Home · Book Reports · 2018 · The Art of Intrusion
- Author :: Kevin D. Mitnick & William L. Simon
- Publication Year :: 2005
- Read Date :: 2018-09-13
- Source :: Kevin_Mitnick-The_Art_of_Intrusion-(2005).pdf
designates my notes. / designates important.
Thoughts
Like his first book, The @Art of Deception@, this is a collection of stories. Since it was published in 2005, and the stories are presumably taking place before then, there is a dated feel to the book (as of my reading in 2018). Still it is an interesting stroll down a sort of memory lane. I wouldn’t suggest this to anyone except those already interested in historical hacking, but to those it will probably be a fun read.
The stories include:
A group of hackers that travel to Las Vegas to win big using some custom hardware to predict the poker machines. Spoiler: they win.
A supposed terrorist cell recruiting ‘kids’ to hack on their behalf.
A pair of murderers that, while in prison, learn to use computers and end up getting decent jobs after release.
A couple of teenagers that hacked Boeing, were caught multiple times but did not stop, and finally, while in prison were able to wrangle up even more access.
The story of Adrian Lamo.
The story of hacking a biotech firm via physical entry, culminating in what the hacker called “screaming and shouting,” but was not detected. This story includes a brief foray into the field of penetration testing, but also warns that such testing does nothing to protect you; The day after ‘passing’ the test you can be clobbered by a zero-day. Or the testers might have simply missed something.
l0pht, as in l0phtcrack, penetration testing “Newton”. Lols ensue.
A chilling account of a bank back that revealed there was merely a, less than thorough, yearly security audit, the network itself was flat - having no DMZ or segmentation, and basically no security at all.
A look into the world of spammers through the eyes of a hacker tasked with creating a BDSM site mailing list. It had extremely high conversion rates.
Another story where the hacker persevered for 2 years before gaining access; he said it was nothing but a puzzle for him. One he was finally inside, he called the security M&M: hard outside, soft inside. The target was web hosting software that was immediately leaked the pirate/cracker scene and distributed around the world in hours. The hacker wonders in amazement at how a rag-tag team of independent hackers and crackers can have a faster distribution infrastructure than some of the largest software companies in the world.
In Louis and Brock’s tale, they gain access to a money/prison transport security firm by hijack a remote connection via PC Anywhere.
Lastly we return to Vegas for a round of social engineering. The auditor, expected to attack electronically, ended up walking right in to the casino’s secure sector. He gained the keys to the kingdom and was so successful that the management got upset with him, vowing he’d never work in Vegas again. He never went back.
Near the end of the book are a series of short takes and the most interesting section in my opinion: a few pages where Kevin talks about how children use social engineering 101 to manipulate their parents. The examples he gives are sure to be familiar to any parent and, when viewed through the hacker lens, are more than a little scary.
Table of Contents
- 01: Hacking the Casinos for a Million Bucks
- 02: When Terrorists Come Calling
- 03: The Texas Prison Hack
- 04: Cops and Robbers
- 05: The Robbin Hood Hacker
- 06: The Wisdom and Folly of Penetration Testing
- 07: Of Course Your Bank is Secure - Right?
- 08: Your Intellectual Property Isn't Safe
- 09: On the Continent
- 10: Social Engineers - How They Work and How to Stop Them
- 11: Short Takes
- Pages numbers from the pdf.
· 01: Hacking the Casinos for a Million Bucks
· 02: When Terrorists Come Calling
page 61:
- [Comrade] says he’s thinking about college. When we spoke, he was just back from scouting schools in Israel. The language wouldn’t be too much of a problem — he learned Hebrew in elementary school and in fact was surprised at how much he remembered.
page 62:
-
The combination of determined terrorists and fearless kid hackers could be disastrous for this country.
-
Our enemies may well be training their soldiers in the art of cyber war- fare to attack our infrastructure
-
He makes these same kind of statements in the art of deception. I am tempted to think he is an intelligence asset used to promote this kind of cyber-hacker doomsday world as well as inspire others to follow in his footsteps. Him being Jewish is merely icing on the conspiracy cake.
· 03: The Texas Prison Hack
· 04: Cops and Robbers
· 05: The Robbin Hood Hacker
· 06: The Wisdom and Folly of Penetration Testing
page 155:
- The trick with the type of access-control device designed to detect motion instead of heat is to shove a balloon under the door, holding on to the open end. You fill the balloon with helium and tie it off the end with a string, then let up float up near the sensor and manipulate it.