Posted on 03/26/2005 10:28:41 PM PST by BurbankKarl
Known as the world’s most celebrated hacker, Kevin Mitnick, will share real stories behind the exploits of other hackers, intruders and deceivers.
coast to coast list ping
Companies eager to tighten up their information security perimeters should focus not on technology but on teaching their employees how to say 'no', ex-hacker done good Kevin Mitnick told a full house at Toshiba's MobileXchange conference in Melbourne yesterday.
Mitnick became a cyberspace legend after his success in penetrating networks at major telecommunications firms -- including Pacific Bell and Motorola, Nokia, Fujitsu, Novell and NEC -- led the FBI on a 15-year manhunt that ended when his 1995 capture put him behind bars for nearly four years. Older and seemingly wiser, he now uses his skills for good as a Los Angeles-based security consultant, stopping in Australia briefly to address the crowd at the annual Toshiba event.
Many companies invest heavily in security technologies to protect their networks, but Mitnick was quick to point out that even the tightest technological barriers never stopped him; rather, some carefully planned social engineering – or even a bit of Dumpster diving in one’s spare time -- can often be far more effective at penetrating the weakest security link at most companies: their people.
"What you can find in the trash is simply amazing," said Mitnick, holding up a "souvenir" from his earlier days: a printed directory listing the name, phone number, email address, direct reports and other information about every employee in the company. "People throw out notes, drafts of letters, printouts of source code, printouts of project documentation they’re working on. In some cases they even write down passwords and access information, or calendars that list every person that person has talked to or met with".
This information provides invaluable assistance to hackers keen to worm their way into a company by, say, impersonating an employee and calling the internal help desk, or dropping into the site and pretending to be a business associate. Because people hate to say no even when they’re suspicious of a well-presented stranger, Mitnick says, smooth talking has gotten many a hacker far closer to a target company’s network than days of brute-force technological attacks.
Modern technology is an enabler for such attacks: if a hacker can worm his way into a conference room for just a few minutes, for example, an wireless access point can be plugged into an out-of-the way network access point, providing an open back door into the network even when the hacker is parked outside the building.
The solution to such security vulnerabilities is easy to understand, but often hard to implement: develop clear security policies for issues such as treatment of strangers, handling of information and access to physical facilities by visitors. In suspicious circumstances, teach employees to fall back on those policies rather than trying to ad-lib their response or give in to their natural reticence to accommodate the hacker's requests.
Even a simple request for contact details, so that a company employee might call back the person requesting assistance, can be enough to make many hackers turn tail and run.
"We can't expect our employees to be human lie detectors," Mitnick said. "One of the most difficult challenges in corporate cultures is getting people to modify their politeness norms. Social psychology has found that people should generally pay attention to their own discomfort; if something doesn’t feel right, or it's nagging at their gut, they’d better check it out. They’re not always going to remember a security policy, but what you want is to come up with some very simple protocols that will trigger employees to refer to security policy. The only people who are going to object to this are the bad guys".
Kevin Mitnick, one of the world's leading security experts, is delivering
Thanks for the post. Will be interesting.
I just ordered his two books...finished the first book today......the second one, looks even better.
Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of Deception Kevin Mitnick, the world's most celebrated hacker, now devotes his life to helping businesses and governments combat data thieves, cybervandals, and other malicious computer intruders. In his bestselling The Art of Deception, Mitnick presented fictionalized case studies that illustrated how savvy computer crackers use "social engineering" to compromise even the most technically secure computer systems. Now, in his new book, Mitnick goes one step further, offering hair-raising stories of real-life computer break-ins-and showing how the victims could have prevented them. Mitnick's reputation within the hacker community gave him unique credibility with the perpetrators of these crimes, who freely shared their stories with him-and whose exploits Mitnick now reveals in detail for the first time
Social Engineering Ping!
Cool! :-)
Dating myself here - I used to cruise the freak, pirate, and hack bulletin boards back in the early 80s. (I had level 34 group access on the now long time defunct N.O.R.A.D board. :-))
300 baud acoustical modem, hand wirewrapped S-100 computer, and an ASR-33 teletype console. :-)
I dialed into BBSs on my Apple IIe, but I was never in that deep...
Lord have mercy.
Caller: When Mitnick was arrested he said "Whatever happens, remember I am a Patriot.
Q. Was Kevin Mitnick ever contacted by Israeli intelligence during his hacking activities.
Haha, Mitnick was no hacker. He was an actor, nothing more. He was good at faking people out, that's about it.
He hacked phone systems. Got to whistle the right tones to get free long distance ya know.
"He hacked phone systems. Got to whistle the right tones to get free long distance ya know."
no free long-distance, but to this day, I carry a little tiny phone dialer, it's the size of a credit card and it has all my calling card nunbers in it. and about 60 stored numbers, Now instead of groping a pay phone I simply hold the card up to the phone mouthpiece and hit one button, -that dials my calling card number, waits the approriate 3 seconds, enters the pin, waits another three seconds and dials my number, the advantage is, that it works on broken pay phones, if there's a bank of phones, all being used, and one of them isn't being used because the keypad is broken, you can use that phone as long as it has a dialtone, you can pick one up for $30 or less... This dialer saves a ton of time when you are forced to mess with payphones, and if you have a hands free dialer in your car it works there too.
Didnt DAK used to have those?
Let me guess, War Games was your favorite movie :)
Way cool.
I used to talk to "The Woz" and later was told it was Steve Wozniak. :-)
That's phreaking, not hacking.
hehe :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.