Cyber Security Articles & News

Kevin Mitnick and the human hacking business

Every industry has rockstars. For hackers and infosec, there's probably no one more famous, or perhaps infamous, than Kevin Mitnick…

After spending five years in a federal prison in the US for various hacking offences, he turned his skills to white-hat hacking. In a recent visit down under, Mitnick spoke and performed a series of live hacks on stage at a series of event in Auckland, Sydney and Melbourne.

I had the opportunity to interview Mitnick on stage in Melbourne. Throughout the interview, Mitnick interspersed the discussion with live demonstrations of various exploits and hacks. He also explained how he could carry out a hack, while in prison, during his eight-month confinement in solitary.

There’s no doubt Mitnick is a skilled security practitioner. But perhaps the most important lesson from all his exploits was that his greatest successes didn’t come by brute-forcing his way into systems. In the 16 years since his release from prison and working as a penetration tester, he has never failed to break into a company’s systems when he has had access to people.

Some of the hacks he perpetrated on stage were simple. He sent a text message to my phone, asking for some information, that looked exactly like it had come from my partner.

He has convinced individuals to hand over personal data by convincing them to complete questionnaires.

Mitnick’s greatest tool is his quick mind and, as he puts it, the gift of the gab.

Of all the hacks Mitnick described, the one that most amazed me was perpetrated from solitary confinement. Prisoners in federal prisons are only allowed to make phone calls to five designated numbers. One of the people Mitnick wanted to be able to call was his partner. However, her number was not on the list.

Prison guards watched Mitnick very closely while he was on the phone. During one of Mitnick’s court proceedings, a prosecutor told a judge Mitnick could launch an ICBM by calling NORAD and whistling into the phone.

Over time, Mitnick socially engineered the guards by scratching his back against the wall adjacent to the phone he had to use for his calls. He also determined there was an 18-second window between when he hung the phone up and when the dead line would be detected.

Eventually, Mitnick was able place his back against the phone, hang the call up with one hand behind his back and then dial a number – behind his back – within the 18-second window. All while being closely guarded.

If there was a single take-home message from Mitnick’s presentation through the day it was this: people are your weakest link and you should never trust anyone you can’t see.

And even then, be cautious.

Source: iStart

Topics: Social Engineering, solitary confinement, federal prison hack, cybersecurity expert, Hacker, keynote speaker, security awareness training, Melbourne, Sydney, weakest link, Auckland, Kevin Mitnick, live hacks

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Is Kevin Mitnick a Famous White Hat Hacker?

Kevin Mitnick is considered one of the best hackers in the world, but what kind of hacker is he? Formerly on the FBI's most-wanted list for his pranks..

Read more ›

3 Things You Need To Know About Cyber Security Consulting Services

According to Fortune, “The world saw an alarming 105% surge in ransomware cyberattacks” in 2021, with no indication that 2022 will be any different. I..

Read more ›

Pros and Cons of Vulnerability Scanning vs Penetration Testing

When it comes to an organization’s cybersecurity, vulnerability scanning and penetration testing can protect your business from threat actors. But wha..

Read more ›
tech-texture-bg