Advertisement
Promo

Security threats Toolkit

Kevin Mitnick: The great pretender

Tom Espiner ZDNet.co.uk

Published: 14 Jun 2006 11:40 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Ten years ago there wasn't much of a World Wide Web to exploit, but there were still hackers — or more accurately crackers. Without the current glut of naive Web users to exploit, would-be cyber-thieves and vandals had to be somewhat more creative, and one of the most creative and infamous was Kevin Mitnick.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison — eight months of it in solitary confinement.

In his days on the wrong side of the law, Mitnick used so-called social engineering techniques to fool users into handing over sensitive information. Rather than overt technical hacks, he was able to convince employees to hand over information that enabled him to hack systems, while redirecting telephone signals to avoid detection by the authorities.

Following his run in with law, Mitnick now puts his powers of persuasion to good, running a company that advises businesses on avoiding social engineering attacks.

ZDNet UK caught up with the ex-cracker, ahead of his keynote speech on the "art of deception" at the MIS CISO Executive Summit in Barcelona, to discuss developments in social engineering, new US laws monitoring telephone systems, and alleged "NASA hacker" Gary McKinnon's impending extradition to the US.

Q: How big a problem is social engineering for businesses? Is it becoming a more widely used tactic?
A: It's a substantial problem — a lot of malware is associated with social engineering. Social engineering plays a big part in exploiting known vulnerabilities in software.

Are you seeing any new attack methods?
They use the same methods they always have — using a ruse to deceive, influence, or trick people into revealing information that benefits the attackers. These attacks are initiated, and in a lot of cases the victim doesn't realise. Social engineering plays a large part in the propagation of spyware. Usually attacks are blended, exploiting technological vulnerabilities and social engineering.

What can businesses do to safeguard themselves?
Businesses should train people to try to recognise possible attacks.

What are some of the give-away signs to look for in a potential social engineering attack?
Mostly it's gut instinct — if something doesn't look or feel right. If someone is calling on the telephone, but they...

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
164 out of 295 people found this useful


Full Talkback thread

0 comments

Company/Topic Alerts

Create a new alert from the list below:



Video icon

Video

Sentry Posts Blog

This Crap Site

How utterly stupid - I am ranked #40 in the top 100 - as a member of this site..... I mean HOW utterly stupid.... I have done sweet FA, I have only rejoined this site after a 3 or... More

Post a comment

Microsoft Security Update: November Pa...

Apologies for this late update to our core Patch Tuesday update. Here is a summary of the update .... The November Patch Tuesday update from Microsoft follows the largest patch and... More

Post a comment

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters