Reuters - He can find former President George Bush's Social Security number and Leonardo DiCaprio's mother's maiden name in under 15 seconds, and led the FBI on a three-year manhunt as he hacked his way into the world's biggest firms.
"Computer terrorist" Kevin Mitnick is one of the world's most famous computer hackers and became a cause celebre after breaking into networks and stealing software at companies including Sun Microsystems and Motorola.
Now Mitnick, a U.S. citizen, travels the world teaching companies how to guard against people like him.
He argues that while sophisticated technology can help keep networks clean from viruses, it is useless if hackers can con a company's employees into handing over passwords by posing, for example, as colleagues.
"Hackers find the hole in the human firewall," Mitnick told an IT security conference yesterday in Johannesburg, South Africa. "What's the biggest hole? It's the illusion of invulnerability."
Social engineering, which involves tricking people, formed the main thrust of Mitnick's career. He penetrated some of the world's most sophisticated systems often by persuading unwitting staff to hand over top-secret information.
Mitnick, now in his early 40s, started hacking phone systems in his teens before moving on to computers. But he says he never stole money or caused deliberate damage, and hacked just for the thrill of it.
The hobby earned him a place on the FBI's most-wanted list and an almost five-year stint in a U.S. jail in the 1990s.
Upon his release, he was initially banned from surfing the Web. However, he has since written two books about hacking and started an IT security consulting firm. Now the companies he once stole secrets from pay him to hack into their systems and show them how to improve security.
Mitnick said hackers conduct meticulous research into companies and their staff, even boning up on the hobbies of target employees to better win their trust.
And firms underestimate how easily hackers can get hold of personal information -- like driver's license numbers, Social Security numbers and mothers' maiden names -- which are often used by banks or other companies to screen customers.
To prove it at the conference, he found former U.S. President George Bush's Social Security number, driver's license number and the maiden name of Hollywood actor Leonardo DiCaprio's mother within 15 seconds.
"The problem is that it is a good human quality to give people the benefit of the doubt, and unless you've been burned or you're paranoid, then you will probably trust them," he said.
Companies must guard against smooth-talking hackers by making their staff aware of the risks, developing simple company policies on data protection and implementing the best technology, which will at least "raise the bar" for hackers, Mitnick said.
"It's not about being paranoid, but it's about being very aware and very alert," he said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
