Notorious former hacker reveals how criminals can steal your details in just THREE easy steps when y

In a worrying demonstration that is sure to frighten frequent Wi-Fi users, former infamous hacker Kevin Mitnick shows how easy it is to steal your details in a public area.

Kevin Mitnick was arrested in the US in 1995 for hacking into 40 major companies, including IBM, Nokia and Motorola, but is now working as a leading security consultant for some of the largest companies in the world.In an ABC Four Corners report on Monday, Mr Mitnick walked through the steps to how a hacker would obtain your details in public.

Three steps outlining how hackers access your personal information

  1. Hackers set up a fake Wi-Fi network in a public space
  2. Once you are using a fake access point all your keystrokes are recorded, which can reveal your personal information if you have used any log-in details
  3. Hackers will steal your passwords and send you fake updates for the user to install. If installed, the hacker will have complete access to your system without you knowing

Cyber criminals will set up a fake Wi-Fi network, the example he used is a common one, 'Telstra Air'.

Once logged on the hacker can record all your keystrokes, which will identify your usernames and passwords if you access any personal information. 

This allows the hacker to send you fake updates, and once installed, 'We gain full control of his computer system and he will never know the better,' he said. 

Mr Mitnick said the tools on the internet are so accessible that school students can download hacking systems.

'Fast forward to today, and you have tonnes of tools that a high school, a junior school [student] can download and exploit systems,' he said.

In the same Four Corners report, Jetstar and Suzuki were named among a suspected group of companies to have suffered a cyber attack with their computer system log-in details up for sale on the dark web. 
Computer details from a government research network, a national sporting body, a school and a local council were also revealed to be hacked.

Security firm Kaspersky released a list in June this year, revealing 70,000 computers that had their usernames and passwords hacked and put up for sale on the dark web.

Only five days later, another list was revealed by the firm containing 170,000 computers that were suspected of being breached and both Jetstar and Suzuki were among the systems listed, however both companies have denied any breach.  
A statement from Jetstar said it had detected no evidence that its system had been compromised, while Suzuki said it was aware of the database and had taken security measures to ensure the safety of its system.

Hackers that obtain details and access computer systems can use them to launch Denial of Service (DoS) attacks, very similar to the attack that stunted the Australian Bureau of Statistics Census form earlier this month.

There was also cyber attacks on government and corporate computer networks with 'highly confidential' plans for a privately funded satellite.

The damage to the Australian satellite company, Newsat, was so crippling former CFO Michael Hewins told Four Corners it was the worst they had ever seen.

'Our network was, as far as they could see, the most corrupted they'd seen. Period,' he said. 

Newsat was the nation's largest satellite company and had planned on launching two satellites and kickstart the Australian satellite industry, but a year ago liquidators were called in and assets sold off.

Former Newsat IT manager Daryl Peter revealed the hackers could have been watching them for nearly two years.

'Newsat had been hacked and not just by teenagers in the basement or anything like that. Whoever was hacking us was very well-funded, very professional, very serious hackers,' he said. 

Former manager at the Australian Cyber Security Centre Tim Wellsmore said some of these crippling attacks are ticking time bombs with many system details already hacked and just waiting to be dispersed. 

'There is a lot of computers for sale on the dark web that have actually been hacked and compromised and are sitting there waiting to be used for attacks, that marketplace exists,' he told Four Corners.

Furthermore, Chinese hackers are likely to be behind the 'daily' government cyber attacks, the Prime Minister's cyber security adviser said.

The hackers have targeted government departments such as the Bureau of Meteorology, the Australian Trade and Investment Commission [Austrade], the Defence Department's Defence Science Technology Group and satellite company Newsat Ltd over the past five years. 

The report said intelligence sources believed the attacks from China had been backed by the country's government. 

Malcolm Turnbull's cyber security adviser, Alastair MacGibbon, said attacks occurred daily and many were never discussed.

But a Chinese Embassy spokesman refuted the claims, saying they had no basis.

Austrade has been the repeated target of attacks, including three major cases of infiltration in 2011, 2013 and 2014, the ABC reported.

Source: Daily Online

Topics: Speaking Engagements, Telstra Air, Australian Bureau of Statistics Census form, Australian Cyber Security Centre, Australian Geospatial-Intelligence Organisation, DoS attacks, hacking demonstration, penetration testing, phishing simulation, Chinese hackers, Bureau of Meteorology, cyber criminals, dark web, Defence Science Technology Group, denial of service, exploit systems, Four Corners, internet, Jindalee Operational Radar Network, Michael Hewins, Newsat, Newsat assets sold, record keystrokes, satellite company, security consultant, Jetstar, Kaspersky, Kevin Mitnick Security Awareness Training, Malcolm Turnbull, Suzuki, Tim Wellsmore, Alastair MacGibbon, Austrade, Austrailian Defence Department, Australian government, cyber breach, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›