-engineer it, find out it's predictable then make big bucks in Vegas.

Chapter 2: Try to break into the gov'nmt while being egged on by real (or fake?) Pakistani terrorists.

Chapter 3: Build your own Internet connection from inside prison while running rings around the wardens. The Shawshank Redemption, a bit differently.

Chapter 4: Break into Boeing while there is a computer forensics class in progress. Bad idea!

Chapter 5: The famous Adrian Lamo in action. The New York Times' network is opened up. The Gray Lady then goes into payback mode.

Chapter 6: Your company wants a penetration test? Think twice, you may get more than you bargained for. (There should be contest for guessing at the Real Names of the companies mentioned. Hmmm?)

Chapter 7: You bank is secure, right? Actually, no!

Chapter 8: Hello, operations? I thought this machine where we had our source code was secure. Now it's on a warez site!

Chapter 9: Hacking for profit: A forgotten console cable around a firewall and 'PC Anywhere' carelessly installed on a mobile computer eventually brings about the targeted companies's undoing.

Chapter 10: Social engineering. Ok, so we have seen this in Mitnick's previous volume.

Chapter 11: Odds and sods (i.e. assorted hacks).

Contrary to what wombatboy1975 says, Mitnick keeps the ego firmly in check (compare this to his erstwhile antagonists, the 'duo terrible' Shimomura/Markoff whose book was made unreadable among others by ego inflation).

The conclusion that you can draw from the stories is that hackers are not unlike a flu virus. If there is a surface protein that one of them can lock unto, one of them might do it tomorrow. Or never. Or maybe just not on your watch.

Work on reducing your systems's cross-section. And good luck.

A number of interesting real-life stories.
Worrying thing is how naïve the 'stars' of the chapters are.
The book is written at a level that will appeal to people with a passing interest in the subject - easy to understand without too much techie knowledge.

A concern overall is whether this is really a tongue in cheek guide for the "on the fringe" hacker, and rather than looking in deep dark chat rooms can find all they need here to launch the next latest and greatest exploit. There are no moral lessons or lecturing so one can only wonder whether the it's true that the best camouflage is broad daylight since he who laughs last, laughs best.

In the same writing style as The Art of Deception: Controlling the Human Element of Security, Kevin Mitnick gives us more stories which show the workings of a hacker's mind. In the stories I noticed the evolution of real technical hacking techniques to a combination of with social engineering. The stories are both interesting and amusing. Some technical knowledge will help you to understand these stories, although the mentioned technical concepts, ideas and technologies are explained too.

Mitnick and Simon present a cogent and interesting account of people who have illegally intruded on cyberspace, mainly in the US. It is possible that some tales retailed by them are apocryphal.But most of them stand to reason. They are daring and highlight how human ingenuity keeps pace with technology. All systems administrators, CSOs, CIOs and CEOs must read this. If after reading this, they are slack and hesitate to upgrade their systems, only the Almighty can save them. I already look forward to Kevin's autobiography, which he can pen only after the Federal ban expires in 2007.

The stories in this book are really interesting and the lessons learned very useful. But the writting style leave a lot to be desired. It always seems that Mitnick is trying to push his own exploits ahead of the people in the examples, there is too much "I know what he means" or "When I did that".