Got a boss who isn’t taking IT security seriously? This book might shake him or her up. It’s a collection of exploits of intruders based on interviews of the perps by convicted U.S. hacker Kevin Mitnick and co-author William Simon.
This time, to better hammer home their point in an entertaining
way, they tell tales of phone phreaks and ex-hackers, some of whom, like Mitnick, have become security consultants (I can hear you shuddering now), then draw lessons for the reader. So you’ll meet Alex and his buddies who beat the video poker machines in Vegas; neOh, who hacked into Lougheed Martin’s systems; Adrian, who added his name to the New York Times database of quotable experts for reporters, and so on.
Adrian’s an interesting case: Not fluent in programming, say the authors, he relied on analyzing how people set up their systems to discover vulnerabilities. (Adrian turned to journalism after serving time last year. Prison does focus the mind, apparently.)
Some of these hucksters are identified by name, others are not. You’ll have to trust Mitnick, who says he challenged their claims. In many cases, however, there are some technical details to explain the route taken.
Should you trust a con?
Mitnick’s name, of course, lends authority to the book — a hacker ought to know when he’s being conned. On the other hand, he does have a new business he wants to burnish.
One of the lessons he wants drive home is that social engineering — respecting a stranger in your NOC wearing a suit, giving out seemingly innocent corporate information — is just as damaging as not regularly changing passwords.
After reading this book I asked a friend when passwords were last changed at his firm.
“”A couple of years ago,”” he replied. I shuddered.