Mitnick In The News
Yurgine-Johnston: ‘Social engineering’ has its consequences
Aug 12, 2016 - DAILY JOURNAL, by Ken Johnson and Joe Yurgine
Ken: In the olden days, a memorable crime always was associated with a place and time. There would be an investigation, witnesses and evidence, and, maybe, a manhunt. I went to college in Northfield, Minn., where at 2 p.m. on Sept. 7, 1876, the historic robbery of the First National Bank was staged by the Jesse James gang. The bandits misjudged the town's fierce opposition that killed or jailed six of the eight. When I was in school, the building, still pockmarked by bullets, was home to the Jesse James Cafe. Times have changed: Today's most notable crimes occur in "cyberspace" at multiple and often indeterminate times and places. For example, credit card readers at many Wal-Mart and Safeway stores were physically bugged to send stolen customer info to remote thieves. Every computer user has encountered phishing attempts by hackers looking to install spyware or malware. Hacking at its worst can effectively shut down the entire IT system of a government bureau, airline company, hospital or utility. So, Hillary Clinton and the DNC have been hacked again?
Joe: Hacking, for the most part, involves breaking into a computer without permission, trying to steal or illegitimately view data. Today, there are prolific hackers ensconced in arm chairs in front of their monitors, gathering illegal fruit or even trying to erase all student loan files. Others simply try to test the parameters of cyber attacks. In the '90s, a movie was released called "Hackers," where an 11-year-old hacker called Zero Cool was framed and then banned from touching a keyboard for seven years after crashing more than 1,500 Wall Street computers. The "Hacker Manifesto" was quoted in the film, "This is our world now … the world of the electron and the switch. ... We exist without skin color, without nationality, without religious bias ... and you call us criminals. … Yes, I am a criminal. My crime is that of curiosity." The movie might have been inspired by Alexandre Dumas' novel, "The Count of Monte Cristo," where Edmond Dantes was framed and sent to prison.
Ken: Kevin Mitnick, one of the first hackers, wrote in his 2002 book, "The Art of Deception," about "social engineering," or using a plausible story called to a company employee, obtaining a password and gaining access to a commercial commuter system connected to the internet. In a way, Edmund Dantes also used social engineering to escape his dank cell with his jailors' help and end up with a Mercedes. The lesson to learn is don't become a victim. Distrust emailed links and requests for personal info. Install security software. Keep current with updates and patches. Be careful what you put out there on social media. Thus, my bet is that one way or another, hacking into the DNC emails involved an inside person giving up access, either through ignorance or complicity.
Joe: The Russians are believed to have hacked into DNC computers, stealing opposition research on Donald Trump. U.S. officials say it was to elect Trump. You think there might have been a mole inside the DNC that helped the Russians? Have you been doing some hacking similar to Zero Cool?
Ken: Most of what's been reported about the Julian Assange, of Wikileaks, leaks is regarding the DNC anti-Bernie primary strategy. I can only imagine the firestorm if select Clinton's deleted emails from the Chappaqua server should emerge. A spy motivated by money is possible, but more likely, Boris and Natasha being toons and password/username combos being difficult to guess, one careless or improperly trained employee compromised IT security with one click. True story: I did once succeed in a hack of sorts in the early world wide web days of the mid-1990s. At that time, the only people making money on the internet were pornographers who charged a fee for access to their sites. Exploring the net world one day, I found a log-in page of a shall-be-nameless soft-porn men's magazine. After fruitlessly entering a couple of jokey sounding UN/PW pairs, I typed in "BClinton" and "WHouse." Bingo!
Joe: Hackers today are being hired by foreign governments and businesses for intelligence and expertise, to break into U.S. corporations for trade secrets and access to emails. Others steal passwords. There are no international rules and laws governing foreign cyber attacks, and unless they make a spelling mistake, they are winning. What is amusing to me is that China in 2015 stole U.S. security clearance files of more than 21 million Americans. The data included fingerprints, personal financial details and personal data about families. The director of our national intelligence (James Clapper) said this was not an "attack" but simply good espionage. Given the chance, he said, "we would have done the same thing."
Ken: Are you surprised that systems at Amazon and Google apparently have better security than the U.S. government?
Joe: No. Our government and private industry do not cooperate and out of mistrust, operate independently of one another. But the security systems of both are not yet foolproof. The idea that you can construct a wall that would totally shield cyber attacks and intrusions is as ludicrous as thinking one can construct a wall along the Mexican border to keep Mexicans out. With security systems, there is always someone similar to a Zero Cool who might come up with something. As an example, take the Apple iPhone 5c, found in possession of Syed Farook in the San Bernardino shooting. For reasons of privacy, free speech and password protection, Apple resisted helping the FBI gain access to the contents. The FBI was stumped and paid more than $1 million to a still-unidentified hacker who solved the puzzle. I imagine the hacker to be an unemployed scruffy looking youth holed up in a basement apartment somewhere with rent being paid by his mom and dad. With $1 million, finally he'll be able to help them out.