Feineigle.com - The Art of Intrusion

Home · Book Reports · 2018 · The Art of Intrusion

Published: September 13, 2018
Tags:  Hacking · History



The book in...
One sentence:
A dated but fun look at the history of hacking from the 90s up through the early 2000s.

Five sentences:
Like Mitnick's first book, this is presented as a series of unconnected stories. Also like the other book, this one is somewhat dated after 13 years, although it is more than worthwhile to those interested in the history of hacking. It is a light, fast read and not at all technical, so don't expect to learn anything. Some of the social engineering attacks seem almost silly as of 2018 and I hope they would no longer work, but honestly some of the probably would work, given the right mark. Of the stories, there are two that take place in Las Vegas that for some reason struck my fancy; how I do love reading about the casinos losing.

designates my notes. / designates important.


Thoughts

Like his first book, The @Art of Deception@, this is a collection of stories. Since it was published in 2005, and the stories are presumably taking place before then, there is a dated feel to the book (as of my reading in 2018). Still it is an interesting stroll down a sort of memory lane. I wouldn’t suggest this to anyone except those already interested in historical hacking, but to those it will probably be a fun read.

The stories include:

A group of hackers that travel to Las Vegas to win big using some custom hardware to predict the poker machines. Spoiler: they win.

A supposed terrorist cell recruiting ‘kids’ to hack on their behalf.

A pair of murderers that, while in prison, learn to use computers and end up getting decent jobs after release.

A couple of teenagers that hacked Boeing, were caught multiple times but did not stop, and finally, while in prison were able to wrangle up even more access.

The story of Adrian Lamo.

The story of hacking a biotech firm via physical entry, culminating in what the hacker called “screaming and shouting,” but was not detected. This story includes a brief foray into the field of penetration testing, but also warns that such testing does nothing to protect you; The day after ‘passing’ the test you can be clobbered by a zero-day. Or the testers might have simply missed something.

l0pht, as in l0phtcrack, penetration testing “Newton”. Lols ensue.

A chilling account of a bank back that revealed there was merely a, less than thorough, yearly security audit, the network itself was flat - having no DMZ or segmentation, and basically no security at all.

A look into the world of spammers through the eyes of a hacker tasked with creating a BDSM site mailing list. It had extremely high conversion rates.

Another story where the hacker persevered for 2 years before gaining access; he said it was nothing but a puzzle for him. One he was finally inside, he called the security M&M: hard outside, soft inside. The target was web hosting software that was immediately leaked the pirate/cracker scene and distributed around the world in hours. The hacker wonders in amazement at how a rag-tag team of independent hackers and crackers can have a faster distribution infrastructure than some of the largest software companies in the world.

In Louis and Brock’s tale, they gain access to a money/prison transport security firm by hijack a remote connection via PC Anywhere.

Lastly we return to Vegas for a round of social engineering. The auditor, expected to attack electronically, ended up walking right in to the casino’s secure sector. He gained the keys to the kingdom and was so successful that the management got upset with him, vowing he’d never work in Vegas again. He never went back.

Near the end of the book are a series of short takes and the most interesting section in my opinion: a few pages where Kevin talks about how children use social engineering 101 to manipulate their parents. The examples he gives are sure to be familiar to any parent and, when viewed through the hacker lens, are more than a little scary.


Table of Contents


· 01: Hacking the Casinos for a Million Bucks

· 02: When Terrorists Come Calling

page 61:
page 62:

· 03: The Texas Prison Hack

· 04: Cops and Robbers

· 05: The Robbin Hood Hacker

· 06: The Wisdom and Folly of Penetration Testing

page 155:

· 07: Of Course Your Bank is Secure - Right?

· 08: Your Intellectual Property Isn’t Safe

· 09: On the Continent

· 10: Social Engineers - How They Work and How to Stop Them

· 11: Short Takes