Cyber Security Articles & News

Lessons from the World’s Most Famous Hacker

Last week, Kevin Mitnick visited Melbourne as part of a tour. He spoke to an audience of security professionals from a wide range of different industries about his start as a black-hat hacker, i.e. using his skills to break into systems to steal data, through to his present career as a white-hat hacker, i.e. conducting penetration tests for major companies all over the world.

While Mitnick did break the law in the 1990s and was prosecuted, what’s interesting is that his hacks might have used some tricky technical skills, they were far more dependent on one specific thing.

In his 16 years of working as a penetration tester, Mitnick’s company has never failed to break into a system – as long as he has been able to talk to people.

HUMAN ERROR OPENS ENTRY POINTS FOR HACKERS

While our IT systems hold valuable data such as financial records, technical designs and personal information, the real key to getting into those systems is hacking the humans.

During the day, I had the opportunity to interview Mitnick on stage. To illustrate some of his answers, Mitnick demonstrated some hacks. For example, in one simple scenario he sent a text message to my phone that looked like it was sent by my partner. All he needed was my phone number and my partner’s number and he was able to send a text asking for an account password.

The technical sophistication of this was very low – almost anyone can repeat the hack using online text messaging services. But the effect of breaching the trust of individuals can be devastating.

Although strong passwords, encryption, firewalls and security software are important, they can all be easily bypassed if a hacker can convince a legitimate user to hand over the keys to the fortress.

The hacker’s most powerful weapon is social engineering. Mitnick used social engineering to make telephone calls to whoever he wanted while under close guard during his months in solitary confinement. He was placed there because law enforcement officials were convinced he could launch a missile by phoning mission control and whistling into a phone.

WHAT CAN YOU DO TO PREVENT HUMAN ERROR?

Putting robust systems in place to protect your systems is critical. But supporting people with good processes that minimise the risk of them being manipulated by a bad actor is perhaps more important.

Some easy steps to take include:

  • Always require two parties to sign off on any financial transactions.
  • Rely on face-to-face or some other direct, non-electronic, means to verify important business interactions.
  • View any request to access a system or conduct a transaction with scepticism until you have verified that the request is genuine.

Source: Data Protection Adviser

Topics: Social Engineering, steal data, tech designs, two party sign off, black hat hacker, face to face communication, human error, penetration tests, security software, encryption, cybersecurity expert, financial records, firewalls, IT systems, keynote speaker, personal info, Melbourne, strong passwords, white hat hacker, Australia, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Year in Review: What We Learned Speaking at Virtual Cyber Security Events in 2020

Here we are: another year in the books. Twenty twenty however, has been one unlike any other… to say the least!

Read more ›

5 Tips for Choosing a Cyber Security Speaker for a Lead Gen Webinar

The right speaker for your cybersecurity webinar can help you capture higher-quality leads by building trust between your audience and your company. O..

Read more ›

Disinformation, The Election & Cybersecurity

During this election season, disinformation campaigns have been so prevalent that the NY Times has a live-updating feed of the latest falsehoods and m..

Read more ›
tech-texture-bg