EVENT REVIEW: Cyber Security Chicago Wrap-Up: Kevin Mitnick

When I learned about last week's Cyber Security Chicago conference via Twitter, I thought this would be a great opportunity. After all, how frequently does someone from the nonprofit or social enterprise community get to focus on security and data issues? (Plus, Cyber Security Chicago was making its debut this year, so I felt it was worth checking out for my own education as well). So I requested (and received) a complimentary press pass and attended last week's conference at McCormick Place.

Good news - there was plenty of great information that would provide some insights into digital excellence and literacy. Not-so-good news (depending on your perspective) - there is so much content that this week, One Cause At a Time will have four posts focusing on key issues from the conference, as well as key insights from specific people.

One of those people was Kevin Mitnick of Mitnick Security, who delivered the opening keynote address on how hackers and online con artists use their skills to compromise unwilling users. Despite a relatively over-the-top opening video (showing scenes from classic caper/heist films and television shows like Leverage), Mitnick delivered a really insightful presentation.

Mitnick discussed methods of social engineering, by which many hackers and con artists work to convince another to comply with a request to compromise their computer network. Many of these social engineering efforts involve influence, manipulation, and deception...and often do not require specific operating systems and which have a low risk for the attacker. (Mitnick also discussed more elaborate methods of deception, which will be discussed later). Social engineering is effective 99.5% of the time, and range from everything as simple as a phishing e-mail to more elaborate strategies like ransomware.

Mitnick also introduced (for me, this was a new idea) the concept of spear phishing or targeting a specific individual within an organization to acquire network access. During his presentation, Mitnick demonstrated how hackers could use special software to determine basic network information. By finding a specific person listed, an e-mail address could be generated (often through trial and error) and a specific e-mail crafted for a particular purpose (like generating a wire transfer of a large amount of money). Without necessarily thinking, the target user may enter the appropriate information, resulting in funds being sent to the hacker.

Online predators who engage in social engineering have a specific process for engaging targets. When engaging users to compromise their systems, hackers work to establish a false identity/role and frequently provide a reason for compliance. Building their target's confidence through information and attention, the hacker also builds rapport through positive influence and reinforcement. The hacker has usually crafted an appropriate response to overcome rejections and has an "out" that allows them to avoid burning their resource. Given the simplicity and ease of strategies....it's no wonder that social engineering efforts are effective 99.5% of the time.

Throughout the presentation, Kevin Mitnick provided several great real-world demonstrations of how such social engineers work to compromise systems. They often use special software which allows them to redirect phone calls for customer service, Skype contacts, and even false Wi-Fi signals. (One favorite highlight - a young student provided her name and social security number, and her life was revealed to the audience. This young woman consented, and speaking to her afterward...she was not prearranged or planted by Mitnick). Even PDFs can be used to send malware, allowing hackers to distribute ransomware and hold user data hostage.

So what can nonprofits, social enterprise, and other users do to ensure security? Much of Mitnick's talk focused primarily on being cautious and confirming information. (When that e-mail from the bank looks suspicious, it is easy to double check with your bank). Being aware of potential dangers is often the first step in ensuring security....and Kevin Mitnick's opening keynote to Cyber Security Chicago set a positive tone for the rest of the conference.

Many of you may be asking, "What can nonprofits, social enterprise, and other resource-strapped mission-driven organizations actually do to ensure digital safety?" Tomorrow's Cyber Security Chicago post will focus on that very subject.

This helpful review and other very interesting articles can be found at the source.

Source: Chicago Now

Topics: Social Engineering, Skype, Speaking Engagements, online predators, false WI-Fi signals, hackers, live hacking demonstrations, malware, Mitnick Security, Cyber Security Chicago, phishing, ransomware, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg