'Computer terrorist' Kevin Mitnick now teaches antihacking
After almost five years in jail, he wrote two books and started an IT consulting firm
Reuters - He can find former President George Bush's Social Security number and Leonardo DiCaprio's mother's maiden name in under 15 seconds, and led the FBI on a three-year manhunt as he hacked his way into the world's biggest firms.
"Computer terrorist" Kevin Mitnick is one of the world's most famous computer hackers and became a cause celebre after breaking into networks and stealing software at companies including Sun Microsystems and Motorola.
Now Mitnick, a U.S. citizen, travels the world teaching companies how to guard against people like him.
He argues that while sophisticated technology can help keep networks clean from viruses, it is useless if hackers can con a company's employees into handing over passwords by posing, for example, as colleagues.
"Hackers find the hole in the human firewall," Mitnick told an IT security conference yesterday in Johannesburg, South Africa. "What's the biggest hole? It's the illusion of invulnerability."
Social engineering, which involves tricking people, formed the main thrust of Mitnick's career. He penetrated some of the world's most sophisticated systems often by persuading unwitting staff to hand over top-secret information.
Mitnick, now in his early 40s, started hacking phone systems in his teens before moving on to computers. But he says he never stole money or caused deliberate damage, and hacked just for the thrill of it.
The hobby earned him a place on the FBI's most-wanted list and an almost five-year stint in a U.S. jail in the 1990s.
Upon his release, he was initially banned from surfing the Web. However, he has since written two books about hacking and started an IT security consulting firm. Now the companies he once stole secrets from pay him to hack into their systems and show them how to improve security.
Mitnick said hackers conduct meticulous research into companies and their staff, even boning up on the hobbies of target employees to better win their trust.
And firms underestimate how easily hackers can get hold of personal information -- like driver's license numbers, Social Security numbers and mothers' maiden names -- which are often used by banks or other companies to screen customers.
To prove it at the conference, he found former U.S. President George Bush's Social Security number, driver's license number and the maiden name of Hollywood actor Leonardo DiCaprio's mother within 15 seconds.
"The problem is that it is a good human quality to give people the benefit of the doubt, and unless you've been burned or you're paranoid, then you will probably trust them," he said.
Companies must guard against smooth-talking hackers by making their staff aware of the risks, developing simple company policies on data protection and implementing the best technology, which will at least "raise the bar" for hackers, Mitnick said.
"It's not about being paranoid, but it's about being very aware and very alert," he said.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency... All Cybercrime and Hacking White Papers | Webcasts