Social Engineering 101: Mitnick and other hackers show how it's done

NEW YORK--Kevin Mitnick knows that the weakest link in any security system is the person holding the information.

As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering--manipulating people into doing what you want, such as giving out passwords and other information that unlocks sensitive information on networks.

Kevin Mitnick takes the stage at the Last HOPE conference.

(Credit: Elinor Mills)

Mitnick and a panel of other hackers discussed their social engineering pranks and gave live demonstrations at the Live HOPE (Hackers on Planet Earth) conference late on Saturday.

"Everything happened more than five years ago" and the statute of limitations has passed, he said. "I never said I didn't deserve to be punished, but it really went overboard putting me in solitary confinement" for eight months.

Mitnick, who was released in 2001 after serving five years in jail, announced that he has a contract to write his life story and showed a preview for a reality-based TV series in development in which he would test corporate networks by trying to break into them. As part of his plea agreement, he was banned from writing a tell-all until 2007. He also runs a security consulting firm and lectures.

Dubbed the "most dangerous hacker in the world," Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said.

Mitnick didn't do any whistling on Saturday, but in his keynote following the panel he talked about how he listened in on FBI phone calls during the three years he evaded the FBI, left them doughnuts when he narrowly escaped raids and was chased down by a helicopter. He also demonstrated how to be able to see the phone numbers of callers on caller ID even when they have their number set to be blocked.

Below are some videos taken during the panel:

Mitnick and HOPE organizer Emmanuel Goldstein swap stories about using social engineering to get IDs and directories out of workers at telephone central offices.

Mitnick tells attendees at the Last HOPE conference about how he used social engineering on workers at a Hollywood telephone company central office in the middle of the night.

Goldstein does a live phone prank on a Starbucks employee offering aid for laid off employees from the fictional "Last HOPE Foundation" during a social-engineering panel at Last HOPE.

[gadimari]

who caught this guy?

[brotherbbad]

The cops if I'm not mistaken....

[mrcoder]

The only person who can catch Mitnick is Mitnick.

He turned himself in if I'm not mistaken.

[pelasgian-adslgr-com]

a) he's not a hacker
Linus Torvalds is a hacker, Kevin Mitnick is cracker.

b) if you make computers for fools, fools end-up using them.
So, the credit for the security problems of having fools using computers should be given to microsoft and not those who scum on them.

c) he was tracked down by a pirate hunter and e-crime forensic specialist called Tsutomu Shimomura
If you need to read a book, read the books he read to get Mitnick.

[name_of_shame]

The cops ate the doughnuts he left.

[name_of_shame]

The cops ate the doughnuts he left.

[The_Decider]

You can't really call Mitnick a hacker(give up trying to reclaim the word, it now means both cracker and clever programmer) or cracker.

He is light on technical skills but as anyone who knows even the slightest about security, he used the one tool that can get past any hardened system, no matter how solid it is. The weak link in security are the users and most users are woefully ignorant about security. Social Engineering works because either companies haven't spent enough time drilling security into the head of every employee from CEO down to the janitor. You can spend $1 billion on security and have the best of everything with a network team to match and it can still be beaten by a slick talker and an ignorant employee.

People look down on social engineers but they are the most effective at breaking into systems.

[JimmyCrackhead]

Absolutely amazing. What a cool guy he must be. I would love to meet him and hang out.

JT
www.FireMe.To/udi

[Johnr34231]

Do I sense movie potential here.

Sort of "War Games" meets "Catch Me If You Can"

Maybe they can get Tom Hanks to do a reprisal on the FBI guy.

Kevin? I vote for Shia LeBeouf. He even looks a little like him.

[mnovickar]

What about this thought - is the social engineering just more geekier than running a con or am I wrong??

N.
http://www.chilipress.com/technology.php

[thedreaming]

He's milking the "social engineering" thing again isn't he? Not the first time, won't be the last.

[livecrunch]

Mitnick was my hero lol , when I was hacker wanna be 10 years ago I even bought shirt "free kevin" , anyways those script kid days are over, and he is still someone that is to adore of how security of gov can be so low protected.

[SecurityNympho]

First off...who cares about whatever title a person is given.....thats lame. Hacker, Cracker, Phone HiJacker.......it's a title not worth arguing about.

The pathetic thing is Emmanual (a.k.a. "The Pedophile Wookie") always uses the same stunt on Starbucks. This is like the 3rd HOPE he has done the same exact thing. I am beginning to wonder if it's a friend that works there. Mitnick, The Wookie and their cronies have no real talent.....except fooling feable minded individuals (Kids and Media).

[3r14nd]

The movie already exists....It's Tsutomu Shimomura version of the movie but it's out. It's called "trackdown". It's a good movie you should go get it.

[WJeansonne]

Only in America can crook profit from his or her illegal activities--past and present! What a joke our society is becoming.

[TimeTraveler2000]

Actually the movie is called 'Takedown', and Ill agree it is entertaining, tho Ive also read that K.M. was not very happy with the way the story was told.

[The_Decider]

"Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said."

I am not sure what is more sad, that the someone cooked up this obvious lie or that a judge was stupid enough to believe it.

[richardpots]

well if you guys missed the event, I found a youtube video of the talk that kevin mitnick gave during hope. it's pretty cool, and shows his method of unmasking caller-ids.

http://www.youtube.com/watch?v=q3S0RjrXhw0

[wyoming.knott]

Mitnick is a media ***** whose knowledge and techniques are well known by everyone. He is irrelevant. He's just using his previous illegal activity to continue to make money. He's adding NOTHING new to the discussion.

SEND KEVIN BACK!

[wyoming.knott]

^Media prostitute^ ... since ***** is censored on cnet.