| | Location: Home » Network Security » The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers | |
|
|
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers |  | Authors: Kevin D. Mitnick, William L. Simon
Publisher: Wiley
Category: Book
List Price: $16.95
Buy New: $5.91
as of 7/31/2010 06:53 CDT details
You Save: $11.04 (65%)
New (45) Used (36) Collectible (1) from $5.91
Seller: purpleturtleproducts
Rating:  47 reviews
Media: Paperback
Pages: 288
Number Of Items: 1
Shipping Weight (lbs): 0.8
Dimensions (in): 8.9 x 6 x 1
ISBN: 0471782661
Dewey Decimal Number: 005
EAN: 9780471782667
Availability: Usually ships in 1-2 business days
| |
| Features:
| • | ISBN13: 9780471782667 | | • | Condition: New | | • | Notes: BUY WITH CONFIDENCE, Over one million books sold! 98% Positive feedback. Compare our books, prices and service to the competition. 100% Satisfaction Guaranteed |
|
| Also Available In:
|
| Similar Items:
| |
| Editorial Reviews:
Product Description
Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of Deception
Kevin Mitnick, the world's most celebrated hacker, now devotes his life to helping businesses and governments combat data thieves, cybervandals, and other malicious computer intruders. In his bestselling The Art of Deception, Mitnick presented fictionalized case studies that illustrated how savvy computer crackers use "social engineering" to compromise even the most technically secure computer systems. Now, in his new book, Mitnick goes one step further, offering hair-raising stories of real-life computer break-ins-and showing how the victims could have prevented them. Mitnick's reputation within the hacker community gave him unique credibility with the perpetrators of these crimes, who freely shared their stories with him-and whose exploits Mitnick now reveals in detail for the first time, including: - A group of friends who won nearly a million dollars in Las Vegas by reverse-engineering slot machines
- Two teenagers who were persuaded by terrorists to hack into the Lockheed Martin computer systems
- Two convicts who joined forces to become hackers inside a Texas prison
- A "Robin Hood" hacker who penetrated the computer systems of many prominent companies-andthen told them how he gained access
With riveting "you are there" descriptions of real computer break-ins, indispensable tips on countermeasures security professionals need to implement now, and Mitnick's own acerbic commentary on the crimes he describes, this book is sure to reach a wide audience-and attract the attention of both law enforcement agencies and the media.
|
| Customer Reviews:
Showing reviews 1-5 of 47
 Must read for anyone with an interest in computer security August 7, 2006
G. Robinson (CO)
3 out of 3 found this review helpful
While these stories describe different exploits they all provide different lessons and are from that POV well worthwhile. Several of the stories are quite funny (the hacked Coke machine for instance--the password jumped out at me as soon as they said no one could ever guess it) but still worth while. There is too much tendency to depend on hardware solutions when folks don't realise that those are computers too and they can be hacked just as easily or even more so than a PC. Some of the stories are probably exaggerated as Mitnick admits he was unable to verify all of them particularly the shorts at the end of the book. Some of chapter 10 is probably exaggerated but I used to do pen tests and its certainly overall credible. A very valuable book overall. I can sympathise when some of the "white hat" security experts turn vigilante and deface websites etc. out of frustration. The reason that I left the field was because often my big decision after an audit was "do I just dust off the report I did 2 years ago or do I write a new one" because more often than not nothing had changed and none of the holes had been plugged. Most of the times I wrote a new report were because new vulnerabilities had been added.
A horror novel for network administrators! Awesome! March 12, 2006
D. Miller (Slidell LA)
2 out of 2 found this review helpful
As a network administrator for a state and federal agency, I am always concerned about the security of my network. Mitnik, while not Hemmingway, has an simple, interesting and fluid writing style that lends itself to even the most technically challenged. I have thoroughly enjoyed this book and recommended it to all my colleagues. It left me wanting more, and wanting to watch my network more.
Making Your PC Foolproof June 13, 2005
sfarmer76 (Savannah, Georgia USA)
8 out of 11 found this review helpful
If you try to make your systems foolproof, there is
always one more fool who is more inventive than you.
- The Art of Intrusion, p. 143
Formidable book from Kevin Mitnick here, so I give it an unreserved two thumbs up. Grab a copy of The Art of Intrusion from your local bookstore shelves, and make a mad dash for the registers, or -- more casually -- find a comfortable stuffed chair and plop down in it, devour your Mandarin Orange Muffin and sip on your piping-hot Starbucks while you copy down some interesting URLs from the pages of this tome. Because you'll enjoy this work if you're into computers, have dabbled at hacking, or are currently making a living by defending a network of any type. And you may even find one particular chapter -- Social Engineers - How They Work and How to Stop Them -- to be extremely beneficial in preventing regular or identity theft. At the very least, you'll be able to pick up on warning signs when someone is trying to manipulate either you, your data, and your PC or Mac.
Real examples of hacking are usually hard to document, for obvious reason. Firstly, nobody wants to be 'caught out' or get in trouble for things they did in the past. Secondly, they could be punitively prosecuted for something that was not all that malicious -- especially if they reveal their name, location, tradecraft or exploits to any ordinary journalist. Because author Kevin Mitnick served a lengthy sentence in a Federal Prison for his hacking, he's actually become a person that members of the underground hack community can look up to, and trust. That may be an example of inverse logic, but nevertheless it is true. And it is only through this layer of explicit confidence that certain of these accounts would've ever likely seen print.
Even if these accounts are mildly doctored to protect someone's identity, they do possess the ring of truth. For example, four buddies descend on Sin City in Chapter One, and figure out how to swindle more than a million bucks from the video poker machines -- this after a visit to the reading room of the Patent Office in Washington D.C., the legitimate purchase of a 10 year-old Japanese slot machine, and a little reverse engineering.
Even more interesting is Chapter Two -- When Terrorists Come Calling -- which sketches the terrifying report of a Pakistani terrorist, by the name of Khalid Ibrahim, that was interested in recruiting young American hackers in 1998 to break into .gov and .mil websites. Khalid offered an American hacker ne0h $1k if he would hack into a Chinese university and give him names of students in the database. An obvious test of ne0h's skills. Using inference, and rudimentary social engineering skills, ne0h proved to Khalid Ibrahim that he was up to the task. This lead to a hack at the Bhabha Atomic Research Center in India. Then another intrusion at Lockheed Martin to obtain certain Boeing airplane schematics. The hacker penetrated three layers into Lockheed before he ran into the DMZ. Khalid subsequently requested he bypass Lockheed and go directly into Boeing, and while ne0h found a way in, Ibrahim never sent him the negotiated $4k. Since the intentions Ibrahim was shopping around on the Internet became progressively more menacing, you must read this. Ibriham's chief goal was to crack SIPRNET (Secret Internet Protocol Router Network,) which underpins the core of the U.S. Military's Command and Control capabilities. To be safe, you should have your own high school teens read this report, so they can safely prevent a similar situation from occuring. I did find an inconsistency in this story, and I'll keep quiet about it and see if you can spot it. Kevin wraps this chapter with three sections: one labeled Insight that summarizes the chain of events, one labeled Countermeasures that tells how the string could've been broken, and one labeled The Bottom Line. Sounds familiar?
Kevin looks at the Texas prisons in Chapter Three. If this story is to be trusted, Texas has lax prison standards. We learn how convicted murderer William Butler was successfull (after gaining Trustee status) in hacking from a trailer just outside the prison walls -- and nobody on the staff at the Wynne Unit in Huntsville, Texas was any the wiser. After leaving the dispatch office, he was put in charge of hardware, where they gave him a small room in the trailer. While he maintained this office, he taught himself to build and repair computers, and he also had access to "component parts with nothing inventoried." Since his work was unchecked, he installed unauthorized parts. Mitnick reassures us however, what happened in Huntsville could never happen in a Federal Prison. After all -- he knows from firsthand experience. The authors detail William's new friendship with a Commissary worker named Danny, and describe Danny's willing to trade kitchen food for personal favors. This arrangement netted Danny a PC of his own, that was stashed in alongside William's in a small unventilated room attached to the Commissary. Danny then traded some food for an air-conditioner that was put into the small unventilated room. Then a third PC ended up in the room. This way, a third prisoner could stop in when his pass allowed and "start a law office." Amazingly, the two then rigged up Internet access on an unmonitored outside line -- by trading food for a 1,000-foot spool of Cat 5 cable. Ultimately they kept their Internet connection going 24/7. I'll end here, but you'll be surprised by the resourcefulness of convicts. Luckily their intentions were completely benign.
Entry into computing typically comes at a young age, so when Mitnick and Simon interview two youthful hackers in Chapter 4 -- Cops and Robbers -- readers shouldn't be surprised. While their inquisitive nature was routine at the outset, Costa Katsaniotis and Charles Matthew Anderson soon got in way over their heads. First, Costa discovered free long-distance calling from older kids that understood 800-WATS extenders. Then Costa met Matt on a Washington State BBS, and they corresponded a long time. Once Matt left high school and moved to the University of Washington, he learned mainframe computing on his university account and taught himself Unix. Soon after that the duo became a team, and they started exploiting things. Their first expedition began with "dumpster diving" outside relay towers owned by the cellular companies. Then the two started phone phreaking, making free wireless calls anywhere in the world. They graduated to war dialing, where they uncovered federal agency computers. Really they were just surveying what was out there. The duo probed the U.S. District Courthouse computer and used it as a springboard for other attacks. They compromised a credit union. Then the DMV. Then an auto dealership. Then a hotel reservation system. This was all just random hijinx -- until Matt sent a Trojan through the court computer into a Fortune 500 company, whose office had access to a variety of corporate mainframes. Because all the networks on the District Court computer shared the same OS, Matt was able to crack the password of a Federal Judge. The pair then gained access with the Judge's account to a computer network behind a firewall at Boeing, where Matt's father happened to work. Unfortunately for Matt, a computer security seminar was in progress at Boeing the very same afternoon he was probing their network -- corporate people, police, FBI agents and Secret Service were all looking over their shoulder, in real time, so to speak. The resulting media blowup, after the duo were caught red-handed, was s-p-e-c-t-a-c-u-l-a-r!
Very few people have probably met a "real live hacker" with a reputation that proceeds him, but I'm pleased that I personally met Adrian Lamo while I worked at the Gateway Country stores. Mitnick's profile -- Chapter 5, The Robin Hood Hacker -- is somewhat reverential, in that Lamo is not your conventional hacker and Mitnick clearly appreciates his pioneering abilities. Adrian Lamo is described as a Google hacker, capable of discovering major flaws through keyword searches, someone that can magically 'appear' inside the remote edges of a network. Basically, he hacks with a web browser and doesn't know any programming languages. His computer brand of choice is Toshiba, and I'm sorry to say that I knocked them when I met you Adrian. When you're on the payroll of another company, it's sort of expected that you downplay the competition to a certain degree. Brand preferences aside, Adrian was thoroughly cordial, although he appeared to have spent all day on a bus.
In Mitnick's account of Lamo's savvy hack of The New York Times, we see a writer working the story with a ruthless logic, leaving no stone unturned. The beautiful thing about the way Adrian works is -- all the stuff he finds is already laying around on the Internet, out in the open. I don't find what Lamo does with the Internet to be all that bad. Lamo's conduct was that of a White Hat hacker. He made a habit of reporting holes that he found (in server and web applications) to the companies responsible for allowing them to happen. He allowed them time to tighten their security, close the loopholes, and protect themselves before he would publish any description of his exploits. Indeed, other companies have thanked him profusely in the past for doing so. Therefore it's really unfortunate that The New York Times decided to prosecute him, because Adrian couldn't have possibly caused as much financial damage to them as the newspaper claimed. When you get down to it, the Internet built on Unix really is so much Swiss Cheese. Lamo was just trying to help them out.
Next, consider the Penetration Testers. Because you know, people really are paid to do the exact same things that hackers do. And it's much more lucrative from a career standpoint, to get someone to pay you to do it too. So Mitnick gives us the heartfelt bio of Pieter Zatko, an ex-hacker, widely known as "Mudge," in Chapter Six -- The Wisdom and Folly of Penetration Testing. Zatko was behind a Boston group called l0pht Heavy Industries that released a software tool called l0phtCrack in the early 90s. The tool quickly cracked password hashes and drew the computer security outfit major media attention. So much so that a New England IT consulting firm suddenly wanted to buy them out -- sight unseen. Mudge turned the tables on the other IT outfit by getting them to agree to pay $15,000 to l0pht in return for l0pht's penetration test of the prospective buyer. Classic hilarity ensues after that. Mitnick and Simon also document an intrusion on a Biotech company in this particular chapter, but I preferred the more humorous first tale.
My first take on Chapter 7 -- Of Course Your Bank Is Secure - Right? -- was of limited interest, but it includes a captivating explanation of both an Estonian and a Canadian hacker (involving internet banking exploits with an AS/400) that would raise the hackles of any person in high finance that happened to read it. Basically, the hacker could've wired money anywhere in the world if he'd wanted to, since he effectively owned the keys to the banking castle. Mitnick further points out the dangers of two different tools in this chapter, and you should be aware of them. One is called Spy Lantern Keylogger and the other is an application called Citrix Metaframe. If you have these items on your hard drive, you may want to delete them for good. Based on details the authors reveal, I think they are wise to recommend auditing any logins that use Windows Terminal Services or Citrix Metaframe. From what Mitnick describes, I swear to God that that Canadian hacker Gabriel may well have been on my laptop before... a couple years ago I caught an intruder moving things around on my computer screen after midnight and told them "I know you're looking at me!" before I hastily logged off, slammed the lid shut and unplugged everything. I found stashed files on my laptop hard drive after that and immediately deleted them, leaving an all-caps warning exactly as Kevin had described. I believe I'd downloaded Citrix Metaframe on a whim a few days before, hoping that it was something that I could use to access my laptop from work if I ever had any downtime. I stayed off the Internet for four days after that, trying to figure it all out!
I found Chapter 8 -- Your Intellectual Property Isn't Safe -- to be quite entertaining, since it covers a hack that took two years to complete. Apparently the hacker and his victim, a Japanese software CEO, played a cat and mouse game with each other for a number of months. The hack was made all that more difficult since the American hacker didn't understand the Japanese language. In the end, the hacker successfully snags the source code for the program that he wanted -- and through a courier has it posted on a Warez site. This is not something that I condone or agree with, but at the same time it's almost funny the way the story is told.
The Art of Intrusion is really at its best when drawing upon examples of where someone got caught, or someone got away. And there really is very little middle ground between the two extremes.
Not quite eight of ten chapters into this review, I feel I've gone on too long and have run out of steam. I'm afraid of boring you to death so I'm just going to wrap up here...
I really think you'll find this book is written in an engrossing manner.
Chances are, people will think of The Art of Intrusion as a primer for adolescents or other devious people that might want to cause havoc, but that couldn't be further from the truth. If anything, what you'll take away from reading this book is the wide range of things that can be accomplished with a computer -- and the text does sort of coach you on how to 'outthink' a hacker, or at least understand the mindset of the individuals that drive that subculture. I don't personally endorse Black Hat hacking, just because I reviewed this book. But I understand on a basic human level why people feel the need to explore the possibilities of a System. Many of the skills one learns from hacking -- like adaptation, improvisation, and tenacity -- are great qualities for someone to draw upon when they enter the business arena. And there is such a thing as "ethical hacking" you know.
Kevin has developed into an interesting technology writer -- and it's good that Wiley has paired him with Bill Simon, who's written at least a dozen other books -- but whenever Mitnick decides to strike out on his own, I think that's when we'll see the real author in him zoom. In fairness to Simon, I'm not sure what parts he wrote. Perhaps they'll better attribute whom wrote what in future collaborations. Apparently both authors collaborate well together however, since the writing style is fluid and seamless. It's nice to see that Kevin has put his misfit hacking reputation in the past, and moved on with his life. Everybody deserves a second chance like Kevin got. If you like this book, you might also want to peruse The Art of Deception, Mitnick & Simon's first book.
___________________________________________________________
The Book:
The Art of Intrusion, $27.50 US
Wiley Publishing Inc.
March 2005
ISBN:
0764569597
Pages:
259 Pages
270 Pages with Index
Rating:
5 Stars
Chapter Titles:
01. Hacking the Casinos for a Million Bucks
02. When Terrorists Come Calling
03. The Texas Prison Hack
04. Cops and Robbers
05. The Robin Hood Hacker
06. The Wisdom and Folly of Penetration Testing
07. Of Course Your Bank Is Secure - Right?
08. Your Intellectual Property Isn't Safe
09. On the Continent
10. Social Engineers - How They Work and How to Stop Them
11. Short Takes
If You Like The Art of Intrusion, You Might Enjoy:
At Large
Hacking: The Art of Exploitation
Masters of Deception
The Art of Deception
Visit the Official Website:
www.wiley.com
Keywords:
SIPs: pen testers, helpdesk application, mount daemon, open proxy, static passwords, two hackers, password hashes, social engineering attacks, domain administrator account, plaintext passwords, network jacks, young hackers, key generator, port scanning, wireless access point, telnet service, password file, hacking tools
Recommended:
Yes
Riveting, Informative, Challenging. A must for any Network Administrator May 19, 2007
Stephen Schutt
1 out of 1 found this review helpful
Kevin Mitnick is a legend among computer hackers - and his unique position as a former world class computer hacker turned security consultant lends him credibility to the hacker community. Because of this, he has the trust of the most skilled computer hackers in the world (many who have not yet been caught) - giving him access to these stories.
I am a network administrator and I have learned much from this book. It is basically a compilation of stories of different particularly elaborate hacks. Each chapter includes a story of how a particular individual beat the system. At the end, he analyzes the failures and includes suggestions on how to prevent a similar exploit in your company. I particularly liked the Casino hack, in which a group of techies crack the code to particular slot machine and use it to predict when the next winning hand would come.
A very good reading December 14, 2008
L. Ojamets (Tallinn, ESTONIA)
1 out of 1 found this review helpful
When I finished the book, I realized that I was more educated and had much more knowledge about the dark world of hacking and social engineering. I believe that every IT guy or gal should read this book since it will bring them the understanding of how a real hacker is thinking and developing a system penetration. Also I think that every CIO and CFO (since many CFO-s are actually responsible of IT dept) should also read this book - then there will be less (monetary) opposition on technical and social security enhancements.
Showing reviews 1-5 of 47
|
|
|
|
| |
|
