Quantcast

Famed “computer terrorist” teaches anti-hacking

March 8, 2006

By Rebecca Harrison

JOHANNESBURG (Reuters) – He can find George Bush senior’s
social security number and Leonardo DiCaprio’s mother’s maiden
name in under 15 seconds, and led the FBI on a three-year
manhunt as he hacked his way into the world’s biggest firms.

“Computer terrorist” Kevin Mitnick is one of the world’s
most famous computer hackers and became a cause celebre after
breaking into networks and stealing software at companies
including Sun Microsystems and Motorola.

Now Mitnick, from the United States, travels the world
teaching companies how to guard against people just like him.

He argues that while sophisticated technology can help keep
networks clean from viruses, it is useless if hackers can con a
company’s employees into handing over passwords by posing, for
example, as colleagues.

“Hackers find the hole in the human firewall,” Mitnick told
an information technology security conference on Wednesday in
Johannesburg, South Africa. “What’s the biggest hole? It’s the
illusion of invulnerability.”

“Social engineering” — as hackers call tricking people —
formed the main thrust of his career, in which he penetrated
some of the world’s most sophisticated systems often by
persuading unwitting staff to hand over top-secret information.

Mitnick, now in his early 40s, started hacking phone
systems in his teens before moving on to computers, but says he
never stole money or caused deliberate damage and hacked just
for the thrill of it.

The hobby earned him a place on the FBI’s most wanted list
and an almost five-year stint in U.S. jail in the 1990s.

On his release he was initially banned from surfing the
Web, and has since written two books about hacking and started
an IT security consulting firm.

Now the companies he once stole secrets from pay him to
hack into their systems and show them how to improve security.

Mitnick said hackers conduct meticulous research into
companies and their staff, even swotting up on the hobbies of
target employees to better win their trust.

And firms underestimate how easily hackers can get hold of
personal information — like driver’s license numbers, social
security numbers and mothers’ maiden names — which are often
used by banks or other companies to screen customers.

To prove it at the conference, he found former U.S.
President George Bush’s social security number, driver’s
license number and the maiden name of Hollywood actor
DiCaprio’s mother within 15 seconds.

“The problem is that it is a good human quality to give
people the benefit of the doubt, and unless you’ve been burned,
or you’re paranoid, then you will probably trust them,” he
said.

Companies must guard against smooth-talking hackers by
making their staff aware of the risks, developing simple
company policies on data protection, and getting the best
technology, which will at least “raise the bar” for hackers.

“It’s not about being paranoid, but it’s about being very
aware, and very alert,” he said.


Source: reuters



comments powered by Disqus