The Art of Deception

During my flights to and from Denver I read The Art of Deception: Controlling the Human Element of Security (thanks Mike for letting me borrow it).

It is about corporate security, but the first 14 chapters are stories about ways in which social engineers can get information out of people. What's a social engineer? They are like a computer hacker, but instead of just hacking into a computer they use social methods, such as collecting enough information about a person so they can pretend to be that person over the phone and just ask a bank or coworker or whoever for sensitive information about the person. What makes this book particularly interesting is that the author, Kevin Mitnick, is famous for being a social engineer and since being arrested and serving his time has become a corporate security consultant. So he actually knows how social engineers work and the tricks of the trade.

The stories can be entertaining from the perspective of wow, I would have completely fallen for that and oh, that's how you steal someone's identity. While they are mostly about corporate security and information it is easy to see how the same techniques could be applied to getting your credit card or social security number. The corporate security sections at the end are kind of boring and I just read through those since I was on a plane and the movie was Finding Neverland.

Warning, reading this book can make you rather paranoid, although that's kind of the point.