Hacked by a world famous hacker: Kevin Mitnick answers your questions

How long does it take for one of the world's most famous hackers to break into a mobile phone?

Just ask Lateline host Matt Wordsworth.

The answer is seconds.

Luckily for Wordsworth, the hack was all part of a practical demonstration by Kevin Mitnick to show just how easy it is for hackers to infiltrate a phone from the other side of the world and start manipulating the user to hand over data.

All Mitnick needed was the phone numbers of Wordsworth and his wife and he was almost instantly able to start sending fake messages.

Mitnick was once considered such a threat by the US government that he was placed in solitary confinement for almost a year.

These days, the hacker turned "white hat" consults for the FBI and big business on how to stay secure in the digital age.

Lateline received dozens of viewer questions for Mitnick asking for security tips and how hacks and leaks are set to influence politics. Here are his responses to some of the best.

 Kevin Mitnick

With the US election in mind, how routine is hacking going to become during campaigns?

"It's already routine.

"The United States government has pointed the finger at Russia for hacking into the Democratic National Committee.

"I don't have the intel to know if that's true but in either case it's a bad thing to be compromised and governments, private and public sector businesses need to have better security and that's really the bottom line."

How big is the risk in Australia?

"Substantial. Australian citizens, Australian businesses can't depend on government to protect them.

"What they have to do is basically take the reins and start exercising due diligence and rather than being reactive, be proactive, lay into their defences and make it really hard for a hacker or any other type of adversary to get into the network.

In the recent Census denial of service attack, did the Australian Bureau of Statistics and IBM do enough to protect the information?

"In this particular case it didn't appear that IBM did their job at mitigating or preventing the denial of service attack.

"The word on the street - and I haven't vetted this personally - is that the data that they had on Australian citizens was actually in a back-end database but it wasn't encrypted, it was in the clear, which means that if their computers got hacked and the bad guy was to obtain access to the database, they can get all the data that Australian citizens are submitting to the Census bureau, which is pretty scary."

"I think it's a sad thing that people actually do this. I think it's to get media attention about their hack so they can read about it in the press or watch some TV reporter mention it on the nightly news.

"Or they do it for purposes of "hacktivism" and that's where hackers are motivated not by money, not by the challenge, but simply to send the political message about something they don't like. So what they do is try to create attention to a problem.

"It's definitely a thing that other hackers like myself, legitimate hackers, really look down upon."

Is white hat hacking a skill that technology teachers should be teaching kids at high school?

"I think in grade school and in high school what they could do is teach students fundamentals of network administration, network engineering system administration, database administration, all about TCPIP which is the protocol the internet is built on.

"It will get students to understand the fundamentals and by the time they reach the university level then teach them how hacking works and how again to act as a defender or to act as an offender but in a way to find security vulnerabilities so their clients can show off their defences."

How secure is email?

"When email is sent through the internet it's usually in the clear, meaning that if it's going through other servers to get to its destination, to get into that recipient's email inbox, it can be read by anybody in between.

"The only way to secure your email is to encrypt your email and one of the most common tools that security experts use is a tool called PGP (Pretty Good Privacy), crated by Phillip Zimmerman.

"There's also a freeware version called GPG. It's complicated to set up but it will give you the most secure email communications available today.

"There's a plug in I believe for Chrome called Mailvelope and it makes it simpler to use PGP. So if you want to have secure email take a look at GPG and Mailvelope."

Watch the interview with Kevin Mitnick on Lateline tonight at 9.30pm (AEDT) on ABC News 24 or 10.30pm on ABC TV.

Source: Australian Broadcasting Corporation

Topics: Social Engineering, solitary confinement, due diligence, penetration testing, PGP, Philip Zimmerman, US election, World's Most Famous Hacker, Census bureau, encrypt your email, FBI, GPG, hacktivism, Internet protocol, keynote speaker, Mailvelope, phishing demonstrations, Pretty Good Privacy, secure email, security consultant, malware, security tips, Spam, TCPIP, white hat, Australia, cybercrime, cybersecurity vulnerabilities, digital age, freeware version, Kevin Mitnick, Nichboy

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Red Team Testing vs. Penetration Testing

As the cost of cyber attacks continues to grow — in 2023, the worldwide cost of cyber attacks reached $8 trillion and, by 2025, the total cost is esti..

Read more ›

What Is Credential Harvesting and How Do Threat Actors Pull It Off?

Credential harvesting, otherwise known as credential compromising or credential theft, can be a highly devastating cyber threat. It also happens to be..

Read more ›

How Threat Actors Bypass 2FA and What Preventative Steps You Can Take

Two-factor authentication (2FA, or MFA) is a security layer designed to verify the identity of those logging in to accounts. By sending codes to the p..

Read more ›