Lessons from the World’s Most Famous Hacker

Last week, Kevin Mitnick visited Melbourne as part of a tour. He spoke to an audience of security professionals from a wide range of different industries about his start as a black-hat hacker, i.e. using his skills to break into systems to steal data, through to his present career as a white-hat hacker, i.e. conducting penetration tests for major companies all over the world.

While Mitnick did break the law in the 1990s and was prosecuted, what’s interesting is that his hacks might have used some tricky technical skills, they were far more dependent on one specific thing.

In his 16 years of working as a penetration tester, Mitnick’s company has never failed to break into a system – as long as he has been able to talk to people.


While our IT systems hold valuable data such as financial records, technical designs and personal information, the real key to getting into those systems is hacking the humans.

During the day, I had the opportunity to interview Mitnick on stage. To illustrate some of his answers, Mitnick demonstrated some hacks. For example, in one simple scenario he sent a text message to my phone that looked like it was sent by my partner. All he needed was my phone number and my partner’s number and he was able to send a text asking for an account password.

The technical sophistication of this was very low – almost anyone can repeat the hack using online text messaging services. But the effect of breaching the trust of individuals can be devastating.

Although strong passwords, encryption, firewalls and security software are important, they can all be easily bypassed if a hacker can convince a legitimate user to hand over the keys to the fortress.

The hacker’s most powerful weapon is social engineering. Mitnick used social engineering to make telephone calls to whoever he wanted while under close guard during his months in solitary confinement. He was placed there because law enforcement officials were convinced he could launch a missile by phoning mission control and whistling into a phone.


Putting robust systems in place to protect your systems is critical. But supporting people with good processes that minimise the risk of them being manipulated by a bad actor is perhaps more important.

Some easy steps to take include:

  • Always require two parties to sign off on any financial transactions.
  • Rely on face-to-face or some other direct, non-electronic, means to verify important business interactions.
  • View any request to access a system or conduct a transaction with scepticism until you have verified that the request is genuine.

Source: Data Protection Adviser

Topics: Social Engineering, steal data, tech designs, two party sign off, black hat hacker, face to face communication, human error, penetration tests, security software, encryption, cybersecurity expert, financial records, firewalls, IT systems, keynote speaker, personal info, Melbourne, strong passwords, white hat hacker, Australia, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Redefining Your Enterprise’s Cyber Security Posture During Mergers & Acquisitions

With 3,205 data compromises occurring in 2023 alone, fortifying your enterprise’s cybersecurity posture is more important than ever.

Read more ›

Choosing a Penetration Testing Company for Mac-based Environments

Powering your business with Apple devices because of their reputable security and privacy features? You may be surprised to learn that while Apple dev..

Read more ›

AI in Cyber Security: Impacts, Benefits, and More To Be Aware Of

Artificial intelligence in cybersecurity has been a hot topic lately, especially with the rise of OpenAI’s ChatGPT. But does that mean it would make a..

Read more ›