'Mafiaboy' spills the beans at IT360 on underground hackers
Social engineering plays a major part in computer hacking
ITWorldCanada - Attending IT360 last week didn't guarantee you a seat at Michael Calce's keynote with Craig Silverman. The conference room reached full capacity and left a crowd of onlookers spilling into the hall outside the doors.
Calce -- a.k.a. Mafiaboy, the Montreal teen hacker who was the subject of an international manhunt after bringing down some of the highest-profile Web sites on the Internet -- delivered on his promise to provide insight into underground hacker communities.
Social engineering is a much larger aspect of hacking than people think it is, said Calce. "Hackers rely on you to be naïve. They are counting on it," he said.
Internal IT hackers in your company are still more of a threat than remote exploits or denial-of-service attacks, he pointed out. Calce suggested securing your organization before worrying about outside threats.
"You have to integrate some type of security awareness program and training for your employees, because people are still being socially engineered and it's still a very viable threat," he said.
Calce delved further into the hacker mindset in a postconference interview. "They're all about people manipulation skills," he said. "One way or another, you have to manipulate someone."
Hackers can just dress up in a telephone company uniform and walk into your office, Calce explained. Some will print documents saying they work with the phone company or carry order and supply forms.
"As long as you look like you're there for what you're supposed to be doing, they don't really question why you're there -- especially if you do it well. If you're good and you keep a solid face and you have paperwork or a hat that goes with your façade, it's very effective," he said.
"People aren't expecting that angle," Calce explained. "They think that they secure their networks and they're not vulnerable. It doesn't necessarily operate like that. Hackers always think outside the box."
Keeping all angles in mind is an important part of evaluating a company's risk factor, according to Calce, who is forming his own penetration testing company. "I will be doing a lot of technical work and verifying their networks, but a huge portion of it is also social engineering -- how can I get in at the front desk," he said.
Even with the proper training and education, employees might continue to be the weak link in an organization. "They don't really care what happens to the company as a whole. They care about the paycheck they get, they do their job and they go home. But people need to take it to heart and realize that there is a lot at risk," he said.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!