Mitnick to school Australia on Black Hat mindsets

Written by Mitnick Security | Nov 9, 2016 12:00:00 AM

Kevin Mitnick, arguably the world’s most famous hacker, is coming to Australia as part of a conference tour of the region later this month.

The ‘Black Hat’ hacker turned ‘White Hat’ hacker will be here to attend panel sessions at a series cyber security conferences organised by Liberty Stage.

Liberty stage has previously secured speaking engagements from technology luminaries of high calibre including Apple co-founder Steve Wozniak and technology disruption guru Clayton Christensen.

At conference events, titled ‘Cyber threats – is your organisation vulnerable?’ to be held in Auckland, Sydney and Melbourne, Mr Mitnick is expected to share his thoughts on exploiting Black Hat culture and the thought processes it cultivates to improve IT security.

Ty Miller, respected Australian security researcher and founder of computer security consultancy Threat Intelligence, has landed the job of teasing out Mr Mitnick’s latest wisdom on mitigating cyber threats at the Sydney event.

A recent interview with the ABC’s Lateline indicates that Mr Mitnick is likely to focus on social engineering during his visit — essentially the methods malicious hackers use to trick the unwary to divulge passwords and other sensitive information.

Mr Mitnick pioneered these techniques to complement his early illegal hacking activity. He once posed as technician to gain access to manuals for a sophisticated computer system that he and two accomplices were targeting for illegal access.

However, he also told Lateline that compromising operating systems had become a simple matter of financial resources. Exploits for Apple’s iOS, he said, were fetching a cool million dollars on dark nets while weaknesses in Google’s Android OS were on the market for about a third of the price.

There would be few better placed to discuss the topic of cyber intrusion. Mr Mitnick is widely credited with dragging the activity of a small, skilled and largely invisible community of hackers on a quest to test the breakability of the US’ major telecommunications systems out of the dark and to the top of the media’s agenda.

 The details of Mr Mitnick’s hacking exploits are well known. They started in 1976 when, as a 13-years-old, he learned how to defraud the Los Angeles punch card-based bus ticketing system to gain free transport around the city. It came to an end when he was arrested in 1995 and sentenced to five years in prison for computer fraud.

In the lead up to his 1995 arrest, Mr Mitnick had already spent 12 months in prison for computer crimes and became a fugitive for two-and-a-half years after breaking the terms of his supervised release and hacking into Pacific Bell’s voicemail system.

In a recent documentary about his life Mr Mitnick said he never considered his actions to be criminal and, in the same documentary, a psychologist who examined him said that she believed he had been suffering from a type of addiction.

Mr Mitnick spent most of his time in jail pre-trial but he also spent eight of those months in solitary confinement. Mr Mitnick has famously alleged that during a bail hearing prosecutors convinced a judge that he was so dangerous that he could hack into NORAD and launch nuclear warheads by “whistling” tones into a payphone. An accusation that he found laughable.

 Mr Mitnick’s incarceration prompted a backlash from sectors of the community who believed that law enforcement authorities had overreacted to his crimes, were too zealous in pursuing him and that his actions were actually beneficial in exposing cyber security flaws.

Seasonal publication 2600: The Hacker Quarterly started issuing “Free Kevin” bumper stickers and other groups organised rallies to lobby for his release.

(“2600: The Hacker Quarterly 2600: The Hacker Quarterly” https://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly)

Mr Mitnick was freed in 2000 and, after a few more court battles to reinstate his right to use the internet and hold a radio license, he was able to position himself to start his own cyber security consultancy. His client list includes many top 500 companies and his former adversary, the Federal Bureau of Investigation.

Source: CSO