SEE LIVE (Poland) “I will show how hackers use our weakness”

Written by Mitnick Security | Oct 6, 2018 12:00:00 AM

Among his "favorite actions" he mentions, among others hacking communication lines of McDonald's restaurants. When customers came through the so-called DriveThru, employees could hear them and receive applications, but it was Kevin Mitnick who responded, blocking this possibility of service. "I sat in front of the window and took over communication" - recalls years later the most famous hacker in the world, who will be the guest of the October Inside Trends conference in Warsaw.

Mitnick also broke into the servers of the largest telecommunications corporations in the United States. In 1983 he managed to enter ARPANET - the ancestor of today's Internet, which at that time functioned as a network for the Pentagon. Mitnick was caught by the FBI, but for months he slipped out of federal hands, changing his identity. His case ended in 1999 with a court ruling that prohibited him from "touching anything with a transistor" . Today Kevin Mitnick works on the other side of the power. Like many converted hackers, he is a security consultant. It helps companies and institutions, writes books. On October 18 and 19, everyone who participates in the Business Insider Inside Trends conference will be able to see live,how easy it is to become the target of the attack , but also to learn how to effectively defend against it.

Łukasz Grass, editor-in-chief of Business Insider Polska: Kevin, let's start our conversation with the conference. What will you say about Inside Trends?
Kevin Mitnick: I am very happy that I can take part in this event. I will talk about the threat posed by the human factor and I will show in a few examples how "bad boys" can use this weakness. This will not be a presentation in PowerPoint, but real-life examples, and how companies should deal with these threats . Such David Houdini hacking.

I can not wait. I would like to volunteer myself, but since I am one of the hosts of this event, I do not know if they will let me.
Each of my presentations will require volunteers. I will show, among others, how you can remotely take control of the card and enter any office. In the US, we use identification cards produced by HID, a tycoon on the European and American market. I am very curious how many companies in Poland use this technology.

How do you think, how many people are listening and watching us now?
(laughs) You never know at my laptop. Maybe Polish intelligence, MI6 and the American NSA. But seriously speaking, I do not think I'm being watched. Many years ago I was on the other side, but that does not mean that our conversation today is overheard, although I do not know if it is fully encrypted. I use SSL (encryption of data sent between the user and the server, guarantees confidentiality of data and communication), i.e. our connection should be secure, but you never know who is on the other side of the server ... I do not intend to reveal any secrets to you.

Do you cover the webcam on your laptop using the internet?
Like Mark Zuckerberg ?

That's what I thought about it.
With my hand on my heart I can say that I do not do it. It is true that there are advanced viruses for surveillance, but it is very difficult to mount them on a MacBook Pro because its design is constantly modified. It is quite a difficult task.

I'm asking because some say, "Buy a Mac, it's safe." But can you say that some manufacturer invented a completely safe system, resistant to attacks by cybercriminals?
Unfortunately not. Operating systems are increasingly becoming the target of attacks, which is why the market is moving towards the Macs , although they are expensive, but have some protection that Windows does not have. The truth is that each operating system has its own vulnerabilities that can be exploited and none of them is 100% safe. This does not mean that Mac is safer than Windows, or vice versa.

The thing is how the user configures his computer to limit the possibility of an attack. For example, I use a tool on the go that will inform me with a text message every time someone tries to open my Mac. Protecting yourself from criminal hacker attacks is not that difficult, we have the right tools.

It is much more difficult if we are dealing with the state, law enforcement agencies. In addition, you always have to be able to balance between security and convenience. It's worth spending some time on privacy settings . If you care about protecting your privacy, you can, for example, use Tor or other tools that will hinder, among others, Facebook profiling you. The Tor search engine is quite slow because it acts as an intermediary between three different systems.

The whole idea behind Tor is to ensure your anonymity. The website on the other side of the communication can not identify you. With its help you can hide the traffic generated by you or the IP address. Thanks to it, many settings in your search engine remain invisible to social media. Identifying the system according to which the search engine works is very difficult.

And what about messengers such as Messenger or WhatsApp. Do you think there is one in the world that offers a completely secure connection?
I use the Signal application and I prefer those communicators that give the possibility of coding. I trust them, but also only to a certain extent. Let's assume that you and I have the Signal app on your iPhones and we communicate in this way. If someone is able to capture traffic on the network, he will not be able to read the communication between us because he has no key. But intelligence agencies are able to get this key from yours or my phone.

Kevin Mitnick believes that today hackers hunt for mobile.  His story shows that it often depends on us whether we fall victim to an attack
Photo: EFE / Kai Forsterling / Forum Polish Photographers Agency
Kevin Mitnick believes today hackers hunt for mobile. His story shows that it often depends on us whether we fall victim to an attack
There is not a certain method of securing the communicator, but breaking some is quite expensive, so your opponent would have to be either a state or a very rich unit for which costs do not play a role. It's complicated, expensive and time-consuming, so if you have not exposed yourself to an interview, I do not think that's what it takes. Signal is therefore a good tool to reduce risk. I use this messenger also on the desktop, but taking into account the number of viruses that appear on the network, you have to be vigilant all the time. To keep your privacy, you need to know what is going on and react accordingly.

Let's change the subject. You have certainly heard about digital wallets. Maybe you even use some ...
Yes, I have a few, but I rarely use them. I used this when I wrote my book "Art of Invisibility" because I wanted to see how it works. However, Bitcoin is public and it is easy to trace the transaction from one portfolio to another. When I was writing a book, there was a system for laundering this money, but again, everything is a matter of trust as to how much this system is sealed. Again, the only method of maintaining anonymity in bitcoin transactions is anonymous purchase of such a portfolio.

The threat with bitcoin and other virtual currencies is that such a wallet is easy to steal. A clever hacker can get your password or key, whether you use MacOS or Windows, and steal your wallet. This is a threat, even if you have this wallet on your private computer.

ADVERTISEMENT

That's what I wanted to ask. Is it easy to get into such a digital wallet?
Such a key usually has 120 characters or more, so it is difficult to do. For a private person like you or me, it would be rather impossible. But perhaps the NSA has such possibilities, which we do not know yet. To break such complex codes, they can use quantum computers . However, this is unattainable for an individual. It usually works so that "bad guys" install the virus on the computers of their victim and thus pull out the key from it, not even trying to break it.

There is a popular website that I came across during my research, providing digital wallet services. They use double security, each time sending an identification code to your email address. Of course, this security can be circumvented, but it increases the level of security, because it is not enough only username and password. Everything is a matter of applied procedures.

Let's talk for a moment about the security of the Internet of Things. In a moment we will be fully surrounded by objects having internet connectivity, autonomous cars and trains without drivers. Does it carry a risk, because someone will be able to break into a machine that is beyond human control?
IoT items, in particular autonomous cars, which Tesla is working on, for example, are closely guarded by teams responsible for safety. But the Chinese managed to break into Tesla Model S, which we can see on the relevant video. However, I think more about the usual devices that people can buy in any electronics store. For example, a radio that will give you a local weather forecast. Many devices that appear on the market do not have adequate security.

People do not even change their passwords. Such devices may become the subject of an attack carried out by the public Internet. For example, people can install a home monitoring system, but its protection is very weak. There is even an Internet search engine, it's called Shodan, which will show you poorly secured IoT on the internet. It's really simple.

ADVERTISEMENT

The other side of the coin, however, is that this race is still going on and the companies involved in IoT are trying to patch up any gaps, because this may be bad for their image. This is a step in the right direction. There are thousands of companies on the market that produce safe IoT items. In the USA, any device that uses radio waves, even a microwave oven, must have the appropriate authority certificate. IoT items should also meet minimum security standards. We should put pressure on producers in this respect.

Thank you for the interview and see you on 18 and 19 October at the Inside Trends conference!
Thank you. See You in Warsaw!

He talked to Łukasz Grass.

Business Insider INSIDE TRENDS conference
For more on how to protect private and corporate data today and how to avoid hacking, Kevin Mitnick will speak at the Business Insider Polska Inside Trends conference. HERE BUY A TICKET FOR THE INSIDE TRENDS CONFERENCE

It will be divided into three thematic zones: FINTECH, LIFE SCIENCE and BUSINESS 4.0. During two days, in which up to 1000 people from the world of media, science, marketing and business will take part, speeches, debates and workshops with speakers are foreseen. 

Source: BUSINESS INSIDER POLSKA