The art of intrusion
A review of reformed hacker Kevin Mitnick's new book
Alex Mayfield reverse-engineers Vegas video poker machines to predict big wins.
'Comrade' and 'ne0h', two teenage hackers, break into Boeing's computers for Khalid, a shadowy online presence with links to Osama Bin Laden.
William and Danny get regular access to the internet. Nothing unusual there, except that they are locked up in a US Federal prison and the guards don't know.
�Mitnick knows what he's talking about. As a teenager he served jail time for hacking�
Adrian Lamo hacks into the New York Times and adds himself to their list of expert contributors.
These are just some of the true stories in Kevin Mitnick's new book, The Art of Intrusion. Mitnick, who looks like a junior executive on the flyleaf, knows what he is talking about. As a teenager he served jail time for hacking.
The book gives a real insight into the 'because I can' motivation of many hackers. Mitnick and his co-author William Simon capture their stories nicely. Each chapter reveals critical security lessons and Mitnick provides a lot of advice about how to protect yourself against similar exploits.
Some of the most surprising lessons are:
Mitnick is sympathetic to his subjects. Occasionally he seems to justify behaviour that is illegal. His hackers are like mountaineers. They do it for the challenge, rarely for monetary gain. At worst, as when working for terrorists or defrauding casinos, they come across as naive rather than bad people. While engaging, this analysis is disingenuous.
�Defences have to win every time. A hacker only has to win once.�
That said; the book is well written and compelling. Most of it is accessible to a general reader but some sections require more technical understanding. Anyone interested in information security will get something from this book that they can't get from more serious 'how-to' manuals: the story of real people.
As for me, I will find it hard to forget the persistence and ingenuity used by the hackers in this book. As one of them says: "every time [some software engineer] says, 'nobody will go to the trouble of doing that,' there's some kid in Finland who will go to the trouble."