Kevin Mitnick, recognised as one of the most famous hackers in the world, says humans are still the weakest link in the security chain when it comes to gaining access to a company’s network.
“It’s much easier to hack a human,” Mitnick told Tech Guide.
Mitnick is a leading authority in cyber security and an advisor to make individuals, corporations and governments aware of the online risks.
He will be in Australia in August to demonstrate technical vulnerabilities and social engineering.
“Social engineering is using manipulation, deception and influence to get a target to comply with the request. Today it’s usually done through email,” Mitnick said.
“When the target receives the email – it could be click on this link and put in your credentials user name and password.
“Or click on this attachment and when the victim complies with that request – it looks fair and reasonable and in the course of ordinary business – they are exploited. Now a hacker has access to their entire system.”
Mitnick says it’s the human element that’s the easiest path into any corporate system.
“Where companies fall short is they think security is mainly a technical problem which it largely is but computers are used by people so if the people can be tricked into doing things then the hacker gains access to their network,” he said.
Mitnick, until his arrest in 1995, had cracked the security of some of the most well-guarded corporate systems including IBM, Sun Microsystems, Motorola and Nokia.
“I was breaking the law and accessing the system without authorisation mainly for the intellectual curiosity, the challenge, the seduction and the adventure,” he said.
“I didn’t attempt to or did I make a dime or any type of monetary gain nor did I try to destroy things.
“It was all about being able to bypass security systems.”
He has since changed his ways and reinvented himself “white hat hacker” where he acts as a security consultant to Fortune 500 companies and even governments worldwide.
Mitnick got the taste for hacking as a child when he got into phone phreaking that allowed free long distance calls.
A self-confessed prankster, Mitnick would change the status of his friends’ home phones to pay phones so they would be instructed to deposit a coin every time they picked up their phone.
Steve Jobs and Steve Wozniak – before they co-founded a little company called Apple in 1976 – were also part of the “phreaker” community.
As systems became more sophisticated and computerised, Mitnick continued developing his skills despite not being able to afford a computer or a modem in the 70s which then cost thousands of dollars.
Mitnick would instead use computer terminals at his local university.
In his current work, Mitnick has exposed vulnerabilities in several large companies.
On one occasion, he wrote himself a $6 million cheque using a client’s internal system and also hacked and copied another Fortune 500 company’s entire data and intellectual property onto a hard-drive after being told their system was unhackable.
After the closely run Federal election, electronic voting has been put forward as an alternative but Mitnick says security has to be a priority.
“I know of voting systems that were tested in other countries who are determined to contain security vulnerabilities that may have been exploited,” he told Tech Guide.
“Moving to electronic voting, the government or whoever is in charge of the voting process really needs to make sure that they have the security controls around that system – and make it very difficult to manipulate the vote.”
Mitnick has experience in this area with his security team being called in by the Ecuador government to protect, monitor and tabulate the country’s 2013 elections to prevent tampering and manipulations.
So what are Mitnick’s tips about staying safe online?
1. Use a password generator – there are plenty of passwords managers that can create and manage long and complex passwords for each of your online accounts. It’s impossible for a human to do this which is why many use the same password on multiple sites.
2. Use a VPN service on an open wireless network – if connecting to an unsecured network, use a VPN (virtual private network) like the Norton Wi-Fi Privacy app so it can make your data invisible from snooping hackers on the same network.
3. Use two factor authentication – rather than relying on just a password, two-factor authentication sends you a code via text message as the second level of security.
4. Open attachments on Google docs – when opening attachments use a cloud service like Google Docs so your computer’s software can’t be exposed.
Kevin Mitnick will be in Sydney on August 24 and in Melbourne on August 26 for his event – Cyber Threats: Insights from the world’s most famous hacker.
Tickets are available from www.mitnicklive.com