EVENT REVIEW: Cyber Security Chicago Wrap-Up: Kevin Mitnick

When I learned about last week's Cyber Security Chicago conference via Twitter, I thought this would be a great opportunity. After all, how frequently does someone from the nonprofit or social enterprise community get to focus on security and data issues? (Plus, Cyber Security Chicago was making its debut this year, so I felt it was worth checking out for my own education as well). So I requested (and received) a complimentary press pass and attended last week's conference at McCormick Place.

Good news - there was plenty of great information that would provide some insights into digital excellence and literacy. Not-so-good news (depending on your perspective) - there is so much content that this week, One Cause At a Time will have four posts focusing on key issues from the conference, as well as key insights from specific people.

One of those people was Kevin Mitnick of Mitnick Security, who delivered the opening keynote address on how hackers and online con artists use their skills to compromise unwilling users. Despite a relatively over-the-top opening video (showing scenes from classic caper/heist films and television shows like Leverage), Mitnick delivered a really insightful presentation.

Mitnick discussed methods of social engineering, by which many hackers and con artists work to convince another to comply with a request to compromise their computer network. Many of these social engineering efforts involve influence, manipulation, and deception...and often do not require specific operating systems and which have a low risk for the attacker. (Mitnick also discussed more elaborate methods of deception, which will be discussed later). Social engineering is effective 99.5% of the time, and range from everything as simple as a phishing e-mail to more elaborate strategies like ransomware.

Mitnick also introduced (for me, this was a new idea) the concept of spear phishing or targeting a specific individual within an organization to acquire network access. During his presentation, Mitnick demonstrated how hackers could use special software to determine basic network information. By finding a specific person listed, an e-mail address could be generated (often through trial and error) and a specific e-mail crafted for a particular purpose (like generating a wire transfer of a large amount of money). Without necessarily thinking, the target user may enter the appropriate information, resulting in funds being sent to the hacker.

Online predators who engage in social engineering have a specific process for engaging targets. When engaging users to compromise their systems, hackers work to establish a false identity/role and frequently provide a reason for compliance. Building their target's confidence through information and attention, the hacker also builds rapport through positive influence and reinforcement. The hacker has usually crafted an appropriate response to overcome rejections and has an "out" that allows them to avoid burning their resource. Given the simplicity and ease of strategies....it's no wonder that social engineering efforts are effective 99.5% of the time.

Throughout the presentation, Kevin Mitnick provided several great real-world demonstrations of how such social engineers work to compromise systems. They often use special software which allows them to redirect phone calls for customer service, Skype contacts, and even false Wi-Fi signals. (One favorite highlight - a young student provided her name and social security number, and her life was revealed to the audience. This young woman consented, and speaking to her afterward...she was not prearranged or planted by Mitnick). Even PDFs can be used to send malware, allowing hackers to distribute ransomware and hold user data hostage.

So what can nonprofits, social enterprise, and other users do to ensure security? Much of Mitnick's talk focused primarily on being cautious and confirming information. (When that e-mail from the bank looks suspicious, it is easy to double check with your bank). Being aware of potential dangers is often the first step in ensuring security....and Kevin Mitnick's opening keynote to Cyber Security Chicago set a positive tone for the rest of the conference.

Many of you may be asking, "What can nonprofits, social enterprise, and other resource-strapped mission-driven organizations actually do to ensure digital safety?" Tomorrow's Cyber Security Chicago post will focus on that very subject.

This helpful review and other very interesting articles can be found at the source.

Source: Chicago Now

Topics: Social Engineering, Skype, spear phishing, online predators, false WI-Fi signals, hackers, keynote speaker, live hacking demonstrations, malware, Mitnick Security, Cyber Security Chicago, ransomware, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›