ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Mitnick on hacking

Joris Evers CNET News.com

Published: 04 Nov 2005 18:15 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...on the back of your card. The human mind is very innovative and the attacker will build trust and confidence to gain cooperation.

Are the social engineers or the people who do such attacks becoming more criminal, like computer hackers are becoming more criminal?
You can have a teenage kid who is using social engineering to get into his friend's AOL screen name or you can have a military spy using it to try to break in somewhere and everyone else in between. Social engineering is simply a tool used to gain access.

Do you see a difference between social engineers today and when you were doing it?
When I got started, when I learned about social engineering, it was during the phone phreaking era, the predecessor to the hacking era. That was more about calling different departments at phone companies to gain an understanding of their processes and procedures and then being able to pretend to be somebody at the phone company and having somebody do something for you.

Social engineering happens quite frequently now. It happened with Network Solutions, it happened with Paris Hilton. These are the attacks you hear about. There are many social engineering attacks you never hear about because they are not detected or because the person who was attacked doesn't want to admit it.

It is growing because security technologies are getting more resilient. There are better technologies to protect information assets and the attacker is going to go after the weaker link in the security chain. Social engineering is always going to be here. The more difficult it is to exploit the technology, the easier it becomes to go after people.

If you look at the folk who attack vulnerabilities in technology today and compare that to when you were first starting out, what trends do you see?
Back then, a lot of the holes in technology were not readily available and published like they are today on the Internet. Nowadays anybody with a browser could pretty much purchase commercial hacking tools like Canvas or go to a Web site where a lot of exploits are readily available. Ten years ago, if you were hacking you had to develop your own scripts. Today is like a point-and-click hacking world. You don't have to know how the engine is working, you just know to get in the car and drive. It is easier.

What would you say is the single biggest threat out there?
It is pretty much a blended threat. I think social engineering is really significant because there is no technology to prevent it. Companies normally don't raise awareness about this issue to each and every employee. It is at the end of the priority list in the security budget.

There will continue to be software vulnerabilities. In a lot of companies that I tested, if you are able to breach a perimeter machine, like...

For more, click here... 

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
188 out of 430 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Clinical Coder - South Yorks - 3 months initially

The post holder will be responsible for the abstraction, translation and input of clinical coding information regarding inpatient episodes (FCEs). To ...

VB6, ASP, SQL Server - Legacy Developer needed South of Swindon

You will be coding in VB, ASP and SQL to improve one major web based application. You will be coding in VB6 and The data and systems they work with ...

Sales Engineer/ Business Development Manager, Northamptonshire

Tasked to increase the business development of a leading supplier to the government and law enforcement market this role would suit a determined ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers