ZDNet UK / News and Analysis / Security / Security Management

Kevin Mitnick: The great pretender

By , ZDNet.co.uk, 14 June, 2006 11:40

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

stories, Hacking, Book, Hacker, Kevin Mitnick, notorious, tales, The Art of Deception, The Art of Intrusion

Q&A

Ten years ago there wasn't much of a World Wide Web to exploit, but there were still hackers — or more accurately crackers. Without the current glut of naive Web users to exploit, would-be cyber-thieves and vandals had to be somewhat more creative, and one of the most creative and infamous was Kevin Mitnick.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison — eight months of it in solitary confinement.

In his days on the wrong side of the law, Mitnick used so-called social engineering techniques to fool users into handing over sensitive information. Rather than overt technical hacks, he was able to convince employees to hand over information that enabled him to hack systems, while redirecting telephone signals to avoid detection by the authorities.

Following his run in with law, Mitnick now puts his powers of persuasion to good, running a company that advises businesses on avoiding social engineering attacks.

ZDNet UK caught up with the ex-cracker, ahead of his keynote speech on the "art of deception" at the MIS CISO Executive Summit in Barcelona, to discuss developments in social engineering, new US laws monitoring telephone systems, and alleged "NASA hacker" Gary McKinnon's impending extradition to the US.

Q: How big a problem is social engineering for businesses? Is it becoming a more widely used tactic?
A: It's a substantial problem — a lot of malware is associated with social engineering. Social engineering plays a big part in exploiting known vulnerabilities in software.

Are you seeing any new attack methods?
They use the same methods they always have — using a ruse to deceive, influence, or trick people into revealing information that benefits the attackers. These attacks are initiated, and in a lot of cases the victim doesn't realise. Social engineering plays a large part in the propagation of spyware. Usually attacks are blended, exploiting technological vulnerabilities and social engineering.

What can businesses do to safeguard themselves?
Businesses should train people to try to recognise possible attacks.

What are some of the give-away signs to look for in a potential social engineering attack?
Mostly it's gut instinct — if something doesn't look or feel right. If someone is calling on the telephone, but they...

Related stories

Do hackers have a role in corporate security?

Man arrested for porn domain deceit

Mitnick calls for hackers' war stories

Mitnick warns on dangers of social engineering

Human firewalls are a must, says Mitnick

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

ju1ce

new to dropbox? sign up here and we both get a 500mb bonus! http://db.tt/aM4pWbT

11 minutes ago by ju1ce on Secure2Share: securing your Dropbox
Random_Error

The only way a touch monitor would be any good is if it were horizontal on the desk, with a virtual keyboard so you could do away with that as well...

1 hour ago by Random_Error on Windows 8 could speed multi-monitor uptake
JBDragon

This is just dumb! Forget that I think Windows 8 will bomb, but really, people are going to go out and buy touch Monitors now??? Just pretend...

3 hours ago by JBDragon on Windows 8 could speed multi-monitor uptake
Jake Rayson

@Andy Bolstridge > Unfortunately, we need the majority to work 9-5 And therein lies the lie. I work very hard indeed for my idleness, early starts...

4 hours ago by Jake Rayson on The Idle Self-employed
Burn-IT

What happens when one hosting platform "acquires data" from another? If I forced the first one to remove it, who is responsible for chasing the...

9 hours ago by Burn-IT on Google picks holes in EU's 'right to be forgotten'
JohnTalich

iSpring Pro is a nice tool, that allows PowerPoint to SCORM conversion. They also have free tool, that also generates SCORM compliant courses.

13 hours ago by JohnTalich on How To Convert PowerPoint To SCORM Compliant Course
aaron.sloman

I think the answer to the question requires a deeper analysis of where the income can come from who else is now competing for it, who else will be...

21 hours ago by aaron.sloman on The three big questions about Facebook's IPO
Brent Pieczynski

Your correctness about Government websites not being compliant with their own websites is correct. Most criticism of other people takes so many...

1 day ago by Brent Pieczynski on Privacy watchdog to chase big companies over cookie law
Kelvyn Taylor

802.11ac does promise some tricks to improve range & reliability, but not sure how these will work in practice until I get real products to play...

1 day ago by Kelvyn Taylor via Facebook on Next-generation 802.11ac routers
mrudang009

My wife and I love our new Kindle Fire. It's lightweight, easy to use and has a great interface. The first thing I recommend anyone with a new...

1 day ago by mrudang009 on Waterstones to sell Kindles with in-store offers
mrudang009

It basically unlocks all the Android marketplace apps and unlocks the device. I am one very happy Kindle owner!

1 day ago by mrudang009 on Waterstones to sell Kindles with in-store offers
Burn-IT

Skittles with tapes and coffee cups. Old tapes so we didn't have to rewind them afterwards.

1 day ago by Burn-IT on Ten IT jobs to save up for those rare lulls
Fraud_fighter

What is mildly amusing to me is when someone thinks a strong password is as strong as one may need, when the truth is usernames and passwords are...

1 day ago by Fraud_fighter on Passwords are here to stay: get used to it
Andy Bolstridge

Performance isn't really the big thing at the moment - not when my ADSL connection will only provide a 8mbps bottleneck to the 3.5gbps speeds these...

1 day ago by Andy Bolstridge via Facebook on Next-generation 802.11ac routers
pjc158

So when is Amazon buying Waterstones?

1 day ago by pjc158 on Waterstones to sell Kindles with in-store offers
J.A. Watson

@JoshArg - Well, I am writing this from my N150 Plus, running Ubuntu 12.04 and using a Bluetooth mouse (well, to be totally correct it is a...

1 day ago by J.A. Watson on Samsung N150 Plus Netbook - Ubuntu Netbook Edition 10.04
J.A. Watson

@duncanjmurray - At least n the case of the specific system I put the SSD into, it is not the case. The boot time improvement is substantial, but...

1 day ago by J.A. Watson on Netbook Upgrade - SSD IN, Windows OUT
archerthom

Sounds like only those who have bought their Kindle from Waterstones will be able to use them in-store - very disappointing. I have no intention...

1 day ago by archerthom on Waterstones to sell Kindles with in-store offers
AndyPagin

From my mainframe operating days... 1) Play hoopla with write permit rings & a can of screen cleaner. 2) Make enormous paper chains (Christmas...

1 day ago by AndyPagin on Ten IT jobs to save up for those rare lulls
61253

An OS X perspective Filenames beginning with a dot/period (.) should not be equated with HFS Plus resource forks; misunderstandings around ._ (dot...

1 day ago by 61253 on SharePoint deployment: Pitfalls of a pioneer

Latest in Security Management

NHS patients' health data to be anonymised and shared

Apple releases Flashback tool for Mac OS X 10.5

IPv6 security: What you need to know

Featured white papers

CIO challenges: Bringing your iPad to work

Aruba Networks

CIO challenges: Bringing your iPad to work

The arrival of personal technology in the office is a challenge for all organisations, but how can it be adapted securely for corporate... Read more

Hacktivism: Threats and reality for IT managers

ZDNet UK

Hacktivism: Threats and reality for IT managers

As high-profile breaches involving consumer data become the norm, this guide looks at where hacking is heading and what individuals can do to protect against possible attacks, from securing data to creating more secure email... Read more

How to defend mobile applications

HP

How to defend mobile applications

Your customers can now perform sensitive transactions anywhere, and mobile apps, devices and data can be more easily attacked. How can you defend against mobile... Read more

Inside ZDNet UK

Asus Transformer Pad TF300T

Asus Transformer Pad TF300T

Passwords are here to stay: get used to it

Passwords are here to stay: get used to it

How to gain total message system visibility

How to gain total message system visibility

HTC One V: First take

HTC One V: First take

SharePoint deployment: The final chapter

SharePoint deployment: The final chapter

Ten IT jobs to save up for those rare lulls

Ten IT jobs to save up for those rare lulls

How fast is your broadband?

How fast is your broadband?