Cyber Security Articles & News

Look after yourself, the hacker is watching!

Posted by Mitnick Security on Oct 23, 2018 5:00:00 PM

Do you think that you are safe by entrusting data to Microsoft, Google or Apple? And logging in with two-step verification?

None of this, even there you can hack - claims the most famous hacker Kevin Mitnick.

(Ed. note: Translated using Google)

To prove this, Mitnick, the guest of the "Inside Trends" conference, demonstrated several hacking attacks live. Let's take a login with a two-stage version. To be safer, in addition to the login and password, you must enter the code from an SMS sent to your mobile phone. Theoretically, without cell access, you can not enter your account. However, Mitnick showed on the example of LinkedIn that in practice this protection can be circumvented. How?

The hacker first breaks into the user's computer and waits for that to log into LinkedIn and enter a one-time code from an SMS. Then just download the "cookie" generated by LinkedIn from the attacked computer and enter it in your own browser. And here is someone stranger entered our account.

The live presentation of remote encryption of e-mails in the "cloud" Outlook box was equally dangerous. The trick is to get the user to click on the email with an attachment that will infect the mailbox. How to do it? Just impersonate Microsoft, which recommends updating the software. If an inattentive user clicks on the attachment, he will give remote control over the hacker's box. And this one can quickly encrypt the content of e-mails and demand a ransom (that's how "ransomware" software works).

Kevin Mitnick, after his passing from youth (in the 90s he was detained by the FBI and convicted by a court for 5 years in prison for hacking into secure systems), founded a company that, at the request of other companies, breaks into their network to find weak points. Completely legally and for money.

- The most important part is "breaking a man" - convinces Mitnick. The so-called. "Social hacking", that is, drawing information about employed people or the habits of the company is a necessary introduction to real hacking. A properly prepared hacker thanks to psychological tricks and manipulation is able to penetrate everywhere. The Mitnick Security team boasts almost 100% here. efficiency.

To view the original article and other important news articles, please refer to the source.

Source: Newsweek Polska

Topics: Social Engineering, SMS, Warsaw, Poland, two-step verification, cloud, encryption, cell access, Inside Trends conference, keynote speaker, malicious email, Mitnick Security Team, cookie, Outlook box, ransomware, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

What's Included in a Penetration Test Report?

Penetration tests are an extremely useful exercise to mitigate risks and patch your security gaps. If you’ve been asking yourself why do penetration t..

Read more ›

What Is Pivoting in Cyber Security and What Does It Mean for Pentesters?

Data breaches in 2022 were abundant and sophisticated. Realistically, it’s expected that this year we will continue to see threat actors test their li..

Read more ›

What Is One-time Password (OTP) Social Engineering?

Even if your business has a mature cybersecurity program, there may be one vulnerability that threat actors can still use to steal your company data: ..

Read more ›
tech-texture-bg

© Copyright 2004 - 2023 Mitnick Security Consulting LLC. All rights Reserved. | Privacy Policy