EVENT REVIEW: Use of emotions, the most effective weapon to perform a cyber attack

For Kevin Mitnick, the hacker who in the 90s put the FBI in check, a super-cyberarm is not necessary to effectively undermine any system, rather simple gadgets and the use of social engineering are enough.

Kevin Mitnick is a good-natured guy, who generates confidence as soon as you see him enter the stage. It is also someone who can access the systems of the most protected companies in the world. "Somebody lend me a password from Banamex ... We must share, we're all friends!" Mitnick said as he laughed slyly at a cybersecurity event organized by Microsoft .  

Flattering the employees of a bank, trusting the affirmative answer of a call center, taking advantage of those users of public Wi-Fi networks or of the insecurity generated in a client by the notice of a change in their bank accounts are some forms of manipulation of the emotions that hackers from all over the world take advantage of to make any kind of cyber attacks against companies, governments and individuals.

For Kevin Mitnick, the hacker who in the 90s put the FBI in check, it is not necessary to use a super cyberarm to effectively undermine any system, rather simple gadgets and the use of social engineering are enough.

During the event S4F3 Cybersecurity, organized by Microsoft, Mitnick talked about his beginnings in the world of hacking, at the end of the 70s, when he was just a teenager. Mitnick began to become a hacker when his passion for magic tricks led him to perform small tricks using phones, something that was known as phone phreaking, with which he could, among other things, call at no cost to any phone in the world entering a phone. five-digit code.        

"Some technology geniuses like Steve Wozniak and Steve Jobs also started making phone phreaking . They built a small device called blue box, with which they could control the system of any phone that was nearby, "said Kevin Mitnick at the beginning of his conference.

The trust of customers, employees and users in general was the focus of the Mitnick talk. "When I started taking computer science classes and wrote a program with which I could visualize all my teachers' passwords to access the school computer, their response was one of surprise and admiration," said Mitnick.      

At that time, the confidence of Mitnick's teachers in their abilities as a programmer prevented them from seeing the consequences they could have in the future, especially when no one knew that the Internet and connectivity would enhance the capabilities of these young people who had fun creating small programs with very simple codes.

The hacker that entered the ARPAnet (the predecessor of the Internet) illegally in the early 1980s and tried to access the Pentagon computer, and that 10 years later, was found guilty of launching attacks against computers of companies such as Motorola, Apple and Qualcomm, also told a story that appears in Werner Herzog's documentary, Lo and Behold: Dreams of a Connected World , which is basically summarized in how the Motorola Security Chief offered him a password to be able to access Remote to the latest version of the operating system of the MicroTAC Ultra-Lite cell phone without even asking him to identify himself.

In this sense, thanks to social engineering, it is only necessary to find a small vulnerability, which most of the time falls on an individual, to violate the systems of any company or government. Perhaps this revelation is the main reason why Mitnick has a 100% penetration record in the systems of the 40 companies that have hired him to test their security mechanisms.         

The hacker made a demonstration of some of the strategies he has used to take advantage of these small vulnerabilities that, in many cases, both companies and individuals do not care about.

"Many companies do not care about the physical security of their systems or real estate. They can have armed security forces and even then, a hacker can access a bank building, for example, "said Mitnick, who recalled how he had managed to duplicate an access card to the building of a major bank in the United States. United using a device capable of accessing these cards at a distance of 10 centimeters and flattering one of the bank's receptionists to show her identification.        

Another example offered by Mitnick was that of a device that allows generating a Wi-Fi network of its own, with which any individual, at any airport, cafeteria or public space, can take advantage of those looking for an open connection to send an email, make a bank transfer or simply, enter your Facebook account, and take control of the device to steal all the information that is stored in it.    

The recommendations made by Kevin Mitnick to mitigate these types of hacks and thus avoid a potential cyber attack are the same as most cybersecurity experts: constantly updating computer systems, not accessing public Wi-Fi networks, demanding manufacturers that they create constant additional security measures and not open unverified links to avoid being victims of phishing.

The most valuable thing about the conference of one of the most famous hackers in the world is not related to these recommendations, but to the question of whether trust and control of emotions are at the center of any kind of cybernetic vulnerability.

This cool event review and other interesting news can be found at the source.      

Source: El Economista

Topics: Social Engineering, security access, Steve Jobs, penetration testing, cybersecurity, keynote speaker, Microsoft, Motorola, phone phreaking, Lo and Behold, Steve Wozniak, WiFi, ARPANET, hacking companies, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Red Team Testing vs. Penetration Testing

As the cost of cyber attacks continues to grow — in 2023, the worldwide cost of cyber attacks reached $8 trillion and, by 2025, the total cost is esti..

Read more ›

What Is Credential Harvesting and How Do Threat Actors Pull It Off?

Credential harvesting, otherwise known as credential compromising or credential theft, can be a highly devastating cyber threat. It also happens to be..

Read more ›

How Threat Actors Bypass 2FA and What Preventative Steps You Can Take

Two-factor authentication (2FA, or MFA) is a security layer designed to verify the identity of those logging in to accounts. By sending codes to the p..

Read more ›