Hacker exposes weakest links in corporate chain

American poacher turned gamekeeper demonstrates the tech tricks of his trade

The easiest way for cybercriminals and hacktivists to get access to Kiwi companies is through people, and businesses have not done enough to address it.

Reformed hacker Kevin Mitnick demonstrated those weaknesses at the ‘Cyber Threats’ event in Auckland last week.

Mr Mitnick showed a crowd of suited business executives, hooded-hackers and programmers how he breached a major US start-up with a single email, could clone access cards just by standing next to victims, and how to exploit an Australasian online store to get a 97 per cent discount on items including laptops.

He was introduced by Kevin Kanji, associate director at Deloitte, a sponsor of Cyber Threats, held at the SkyCity Convention Centre.

“The truth is, even though data breaches and hacks get a lot of attention in the news, we haven’t done much about it in New Zealand,” said Mr Kanji before welcoming Mr Mitnick on stage.

The world-renowned hacker was arrested for hacking and wire fraud in 1995 after evading law enforcement for three years.

He served five years in jail, including eight months in solitary confinement because the judge feared he could launch nuclear missiles by whistling into a phone. Mr Mitnick now owns a security company where he and his team hack companies with their permission to highlight weak points in their systems.

Mr Mitnick’s emphasised the easiest way to breach a company’s security was through its people. His company uses ‘social-engineering’ - a security term for coercing and manipulating people into sharing sensitive information, downloading malicious software or allowing access into systems without their knowledge.

“No matter how advanced technology a company has, a hacker can get in through social-engineering, and there’s no software on the market to avoid it,” Mr Mitnick said.

He showed how he gained access to a client by pretending to be a legitimate business and sending an email that gave him control over an employee’s computer. He came away with payroll information, intellectual property and access to technology.

“It’s not that people are stupid. We are just human beings, and our trust can be exploited,” said Mr Mitnick.

After Mr Mitnick’s demonstrations a discussion followed with Anurag Madan, head of IT digital services at the Ministry of Social Development, Mr Kanji and Karen Scott-Howman, chief-executive of the NZ Bankers’ Association.
“Kevin is very terrifying, and we have realised that hacking has become one of our top 10 threats globally over the last couple of years,” she said.

Mr Mitnick recommended companies educate their staff to avoid attacks, but that awareness campaigns like posters and educating emails is not enough.

“Awareness alone does not work. Give your employees that ‘aha!’ moment, for example by exploiting them yourself or through companies such as mine. People will be much more aware if you fool them once,” Mr Mitnick said.
 

Source: TE WAHA NUI

Topics: SkyCity Convention Centre, solitary confinement, Speaking Engagements, technology, Anurag Madan, penetration testing, phishing simulation, clone access cards, cyber criminals, cyber security, hacking, IT digital services, Kiwi companies, Ministry of Social Development, NZ Banker's Association, intellectual property, Karen Scott-Howman, Kevin Mitnick Security Awareness Training, wire fraud, Auckand New Zealand, cyber attack, Deloitte, hacktivists, Kevin Kanji, Kevin Mitnick, malicious software

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg