Former notorious hacker reveals how criminals can steal your details in just THREE easy steps when you connect to public Wi-Fi

In a worrying demonstration that is sure to frighten frequent Wi-Fi users, former infamous hacker Kevin Mitnick shows how easy it is to steal your details in a public area.

Kevin Mitnick was arrested in the US in 1995 for hacking into 40 major companies, including IBM, Nokia and Motorola, but is now working as a leading security consultant for some of the largest companies in the world.

In an ABC Four Corners report on Monday, Mr Mitnick walked through the steps to how a hacker would obtain your details in public.

Former hacker shows how easy it is to get someone's bank details  Cyber criminals will set up a fake Wi-Fi network, the example he used is a common one, 'Telstra Air'.

Three steps outlining how hackers access your personal information:

  • Hackers set up a fake Wi-Fi network in a public space
  • Once you are using a fake access point all your keystrokes are recorded, which can reveal your personal information if you have used any log-in details hackers will steal your passwords and send you fake updates for the user to install.  If installed, the hacker will have complete access to your system without you knowing
  • Once logged on the hacker can record all your keystrokes, which will identify your usernames and passwords if you access any personal information. 

This allows the hacker to send you fake updates, and once installed, 'We gain full control of his computer system and he will never know the better,' he said. 

Mr Mitnick said the tools on the internet are so accessible that school students can download hacking systems.

'Fast forward to today, and you have tonnes of tools that a high school, a junior school [student] can download and exploit systems,' he said.

Kevin Mitnick was arrested in the US in 1995 for hacking into 40 major companies, but is now a leading cyber security consultant around the globe.
If you connect to a fake access point cyber criminals can start recording your keystrokes

In the same Four Corners report, Jetstar and Suzuki were named among a suspected group of companies to have suffered a cyber attack with their computer system log-in details up for sale on the dark web. 

Computer details from a government research network, a national sporting body, a school and a local council were also revealed to be hacked.

Security firm Kaspersky released a list in June this year, revealing 70,000 computers that had their usernames and passwords hacked and put up for sale on the dark web.

Only five days later, another list was revealed by the firm containing 170,000 computers that were suspected of being breached and both Jetstar and Suzuki were among the systems listed, however both companies have denied any breach.  

A statement from Jetstar said it had detected no evidence that its system had been compromised, while Suzuki said it was aware of the database and had taken security measures to ensure the safety of its system.

Hackers that obtain details and access computer systems can use them to launch Denial of Service (DoS) attacks, very similar to the attack that stunted the Australian Bureau of Statistics Census form earlier this month.

There was also cyber attacks on government and corporate computer networks with 'highly confidential' plans for a privately funded satellite.

The damage to the Australian satellite company, Newsat, was so crippling former CFO Michael Hewins told Four Corners it was the worst they had ever seen.

'Our network was, as far as they could see, the most corrupted they'd seen. Period,' he said. 

Newsat was the nation's largest satellite company and had planned on launching two satellites and kickstart the Australian satellite industry, but a year ago liquidators were called in and assets sold off.

Former Newsat IT manager Daryl Peter revealed the hackers could have been watching them for nearly two years.

'Newsat had been hacked and not just by teenagers in the basement or anything like that. Whoever was hacking us was very well-funded, very professional, very serious hackers,' he said. 

Suzuki said it was aware of the database and had taken security measures to ensure the safety of its system.

Former manager at the Australian Cyber Security Centre Tim Wellsmore said some of these crippling attacks are ticking time bombs with many system details already hacked and just waiting to be dispersed. 

'There is a lot of computers for sale on the dark web that have actually been hacked and compromised and are sitting there waiting to be used for attacks, that marketplace exists,' he told Four Corners.

Furthermore, Chinese hackers are likely to be behind the 'daily' government cyber attacks, the Prime Minister's cyber security adviser said.

The hackers have targeted government departments such as the Bureau of Meteorology, the Australian Trade and Investment Commission [Austrade], the Defence Department's Defence Science Technology Group and satellite company Newsat Ltd over the past five years. 

The report said intelligence sources believed the attacks from China had been backed by the country's government. 

Malcolm Turnbull's cyber security adviser, Alastair MacGibbon, said attacks occurred daily and many were never discussed.

But a Chinese Embassy spokesman refuted the claims, saying they had no basis.

Austrade has been the repeated target of attacks, including three major cases of infiltration in 2011, 2013 and 2014, the ABC reported.

A source from the intelligence community said Austrade was 'inherently vulnerable' because it operated internationally but relied on local staff. 

Earlier in 2016, the Bureau of Meteorology [BoM] was breached in a large scale attack, but the real objective may have been defence resources involved with the Bureau's abilities to collect information.

They included the Australian Geospatial-Intelligence Organisation and the Jindalee Operational Radar Network. 

However, the attack was confined to the BoM, but also blamed on China.

In 2011 the Defence Science Technology Organisation was successfully attacked by hackers backed by China, The ABC reported.

A spokesman for the organisation said it was policy 'to not on matters of national security'.

Former head at the United States' Central Intelligence Agency and of the National Security Agency said Australia had to 'harden up' its defence against hacking.

'What my dad told me when I came home beat up from a fight once when I was about 10 years old: 'Quit crying, act like a man and defend yourself'.'

Source: Mogaznews

Topics: Social Engineering, Speaking Engagements, usernames, ABC Four Corners, Australian Geospatial-Intelligence Organisation, DoS attacks, penetration testing, personal information, Burequ of Meteorology, cyber criminals, cyber security, Defence Science Technology Group, denial of service, IBM, Jindalee Operational Radar Network, keystokes, Michael Hewins, Motorola, Nokia, Password Management, security awareness training, security consultant, Jetstar, malware, simulated phishing, Spam, Suzuki, Tim Wellsmore, WiFi users, attacks from China, Austrade, Australian Bureau of Statistics Census, Australian Trade and Investment Commission, cybercrime, Daryl Peter, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

The Growth of Third-Party Software Supply Chain Cyber Attacks

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›