Notorious former hacker reveals how criminals can steal your details in just THREE easy steps when y

Written by Mitnick Security | Aug 30, 2016 12:00:00 AM

In a worrying demonstration that is sure to frighten frequent Wi-Fi users, former infamous hacker Kevin Mitnick shows how easy it is to steal your details in a public area.

Kevin Mitnick was arrested in the US in 1995 for hacking into 40 major companies, including IBM, Nokia and Motorola, but is now working as a leading security consultant for some of the largest companies in the world.In an ABC Four Corners report on Monday, Mr Mitnick walked through the steps to how a hacker would obtain your details in public.

Three steps outlining how hackers access your personal information

  1. Hackers set up a fake Wi-Fi network in a public space
  2. Once you are using a fake access point all your keystrokes are recorded, which can reveal your personal information if you have used any log-in details
  3. Hackers will steal your passwords and send you fake updates for the user to install. If installed, the hacker will have complete access to your system without you knowing

Cyber criminals will set up a fake Wi-Fi network, the example he used is a common one, 'Telstra Air'.

Once logged on the hacker can record all your keystrokes, which will identify your usernames and passwords if you access any personal information. 

This allows the hacker to send you fake updates, and once installed, 'We gain full control of his computer system and he will never know the better,' he said. 

Mr Mitnick said the tools on the internet are so accessible that school students can download hacking systems.

'Fast forward to today, and you have tonnes of tools that a high school, a junior school [student] can download and exploit systems,' he said.

In the same Four Corners report, Jetstar and Suzuki were named among a suspected group of companies to have suffered a cyber attack with their computer system log-in details up for sale on the dark web. 
Computer details from a government research network, a national sporting body, a school and a local council were also revealed to be hacked.

Security firm Kaspersky released a list in June this year, revealing 70,000 computers that had their usernames and passwords hacked and put up for sale on the dark web.

Only five days later, another list was revealed by the firm containing 170,000 computers that were suspected of being breached and both Jetstar and Suzuki were among the systems listed, however both companies have denied any breach.  
A statement from Jetstar said it had detected no evidence that its system had been compromised, while Suzuki said it was aware of the database and had taken security measures to ensure the safety of its system.

Hackers that obtain details and access computer systems can use them to launch Denial of Service (DoS) attacks, very similar to the attack that stunted the Australian Bureau of Statistics Census form earlier this month.

There was also cyber attacks on government and corporate computer networks with 'highly confidential' plans for a privately funded satellite.

The damage to the Australian satellite company, Newsat, was so crippling former CFO Michael Hewins told Four Corners it was the worst they had ever seen.

'Our network was, as far as they could see, the most corrupted they'd seen. Period,' he said. 

Newsat was the nation's largest satellite company and had planned on launching two satellites and kickstart the Australian satellite industry, but a year ago liquidators were called in and assets sold off.

Former Newsat IT manager Daryl Peter revealed the hackers could have been watching them for nearly two years.

'Newsat had been hacked and not just by teenagers in the basement or anything like that. Whoever was hacking us was very well-funded, very professional, very serious hackers,' he said. 

Former manager at the Australian Cyber Security Centre Tim Wellsmore said some of these crippling attacks are ticking time bombs with many system details already hacked and just waiting to be dispersed. 

'There is a lot of computers for sale on the dark web that have actually been hacked and compromised and are sitting there waiting to be used for attacks, that marketplace exists,' he told Four Corners.

Furthermore, Chinese hackers are likely to be behind the 'daily' government cyber attacks, the Prime Minister's cyber security adviser said.

The hackers have targeted government departments such as the Bureau of Meteorology, the Australian Trade and Investment Commission [Austrade], the Defence Department's Defence Science Technology Group and satellite company Newsat Ltd over the past five years. 

The report said intelligence sources believed the attacks from China had been backed by the country's government. 

Malcolm Turnbull's cyber security adviser, Alastair MacGibbon, said attacks occurred daily and many were never discussed.

But a Chinese Embassy spokesman refuted the claims, saying they had no basis.

Austrade has been the repeated target of attacks, including three major cases of infiltration in 2011, 2013 and 2014, the ABC reported.
 

Source: Daily Online