Want to learn the ideas in The Art of Deception better than ever? Read the world’s #1 book summary of The Art of Deception by Kevin D. Mitnick here.
Read a brief 1-Page Summary or watch video summaries curated by our expert team. Note: this book guide is not affiliated with or endorsed by the publisher or author, and we always encourage you to purchase and read the full book.
Video Summaries of The Art of Deception
We’ve scoured the Internet for the very best videos on The Art of Deception, from high-quality videos summaries to interviews or commentary by Kevin D. Mitnick.
1-Page Summary of The Art of Deception
Getting Started in the Security Profession
In the past, Kevin Mitnick was a famous hacker who broke into systems. He now works as a security consultant after serving his time in prison. In high school, he hacked phone systems and made free long-distance calls. Then, he began hacking computer systems for fun by exploiting social engineering skills to access information about them.
Social engineers are con artists who use their skills to deceive people and steal their money. A grafter is a person who swindles and cheats people out of their money, while social engineers usually target businesses by using deception, influence, and persuasion against them. Kevin Mitnick was the world’s most notorious hacker before he reformed himself. Now that he’s informed about security threats, he wants to help governments, businesses and individuals prevent those attacks from happening in the first place.
Security’s Weakest Link: The Human Factor
Social engineering is a term used to describe how people manipulate and persuade others. The weakest link in security systems is the human element because some people are not very bright or don’t know good security practices. Your belief that you have a good security system may be an illusion because attackers can exploit the human element. In fact, even if your technology is good, it will still be vulnerable to social engineers who just need to make a few phone calls; they know there is little risk of getting caught.
Statistics show that security systems are often compromised. In 2001, 85% of the organizations responding to a Computer Security Institute survey reported security breaches in the previous twelve months and 64% of them reported financial losses due to computer breaches. The most severe losses come from sophisticated hackers who are motivated by financial gain and seek specific targets to attack.
Attackers can deceive trusted employees to reveal sensitive information or trick unsuspecting people into providing access. They can defeat security technologies such as authentication devices and intrusion detection systems. The dilemma is that when a trusted employee is deceived, influenced or manipulated into revealing sensitive data, no technology can protect you from the attack.
Social engineering is a type of attack that involves manipulating people into performing actions or divulging confidential information. This can be done by using good communication skills to establish a connection with them and make their requests seem reasonable. Most people believe they won’t fall for such an attack, so they’re more likely to do what the attacker wants than someone else would be. Because of this, you need to practice defensive computer skills in order to protect yourself against social engineers.
How Critical Information Can Seem Innocent
Social engineering is a term that refers to the methods used by con artists to get valuable information from people. The first step in social engineering is often asking for seemingly unimportant, everyday, innocent information. This can be done with seemingly innocuous questions about account names or numbers, which most people see no need to protect or restrict. However, this information can be used later on when trying to obtain more restricted data such as personal details and financial accounts.
Don’t give out personal or internal information unless you recognize the voice of the person calling. If it’s someone who doesn’t work for your company and needs to know something, tell them that you’re not at liberty to share that information without permission from a supervisor.