• On GameSpot: So-called 'Halo killer' gets 23 to life
July 20, 2008 10:36 AM PDT

Social Engineering 101: Mitnick and other hackers show how it's done

by Elinor Mills

NEW YORK--Kevin Mitnick knows that the weakest link in any security system is the person holding the information.

As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering--manipulating people into doing what you want, such as giving out passwords and other information that unlocks sensitive information on networks.

Kevin Mitnick takes the stage at the Last HOPE conference.

(Credit: Elinor Mills)

Mitnick and a panel of other hackers discussed their social engineering pranks and gave live demonstrations at the Live HOPE (Hackers on Planet Earth) conference late on Saturday.

"Everything happened more than five years ago" and the statute of limitations has passed, he said. "I never said I didn't deserve to be punished, but it really went overboard putting me in solitary confinement" for eight months.

Mitnick, who was released in 2001 after serving five years in jail, announced that he has a contract to write his life story and showed a preview for a reality-based TV series in development in which he would test corporate networks by trying to break into them. As part of his plea agreement, he was banned from writing a tell-all until 2007. He also runs a security consulting firm and lectures.

Dubbed the "most dangerous hacker in the world," Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said.

Mitnick didn't do any whistling on Saturday, but in his keynote following the panel he talked about how he listened in on FBI phone calls during the three years he evaded the FBI, left them doughnuts when he narrowly escaped raids and was chased down by a helicopter. He also demonstrated how to be able to see the phone numbers of callers on caller ID even when they have their number set to be blocked.

Below are some videos taken during the panel:

Mitnick and HOPE organizer Emmanuel Goldstein swap stories about using social engineering to get IDs and directories out of workers at telephone central offices.

Mitnick tells attendees at the Last HOPE conference about how he used social engineering on workers at a Hollywood telephone company central office in the middle of the night.

Goldstein does a live phone prank on a Starbucks employee offering aid for laid off employees from the fictional "Last HOPE Foundation" during a social-engineering panel at Last HOPE.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
advertisement
Click here!
Recent posts from Security
Microsoft to fix holes in Windows, Office
Google privacy controls: Most people won't care
Zero-day flaw found in Web encryption
Mac Game: Art project or malware?
Corporate bank accounts targeted in online fraud
Hacker breaks into jailbroken iPhones, asks for $7
Malwarebytes accuses rival of software theft
Security firm M86 acquires Finjan
Add a Comment (Log in or register) (29 Comments)
  • prev
  • 1
  • next
by gadimari July 20, 2008 11:48 AM PDT
who caught this guy?
Reply to this comment
by brotherbbad July 20, 2008 1:42 PM PDT
The cops if I'm not mistaken....
Reply to this comment
by mrcoder July 20, 2008 2:57 PM PDT
The only person who can catch Mitnick is Mitnick.

He turned himself in if I'm not mistaken.
Reply to this comment
by misfire99 July 20, 2008 3:50 PM PDT
And you are. The FBI busted him. You know there is this really great tool called google. Try it you'll like it.
by pelasgian-adslgr-com July 20, 2008 4:09 PM PDT
a) he's not a hacker
Linus Torvalds is a hacker, Kevin Mitnick is cracker.

b) if you make computers for fools, fools end-up using them.
So, the credit for the security problems of having fools using computers should be given to microsoft and not those who scum on them.

c) he was tracked down by a pirate hunter and e-crime forensic specialist called Tsutomu Shimomura
If you need to read a book, read the books he read to get Mitnick.
Reply to this comment
by stix213 July 21, 2008 10:18 AM PDT
Anyone who still claims that the definition of "hacker" doesn't include "cracker" is a moron and is stuck in the 1980's. Definitions of words change overtime, including "hacker."

If I said that Mitnick was a really "cool" guy, would you think that I was referring to his internal temperature? Or would you understand as well that the definition of the word "cool" has also changed over time to mean more than temperature?
by name_of_shame July 20, 2008 9:18 PM PDT
The cops ate the doughnuts he left.
Reply to this comment
by name_of_shame July 20, 2008 9:19 PM PDT
The cops ate the doughnuts he left.
Reply to this comment
by The_Decider July 21, 2008 1:50 AM PDT
You can't really call Mitnick a hacker(give up trying to reclaim the word, it now means both cracker and clever programmer) or cracker.

He is light on technical skills but as anyone who knows even the slightest about security, he used the one tool that can get past any hardened system, no matter how solid it is. The weak link in security are the users and most users are woefully ignorant about security. Social Engineering works because either companies haven't spent enough time drilling security into the head of every employee from CEO down to the janitor. You can spend $1 billion on security and have the best of everything with a network team to match and it can still be beaten by a slick talker and an ignorant employee.

People look down on social engineers but they are the most effective at breaking into systems.
Reply to this comment
by JimmyCrackhead July 21, 2008 4:32 AM PDT
Absolutely amazing. What a cool guy he must be. I would love to meet him and hang out.

JT
www.FireMe.To/udi
Reply to this comment
by Johnr34231 July 21, 2008 4:36 AM PDT
Do I sense movie potential here.

Sort of "War Games" meets "Catch Me If You Can"

Maybe they can get Tom Hanks to do a reprisal on the FBI guy.

Kevin? I vote for Shia LeBeouf. He even looks a little like him.
Reply to this comment
by bioskaz July 21, 2008 5:45 AM PDT
there already is a movie about him...
it's called hackers : takedown
by mallchin July 21, 2008 7:33 AM PDT
Someone beat you to it.

http://www.imdb.com/title/tt0159784/
by mnovickar July 21, 2008 6:29 AM PDT
What about this thought - is the social engineering just more geekier than running a con or am I wrong??

N.
http://www.chilipress.com/technology.php
Reply to this comment
by The_Decider July 21, 2008 9:31 AM PDT
No it is simply a con.
by thedreaming July 21, 2008 9:13 AM PDT
He's milking the "social engineering" thing again isn't he? Not the first time, won't be the last.
Reply to this comment
by livecrunch July 21, 2008 9:13 AM PDT
Mitnick was my hero lol , when I was hacker wanna be 10 years ago :) I even bought shirt "free kevin" , anyways those script kid days are over, and he is still someone that is to adore of how security of gov can be so low protected.
Reply to this comment
by SecurityNympho July 21, 2008 9:15 AM PDT
First off...who cares about whatever title a person is given.....thats lame. Hacker, Cracker, Phone HiJacker.......it's a title not worth arguing about.

The pathetic thing is Emmanual (a.k.a. "The Pedophile Wookie") always uses the same stunt on Starbucks. This is like the 3rd HOPE he has done the same exact thing. I am beginning to wonder if it's a friend that works there. Mitnick, The Wookie and their cronies have no real talent.....except fooling feable minded individuals (Kids and Media).
Reply to this comment
by The_Decider July 21, 2008 9:34 AM PDT
No real talent?

Not really, but they do much much more damage than a cracker could do with far less effort.

In the end does it matter if the social engineer has no technical skills? He owns your network and data despite the lack of technical knowledge.
by 3r14nd July 21, 2008 9:36 AM PDT
The movie already exists....It's Tsutomu Shimomura version of the movie but it's out. It's called "trackdown". It's a good movie you should go get it.
Reply to this comment
by chesh1410 July 21, 2008 10:34 AM PDT
Actually, it was called Takedown. http://www.imdb.com/title/tt0159784/
by WJeansonne July 21, 2008 10:43 AM PDT
Only in America can crook profit from his or her illegal activities--past and present! What a joke our society is becoming.
Reply to this comment
by The_Decider July 21, 2008 12:57 PM PDT
Only an MS fan could not comprehend how important it is that this sort of information is spread widely.

He paid his debt to society. What would you have him do?

a. Work in a non-computer related field
b. Use his experiences to help people
c. Go back to his old ways.

I don't condone what he did, but regardless of whether he is making money from spreading the word or not, he is providing a valuable service and by doing so is making amends.

You don't seem to mind that Microsoft makes money from their illegal activities. Why the double standard? I guarantee you that as much damage as Mitnick did, it pales in comparison to the damage that MS causes.
by TimeTraveler2000 July 21, 2008 10:45 AM PDT
Actually the movie is called 'Takedown', and Ill agree it is entertaining, tho Ive also read that K.M. was not very happy with the way the story was told.
Reply to this comment
by The_Decider July 21, 2008 1:02 PM PDT
"Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said."

I am not sure what is more sad, that the someone cooked up this obvious lie or that a judge was stupid enough to believe it.
Reply to this comment
by richardpots July 21, 2008 1:24 PM PDT
well if you guys missed the event, I found a youtube video of the talk that kevin mitnick gave during hope. it's pretty cool, and shows his method of unmasking caller-ids.

http://www.youtube.com/watch?v=q3S0RjrXhw0
Reply to this comment
by wyoming.knott July 25, 2008 4:04 PM PDT
Mitnick is a media ***** whose knowledge and techniques are well known by everyone. He is irrelevant. He's just using his previous illegal activity to continue to make money. He's adding NOTHING new to the discussion.

SEND KEVIN BACK!
Reply to this comment
by wyoming.knott July 25, 2008 4:07 PM PDT
I can't believe that ***** is a censored word on cnet. ***** == prostitute.
by wyoming.knott July 25, 2008 4:08 PM PDT
^Media prostitute^ ... since ***** is censored on cnet.
Reply to this comment
(29 Comments)
  • prev
  • 1
  • next
advertisement

FAQ: Buying the right Windows 7 upgrade

Readers still have lots of questions on just which version of the software they need to buy in order to upgrade their PC. CNET News tries to offer some answers.

N.Y. lawsuit details Intel's 'largesse' toward Dell

Attorney General Andrew Cuomo's federal antitrust case filed Wednesday alleges a longstanding symbiotic relationship between Intel and Dell.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right