It takes one...

Kevin D Mitnick is best-known as a computer hacker who was arrested by the FBI on February 15, 1995, and convicted of wire fraud and breaking into the computer systems of Fujitsu, Motorola, Nokia and Sun Microsystems. This book, The Art of Intrusion, is the second he has written in collaboration with writer William L Simon since his release from jail.

A security specialist who boasts of real world experience and insider understanding like few others can, Mitnick (in his role of a storyteller) has managed to win the trust of hackers and lay bare their exploits. In his earlier work, The Art of Deception, Mitnick drew heavily from his own experience of convincing people to tell him things they shouldn't, which in turn gave him access to their computer systems. For his second attempt, Mitnick has got professional hackers singing their successes with alarming abandon (he himself is still prohibited from airing his hacking exploits by a federal gag).

Packed with exploits of a rich assortment, from a Las Vegas casino to corporate networks (names have been changed to protect the guilty and the cracked-into), the stories in this book could numb your mind with the humility of the approach as much as the deceptive simplicity of the ingenuity. Mitnick and Simon display a rare talent for stories that amaze, enlighten and even entertain. Much like Deception, the book reads like a thriller"" complete with elements of intrigue and moments of suspense""as it narrates how hackers swoosh into corporate and government systems protected by so-called "state of the art" security mechanisms, and make off with treasure.

The book is nicely paced, with one riveting break-in after another. Each account offers a close view of a different sort of attack: why the attackers did what they did, how the task was accomplished, and what damage was incurred. To have yourself awe-struck by how the mind of the hacker operates, however, read the account of a hacker who managed to obtain access to corporations like Microsoft, Excite@Home and The New York Times just by putting together information publicly available on www.whois.net and in email records, and then told the companies how he broke into their fortresses.

The purpose of this book, lest you wonder, is not to serve as a guide for would-be hackers. The authors therefore do their utmost to propose changes that could be made to secure computer systems: changes in network configurations, for example. In fact, every story carries a set of writers' notes and instructions to tweak the computer systems by way of defence against the method employed. This acts as a reassurance measure, which is good because otherwise the lay reader would be left with deep furrows of worry above the brows. There's the story of a bank heist, for example, with the hacker forging control over wire transfers, that could easily scare people off wire transfers for life.

But then, this book would probably appeal to specialised readers a lot more. As was the case with the earlier book, security fellas can expect to pick up a thing or two about detecting and preventing security breaches, while the informed reader can lay back and marvel at the way cyber-crime is evolving.

Among the more vibrant stories of subversion is that of three friends who made off with $3 million by reverse-engineering casino slot machines. It went on for years before getting discovered. The trio, well-versed with the logic of probability, zeroed in on the random number generator that predicts a slot machine's sequence. The modus operandi: buy a second hand video poker machine legally, retrieve the ROM chip by taking it apart, crack the programme that governs random number generation (it's really not all that "random"), and then use the knowledge to hit the jackpot on other poker machines. Mitnick's advice? "Use tamper-proof chips and protect the firmware from reverse-engineering."

Overall, the authors do a tightrope walk in this book. They disclose just enough to show that the tales are real, but not enough so that a would-be hacker can pull off similar stunts. The authors also cleverly avoid drowning readers in minutiae of technical babble. What the authors pull off in the bargain is a highly engaging book.

THE ART OF INTRUSION
THE REAL STORIES BEHIND
THE EXPLOITS OF HACKERS,
INTRUDERS & DECEIVERS

Kevin D Mitnick & William L Simon
John Wiley & Sons Inc
Price: $17; Pages: 304