Look after yourself, the hacker is watching!

Posted by Mitnick Security on Oct 23, 2018 5:00:00 PM

Do you think that you are safe by entrusting data to Microsoft, Google or Apple? And logging in with two-step verification?

None of this, even there you can hack - claims the most famous hacker Kevin Mitnick.

(Ed. note: Translated using Google)

To prove this, Mitnick, the guest of the "Inside Trends" conference, demonstrated several hacking attacks live. Let's take a login with a two-stage version. To be safer, in addition to the login and password, you must enter the code from an SMS sent to your mobile phone. Theoretically, without cell access, you can not enter your account. However, Mitnick showed on the example of LinkedIn that in practice this protection can be circumvented. How?

The hacker first breaks into the user's computer and waits for that to log into LinkedIn and enter a one-time code from an SMS. Then just download the "cookie" generated by LinkedIn from the attacked computer and enter it in your own browser. And here is someone stranger entered our account.

The live presentation of remote encryption of e-mails in the "cloud" Outlook box was equally dangerous. The trick is to get the user to click on the email with an attachment that will infect the mailbox. How to do it? Just impersonate Microsoft, which recommends updating the software. If an inattentive user clicks on the attachment, he will give remote control over the hacker's box. And this one can quickly encrypt the content of e-mails and demand a ransom (that's how "ransomware" software works).

Kevin Mitnick, after his passing from youth (in the 90s he was detained by the FBI and convicted by a court for 5 years in prison for hacking into secure systems), founded a company that, at the request of other companies, breaks into their network to find weak points. Completely legally and for money.

- The most important part is "breaking a man" - convinces Mitnick. The so-called. "Social hacking", that is, drawing information about employed people or the habits of the company is a necessary introduction to real hacking. A properly prepared hacker thanks to psychological tricks and manipulation is able to penetrate everywhere. The Mitnick Security team boasts almost 100% here. efficiency.

To view the original article and other important news articles, please refer to the source.

Source: Newsweek Polska

Topics: Social Engineering, SMS, Speaking Engagements, Warsaw, Global Ghost Team, Poland, two-step verification, cloud, encryption, cell access, Inside Trends conference, malicious email, cookie, Outlook box, ransomware, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

The Growth of Third-Party Software Supply Chain Cyber Attacks

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›
tech-texture-bg

© Copyright 2004 - 2024 Mitnick Security Consulting LLC. All rights Reserved. | Privacy Policy