My new project: Tact, a simple chat app.

The art of intrusion

December 15, 2006

Just finished reading “The art of intrusion” by Kevin Mitnick. It follows his previous work, “The art of deception”, that was about social engineering.

The idea of “The art of intrusion” is simple. Mitnick has some restraints imposed by the court that restricts him from publishing his own hacking stories. I understand these restrictions will be lifted in a few years, so we can expect another publication from him documenting his own history. But for this book, Kevin simply asked other people to send him accounts of their own hacks. A lot of them did, and the book is an edited volume of the best of those.

All the details have been changed for obvious reasons, but you can still understand the ideas and details of how the hacks came about and could happen, despite the security measures put in place at the various targeted institutions. The lineup of different businesses is quite fascinating, as we learn about lax security in the US federal prison system, at various biotech and technology companies and banks around the world. One of the funniest stories was how the US troops “hacked” the Iraq communication systems during the Gulf war, injecting their own communications into both high-tech radio systems and the wired phone networks that the Iraqis used, effectively rendering their communication systems useless as they knew it was being tapped and were forced to stop using it. There are also some bits about darker activities such as terrorists recruiting teens, and pedophiles conducting their activities of trying to find next victims in online chatrooms.

It all boils down to having lax security procedures and people not following them properly. Simple accounts are given of things such as tailgating (following people through restricted-access entrances), to be followed by more elaborate descriptions of hacking online systems. So while not all in this book can be verified to be true to the letter, I believe it’s quite a humbling look at the state of modern corporate security systems and a chilling warning to anybody who thinks that the online world can be secured and locked down easily and this is done in most places.