Kevin Mitnick, who was jailed in the 1990’s for his hacking offences was at the IP EXPO in Manchester last month sharing secrets of his dark trade.
Amidst a well-attended speech, Kevin Mitnick demonstrated several live hacks. From accessing bank account details to cloning attendee’s security passes.
As you can imagine, the mechanics of how he managed to achieve these things went over his audience heads, however here are a few things that will certainly interest you.
– Earning him his position on the FBI’s most wanted list, he once hacked into 40 major organisations, amongst these were Nokia, Motorola and the NSA
– He got into hacking through his love of magic
– He was not interested in the fact that he was breaking into a company, he simply always wanted information
– He now appreciates the threat and impact of social engineering attacks
– In 1993 he was living under the name of Erik Weisz, paying homage to his idol Harry Houdini
What did he do?
– From a very young age Mitnick learnt how to compromise security systems, acquiring free access to the Los Angeles bus system at the age of 13, and by 16, he was accessing computer networks.
– He would break into organisations and copy software
– After a warrant was issued for his arrest he fled and lived as a fugitive for two-and-a-half-years.
– According to the US Department of Justice he gained unauthorised access to dozens of computer networks whilst he was a fugitive – hiding his location by using clones mobile phones
– He also intercepted and stole computer passwords, altered computer networks and broke into read private e-mails.
– After being arrested in 1995, he was charged with 14 counts of fraud among other offences. He served five years in prison.
– He has now turned ‘white-hat’, Mitnick is a trusted security consultant to the Fortune 500 and governments worldwide.
– His speech about the art of deception stressed how people are always the weakest link of any organisation.
An example of one of the hacks demonstrated on the day:
A main take away message was the use of ‘social engineering’ to access information.
This involved compromising the people that use the systems as they are the weakest point. For example, this could be tricking them to click on a fake attachment, logging in to a bogus Wi-Fi or getting them physically close enough to clone access cards to their place of work.
Social engineering involves compromising the individuals that use these systems. Attackers are always looking to exploit weaknesses in human nature and coerce people into performing actions which give them attacker an advantage.
What Antron thinks
We feel that Kevin Mitnick has clearly demonstrated why it is very important to stay up to date with the latest technology when it comes to securing your organisation. At Antron we install equipment and software’s which mitigate the likelihood of security breeches.
To discuss your current situation and possible vulnerabilities, please call us on +44 (0)1923 855 006 or email firstname.lastname@example.org.