Hacker exposes weakest links in corporate chain

American poacher turned gamekeeper demonstrates the tech tricks of his trade

The easiest way for cybercriminals and hacktivists to get access to Kiwi companies is through people, and businesses have not done enough to address it.

Reformed hacker Kevin Mitnick demonstrated those weaknesses at the ‘Cyber Threats’ event in Auckland last week.

Mr Mitnick showed a crowd of suited business executives, hooded-hackers and programmers how he breached a major US start-up with a single email, could clone access cards just by standing next to victims, and how to exploit an Australasian online store to get a 97 per cent discount on items including laptops.

He was introduced by Kevin Kanji, associate director at Deloitte, a sponsor of Cyber Threats, held at the SkyCity Convention Centre.

“The truth is, even though data breaches and hacks get a lot of attention in the news, we haven’t done much about it in New Zealand,” said Mr Kanji before welcoming Mr Mitnick on stage.

The world-renowned hacker was arrested for hacking and wire fraud in 1995 after evading law enforcement for three years.

He served five years in jail, including eight months in solitary confinement because the judge feared he could launch nuclear missiles by whistling into a phone. Mr Mitnick now owns a security company where he and his team hack companies with their permission to highlight weak points in their systems.

Mr Mitnick’s emphasised the easiest way to breach a company’s security was through its people. His company uses ‘social-engineering’ - a security term for coercing and manipulating people into sharing sensitive information, downloading malicious software or allowing access into systems without their knowledge.

“No matter how advanced technology a company has, a hacker can get in through social-engineering, and there’s no software on the market to avoid it,” Mr Mitnick said.

He showed how he gained access to a client by pretending to be a legitimate business and sending an email that gave him control over an employee’s computer. He came away with payroll information, intellectual property and access to technology.

“It’s not that people are stupid. We are just human beings, and our trust can be exploited,” said Mr Mitnick.

After Mr Mitnick’s demonstrations a discussion followed with Anurag Madan, head of IT digital services at the Ministry of Social Development, Mr Kanji and Karen Scott-Howman, chief-executive of the NZ Bankers’ Association.
“Kevin is very terrifying, and we have realised that hacking has become one of our top 10 threats globally over the last couple of years,” she said.

Mr Mitnick recommended companies educate their staff to avoid attacks, but that awareness campaigns like posters and educating emails is not enough.

“Awareness alone does not work. Give your employees that ‘aha!’ moment, for example by exploiting them yourself or through companies such as mine. People will be much more aware if you fool them once,” Mr Mitnick said.


Topics: SkyCity Convention Centre, solitary confinement, technology, Anurag Madan, penetration testing, phishing simulation, clone access cards, cyber criminals, cyber security consultant, cyber threats, hacking, IT digital services, keynote speaker, Kiwi companies, Ministry of Social Development, Mitnick Security Awareness Training, NZ Banker's Association, intellectual property, Karen Scott-Howman, wire fraud, Auckand New Zealand, Deloitte, hacktivists, Kevin Kanji, Kevin Mitnick, malicious software

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Remembering the World’s Greatest Hacker: Kevin Mitnick's Legacy

Arguably the most influential hacker, Kevin Mitnick, leaves behind a tremendous legacy and industry-changing knowledge in the hacking community as wel..

Read more ›

Understanding the Scope of A Penetration Test

Penetration testing puts your security systems to the test so you can see if your security framework can withstand a cyber attack.

Read more ›

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›