More than one person left The Breakers feeling vulnerable April 4 after notorious hacker Kevin Mitnick showed how easy it is for hackers to access personal information with just a few keyboard clicks.
“How hard is it to hack today? It’s very simple,” Mitnick said at the Smarty Party, the South Florida Science Center and Aquarium’s annual benefit. “Here’s your real problem: it’s the users.”
Mitnick, who was on the FBI’s most wanted list and served prison time, shared how he invaded nearly 40 major corporations as a hacker.
Hackers count on human error; eventually you will open that pesky email or update alert you keep ignoring, he said. And nowadays they employ social engineering attacks where they use psychological manipulation so victims give up confidential information.
So why is social engineering so popular? Mitnick said this method is easier than a hacking system or technical attacks, usually requires free or low-cost tools, doesn’t leave an audit trail, evades all intrusion detection systems and is nearly 99.5 percent effective.
Hackers create a target list based on the victim’s circle of friends and co-workers, he said. This information is easily retrieved from social media sites such as Facebook or LinkedIn. Then, the target will be phished with messages from what they think is an email from a trustworthy source.
At the event, guest Teresa Hickey volunteered to get hacked, and within seconds of giving her name, Mitnick had her social security number, birth date, driver’s license number and the university she graduated from on the big screens for everyone to see.
With this information, hackers can impersonate her while requesting credit reports, he said. And a hacker doesn’t need to get all of the security questions right for access, as long as 95 percent of the questions are answered correctly.
Mitnick said users can protect themselves from attacks by undergoing domain spoof tests and avoiding opening email attachments. And if they do open one, avoid doing it with your personal computer’s software and using Google docs or viewer instead.
In the case of companies, he had a few recommendations as well, including taking any of the internet technology decision-making process away from users or employees likely to be targeted, and inoculate users by attacking and testing them so they know what to look for in real phishing attempts. Mitnick also suggested changing organization politeness norms. It’s OK to ignore that suspicious email or hang up on that call.
Along with the information session, Smarty Party guests took home a copy of Mitnick’s book, Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
This event review and other fascinating information can be found at source.
Source: Palm Beach Daily News