The Art of Deception : Controlling the Human Element of Security

The Art of Deception is about gaining someone´s trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios. After Mitnick´s first dozen examples anyone responsible for organizational security is going to lose the will to live. It´s been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can´t be squared. Considering Mitnick´s reputation as a hacker guru, it´s ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.