Kevin Mitnick and the human hacking business

Every industry has rockstars. For hackers and infosec, there's probably no one more famous, or perhaps infamous, than Kevin Mitnick…

After spending five years in a federal prison in the US for various hacking offences, he turned his skills to white-hat hacking. In a recent visit down under, Mitnick spoke and performed a series of live hacks on stage at a series of event in Auckland, Sydney and Melbourne.

I had the opportunity to interview Mitnick on stage in Melbourne. Throughout the interview, Mitnick interspersed the discussion with live demonstrations of various exploits and hacks. He also explained how he could carry out a hack, while in prison, during his eight-month confinement in solitary.

There’s no doubt Mitnick is a skilled security practitioner. But perhaps the most important lesson from all his exploits was that his greatest successes didn’t come by brute-forcing his way into systems. In the 16 years since his release from prison and working as a penetration tester, he has never failed to break into a company’s systems when he has had access to people.

Some of the hacks he perpetrated on stage were simple. He sent a text message to my phone, asking for some information, that looked exactly like it had come from my partner.

He has convinced individuals to hand over personal data by convincing them to complete questionnaires.

Mitnick’s greatest tool is his quick mind and, as he puts it, the gift of the gab.

Of all the hacks Mitnick described, the one that most amazed me was perpetrated from solitary confinement. Prisoners in federal prisons are only allowed to make phone calls to five designated numbers. One of the people Mitnick wanted to be able to call was his partner. However, her number was not on the list.

Prison guards watched Mitnick very closely while he was on the phone. During one of Mitnick’s court proceedings, a prosecutor told a judge Mitnick could launch an ICBM by calling NORAD and whistling into the phone.

Over time, Mitnick socially engineered the guards by scratching his back against the wall adjacent to the phone he had to use for his calls. He also determined there was an 18-second window between when he hung the phone up and when the dead line would be detected.

Eventually, Mitnick was able place his back against the phone, hang the call up with one hand behind his back and then dial a number – behind his back – within the 18-second window. All while being closely guarded.

If there was a single take-home message from Mitnick’s presentation through the day it was this: people are your weakest link and you should never trust anyone you can’t see.

And even then, be cautious.

Source: iStart

Topics: Social Engineering, solitary confinement, Speaking Engagements, federal prison hack, cybersecurity expert, security awareness training, Melbourne, Sydney, weakest link, Auckland, Kevin Mitnick, live hacks

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg