Hacked by a world famous hacker: Kevin Mitnick answers your questions

How long does it take for one of the world's most famous hackers to break into a mobile phone?

Just ask Lateline host Matt Wordsworth.

The answer is seconds.

Luckily for Wordsworth, the hack was all part of a practical demonstration by Kevin Mitnick to show just how easy it is for hackers to infiltrate a phone from the other side of the world and start manipulating the user to hand over data.

All Mitnick needed was the phone numbers of Wordsworth and his wife and he was almost instantly able to start sending fake messages.

Mitnick was once considered such a threat by the US government that he was placed in solitary confinement for almost a year.

These days, the hacker turned "white hat" consults for the FBI and big business on how to stay secure in the digital age.

Lateline received dozens of viewer questions for Mitnick asking for security tips and how hacks and leaks are set to influence politics. Here are his responses to some of the best.

 Kevin Mitnick

With the US election in mind, how routine is hacking going to become during campaigns?

"It's already routine.

"The United States government has pointed the finger at Russia for hacking into the Democratic National Committee.

"I don't have the intel to know if that's true but in either case it's a bad thing to be compromised and governments, private and public sector businesses need to have better security and that's really the bottom line."

How big is the risk in Australia?

"Substantial. Australian citizens, Australian businesses can't depend on government to protect them.

"What they have to do is basically take the reins and start exercising due diligence and rather than being reactive, be proactive, lay into their defences and make it really hard for a hacker or any other type of adversary to get into the network.

In the recent Census denial of service attack, did the Australian Bureau of Statistics and IBM do enough to protect the information?

"In this particular case it didn't appear that IBM did their job at mitigating or preventing the denial of service attack.

"The word on the street - and I haven't vetted this personally - is that the data that they had on Australian citizens was actually in a back-end database but it wasn't encrypted, it was in the clear, which means that if their computers got hacked and the bad guy was to obtain access to the database, they can get all the data that Australian citizens are submitting to the Census bureau, which is pretty scary."

"I think it's a sad thing that people actually do this. I think it's to get media attention about their hack so they can read about it in the press or watch some TV reporter mention it on the nightly news.

"Or they do it for purposes of "hacktivism" and that's where hackers are motivated not by money, not by the challenge, but simply to send the political message about something they don't like. So what they do is try to create attention to a problem.

"It's definitely a thing that other hackers like myself, legitimate hackers, really look down upon."

Is white hat hacking a skill that technology teachers should be teaching kids at high school?

"I think in grade school and in high school what they could do is teach students fundamentals of network administration, network engineering system administration, database administration, all about TCPIP which is the protocol the internet is built on.

"It will get students to understand the fundamentals and by the time they reach the university level then teach them how hacking works and how again to act as a defender or to act as an offender but in a way to find security vulnerabilities so their clients can show off their defences."

How secure is email?

"When email is sent through the internet it's usually in the clear, meaning that if it's going through other servers to get to its destination, to get into that recipient's email inbox, it can be read by anybody in between.

"The only way to secure your email is to encrypt your email and one of the most common tools that security experts use is a tool called PGP (Pretty Good Privacy), crated by Phillip Zimmerman.

"There's also a freeware version called GPG. It's complicated to set up but it will give you the most secure email communications available today.

"There's a plug in I believe for Chrome called Mailvelope and it makes it simpler to use PGP. So if you want to have secure email take a look at GPG and Mailvelope."

Watch the interview with Kevin Mitnick on Lateline tonight at 9.30pm (AEDT) on ABC News 24 or 10.30pm on ABC TV.

Source: Australian Broadcasting Corporation

Topics: Social Engineering, solitary confinement, Speaking Engagements, due diligence, penetration testing, PGP, Philip Zimmerman, Census bureau, cyber security, encrypt your email, FBI, GPG, hacktivism, Internet protocol, Mailvelope, phishing demonstrations, Pretty Good Privacy, secure email, security consultant, Kevin Mitnick Security Awareness Training, malware, Spam, TCPIP, white hat, Australia, cybercrime, digital age, freeware version, Kevin Mitnick, In The News, Nichboy

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg