Kevin Mitnick: 'People, Not Technology, Weakest Security Link'
by Karen Riccio
Despite their link to drugs, murder, extortion—you name it--we glamorize old-time organized crime figures like Al Capone, Bugsy Siegel and Lucky Luciano. These gun-toting thugs, donning pin-striped suits and fedoras and smoking the finest Cuban cigars, exuded a certain class and charm despite their wrongdoings.
Today, the picture of organized crime has a much different face—and very few people have ever seen its members in person or viewed photographs. Sitting secretly behind locked doors or lurking where we least expect them, Carbanak, Dyre Wolf, the Shifu Trojan and the Cryptolocker Gang don’t use brute force or bullets; they use brains, and prey on others’ vulnerabilities.
Unlike in the past when ad hoc networks of individuals motivated mainly by ego and notoriety, today’s breed of hackers is described by CSO Online as: “35-year-old highly experienced developers with deep knowledge that allows them to bring constant innovation into malware and attack tactics; and 80 percent of black-hat (e.g., criminal) hackers are affiliated with organized crime—a playground of financially driven, highly organized and sophisticated groups.”
The 19 cybercriminals on the FBI’s Most Wanted List are absolute masters at getting what they want: credit card numbers, social security numbers, bank accounts, health records, secret government documents, critical business data, client lists and your identity.
So are former hackers who left the dark side to help fight the battle against cybercrime, many of which are landing on the payroll of major corporations or starting their own.
- Former hacker-turned businessman, Kevin Mitnick, to keynote Data Center World.
Known for popularizing the term “social engineering,” Kevin Mitnick was convicted of several computer-related crimes, including hacking into Pacific Bell’s voice mail computers and copying proprietary software from some of the country’s largest cell phone and computer companies. Today, he is Chief Hacking Officer at security awareness training site KnowBe4. Businesses now hire him and The Global Ghost Team™ to protect against hackers and to test their systems’ vulnerabilities to attack.
Once on the FBI’s Most Wanted list for hacking into 40 major corporations, Mitnick will present the keynote address at Data Center World on April 4 in Los Angeles. His specialty: social engineering. “It takes one to catch one,” he says.
In his bestselling book, The Art of Deception, Mitnick writes, "Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he isn't, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.”
“My presentation will clearly illustrate why people are the weakest link in the security chain,” Mitnick says. “Attendees will see real demonstrations of some of the most current combinations of hacking, social engineering and cutting-edge technical exploits my team and I actually use to penetrate client systems, with a 100 percent success rate. They will also gain strategies to protect their organizations, and themselves, from harm and to help mitigate the risks they face.”
Although attacks can come from sources other than e-mail—phone, online, social media and onsite filtration--the sheer number we send and receive make it popular among hackers.
A 2015 study by the Radicati Group estimated the number of email users worldwide at 2.6 billion, and the amount of emails sent per day (in 2015) around 205 billion. Additionally, Digital Marketing Ramblings (DMR) reported that:
- The average office worker receives 121 emails a day
- Percentage of email that is spam: 49.7 percent
- Percentage of emails that have a malicious attachment: 2.3 percent
According to Mitnick’s book, “All of the firewalls and encryption in the world can’t stop a gifted social engineer from rifling through a corporate database. If an attacker wants to break into a system, the most effective approach is to try to exploit the weakest link—not operating systems, firewalls or encryption algorithms—but people. You can't go and download a Windows update for stupidity... or gullibility."
Although Mitnick will go into greater detail about how to prevent and spot social engineering attacks, here are three actionable steps you can take in your business and in your personal life to protect you from hackers from his Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker book:
- NEVER use any kind of public network (hotel, restaurant, transport etc.) even when travelling.
- NEVER open ANY PDF file on anything other than your desktop and only once scanned (but even then some malware might pass anti-virus).
- Anybody using the same private network as you HAS to apply Rule #1 and #2 otherwise there is a breach.
The above rules may not result in complete prevention, but they should reduce your exposure.
A word of warning, though: If you plan to attend the keynote address: Mitnick has been known to use unsuspecting volunteers from audiences to show how he can steal someone’s identity in three minutes.
You might want to make sure all of your phones and electronic devices are powered down. Just a suggestion.
Kevin Mitnick will present the Data Center World keynote address on Tuesday, April 4, from 4 p.m.-5:15 p.m. Register today.