Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent.
Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
©2003 Kevin D. Mitnick; (P)2009 Audible, Inc.
I was expecting more from this book but I have a background in IT Security and maybe that clouded my judgement. The target audience is not the InfoSec community but middle management.
The books contained many simplistic examples, with a few teases of information around potential social engineering resources (mainly US examples) but started to get very repetitive offering only high level solutions (e.g. have a security policy).
My advice - Once you've read the first few chapters you can put this book down and get on with your life. The book serves a purpose to highlight to the clueless how easily you can be convinced to part with information but I would imagine it would start to feel like a broken record to most readers.
If you are going to read something, the pick the other title, Ghost in the Wires. That is absolutely excellent where as this by comparison is a sanitised version. The first half of the book is quite interesting with lots of examples of social engineers in action, but you are left thinking that they are all engineered stories. I did spot a few that were listed in Ghost in the Wires, but others seem manufactured to make a point. The second half of the book is largely missable. Had it been a book, I don't think I'd have got past the 75% mark as its a list of policies designed for operations and security teams to sure up their systems. Yes there's a place for it, and perhaps when this book was written it was groundbreaking stuff, but the narration is so monotone its hard going. I bought this one based solely on how good Ghost in the Wires is. My advice, read that one, it has all this and more.
Let's Make it Happen!
I would highly recommend this book is a real eye opener. How easy for prof to deceive one!
Father to James, Katie and Lucy
Didn't finish it but it has the same story as 'Ghost in the Wires' but given in a less detailed business like factual way. only for IT Managers.
"Poor Narrator - ZZZZZzzzzzzz!"
This is the first book I have ever stopped listening to before finishing. The narrator was just soooo boring - it was like he was reading a text book.
I did read his other book Ghost in the Wires and it was fantastic - in fact that's the reason I decided to buy this book.
He was very, very monotone and boring. No excitement or inflection in his voice at points where there clearly should have been.
Yes - listen to a different book - any other book.
It's too bad they didn't use the same narrator from Ghost in the Wires - that narrator really had Mitnick down pat.
This book is a fun read (listen) with story after story mostly about how people get tricked into giving up passwords or dial up modem numbers. Some of the tricks would still work, but most would not in modern enterprises. This book does not come close to fully describing a modern threat landscape. I work in InfoSec, and found this to be an excellent history lesson, with a few instances and situations where the human element of security threats still exist, such as the types of scams run to gain physical access.
"Entertaining and right up my alley"
I'm not sure what the previous reviewers were looking for in this book, as an IS & Audit specialist I found this book thought provoking and entertaining. It really opened my eyes to the power of social engineering and made me see that I was not only prone to being a victim, but a perpertrator of such activity.
Recommended reading for anyone in an IS role or looking to gain insight into how the other half use their social skills to get around hardened security measures, highly engineered processes and even armed guards.
"Only one type of deception..."
You can read the entire book here: Two decades ago you could call people at work, claim to be someone else, ask for their help, and with a little piece of information trick someone else to get their secrets. Everything is about the phone and "hacking" phone lines, with no technical explanations. Oh, and there is some good advice on not downloading unusual email attachments. Once you hear the first two hours, you've heard it all. I returned it after 6 hours.
"Textbook version of Ghost In The Wires"
No, it's more text book than a story and I was hoping for a bit more charm. I had previously listened to 'Ghost In The Wires' by Kevin Mitnick and enjoyed it quite a bit. I had hoped that this book would be just as enjoyable but that wasn't the case. It's not without its merits thought and some people may find the straightforward nature more helpful.
Fine, more straightforward, if you're in security it's definitely worth reading otherwise I'd read Ghost In The Wires since they're basically the same book.
I found the narrator a bit condescending.
"Read this OR "Ghost in the Wires""
If you are interested in Kevin Mitnick's story and want the entertaining version, read "Ghost in the Wires". This book is good, but more specific to the needs of a company trying to prevent the types of attacks Kevin did back in the day. I read this second and don't have a role in the company's security, so this book was a let down. Not because it isn't a good book, just not what I needed. Great book as a manual for security!
"More than a bit dated."
This material is dated and the narrator doesn't pronounce many of the terms correctly. DEC is simply stated as deck. You don't spell out the characters. There were other words that were not pronounced correctly.
On Stranger Tides
Save your credit or money for Kevin Mittnick's other book, Ghost in the Wires. A much better book and highly recommended.
"solid, if a bit dated"
Mitnik did a solid job of laying out how scoundrels can work their way into your IT systems for malevolent purposes. Amazingly, most of the techniques involve cracking the "people" rather than cracking the "code."
Material is aged and needs updating. Overall concept is good, gets the point across, but the age of the stories takes away from the overall value.
"Be Aware and Prepare your Most Valuable Asset..."
I do recommend this book to Leaders and Senior responsible staff in any, no, all Organizations. Social Engineering in its malicious form is s prevalent threat to the security of organizations. Your most valuable asset, People, are the target, but also your greatest Alliance member! Invest - in People!
The author provides numerous examples in story form. He explains the threat, defines lingo, and provides valuable Policy examples to form the basis of a company's security posture and training.
Psychology buffs like me might remain a bit disappointed, but the author rightly refers to other seminal works such as Cialdini's Influence. My reading list has some examples for those interested.
Oh, one hint: This may be one book you also want a hardcopy on your shelf for policy reference ease.
Thank you, Mr Mitnick.
Report Inappropriate Content
If you find this review inappropriate and think it should be removed from our site, let us know. This report will be reviewed by Audible and we will take appropriate action.