Social Engineering 101: Mitnick and other hackers show how it's done
NEW YORK--Kevin Mitnick knows that the weakest link in any security system is the person holding the information.
As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering--manipulating people into doing what you want, such as giving out passwords and other information that unlocks sensitive information on networks.
Kevin Mitnick takes the stage at the Last HOPE conference.
(Credit: Elinor Mills)Mitnick and a panel of other hackers discussed their social engineering pranks and gave live demonstrations at the Live HOPE (Hackers on Planet Earth) conference late on Saturday.
"Everything happened more than five years ago" and the statute of limitations has passed, he said. "I never said I didn't deserve to be punished, but it really went overboard putting me in solitary confinement" for eight months.
Mitnick, who was released in 2001 after serving five years in jail, announced that he has a contract to write his life story and showed a preview for a reality-based TV series in development in which he would test corporate networks by trying to break into them. As part of his plea agreement, he was banned from writing a tell-all until 2007. He also runs a security consulting firm and lectures.
Dubbed the "most dangerous hacker in the world," Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said.
Mitnick didn't do any whistling on Saturday, but in his keynote following the panel he talked about how he listened in on FBI phone calls during the three years he evaded the FBI, left them doughnuts when he narrowly escaped raids and was chased down by a helicopter. He also demonstrated how to be able to see the phone numbers of callers on caller ID even when they have their number set to be blocked.
Below are some videos taken during the panel:
Mitnick and HOPE organizer Emmanuel Goldstein swap stories about using social engineering to get IDs and directories out of workers at telephone central offices.
Mitnick tells attendees at the Last HOPE conference about how he used social engineering on workers at a Hollywood telephone company central office in the middle of the night.
Goldstein does a live phone prank on a Starbucks employee offering aid for laid off employees from the fictional "Last HOPE Foundation" during a social-engineering panel at Last HOPE.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
He turned himself in if I'm not mistaken.
Linus Torvalds is a hacker, Kevin Mitnick is cracker.
b) if you make computers for fools, fools end-up using them.
So, the credit for the security problems of having fools using computers should be given to microsoft and not those who scum on them.
c) he was tracked down by a pirate hunter and e-crime forensic specialist called Tsutomu Shimomura
If you need to read a book, read the books he read to get Mitnick.
If I said that Mitnick was a really "cool" guy, would you think that I was referring to his internal temperature? Or would you understand as well that the definition of the word "cool" has also changed over time to mean more than temperature?
He is light on technical skills but as anyone who knows even the slightest about security, he used the one tool that can get past any hardened system, no matter how solid it is. The weak link in security are the users and most users are woefully ignorant about security. Social Engineering works because either companies haven't spent enough time drilling security into the head of every employee from CEO down to the janitor. You can spend $1 billion on security and have the best of everything with a network team to match and it can still be beaten by a slick talker and an ignorant employee.
People look down on social engineers but they are the most effective at breaking into systems.
JT
www.FireMe.To/udi
Sort of "War Games" meets "Catch Me If You Can"
Maybe they can get Tom Hanks to do a reprisal on the FBI guy.
Kevin? I vote for Shia LeBeouf. He even looks a little like him.
it's called hackers : takedown
http://www.imdb.com/title/tt0159784/
N.
http://www.chilipress.com/technology.php
The pathetic thing is Emmanual (a.k.a. "The Pedophile Wookie") always uses the same stunt on Starbucks. This is like the 3rd HOPE he has done the same exact thing. I am beginning to wonder if it's a friend that works there. Mitnick, The Wookie and their cronies have no real talent.....except fooling feable minded individuals (Kids and Media).
Not really, but they do much much more damage than a cracker could do with far less effort.
In the end does it matter if the social engineer has no technical skills? He owns your network and data despite the lack of technical knowledge.
He paid his debt to society. What would you have him do?
a. Work in a non-computer related field
b. Use his experiences to help people
c. Go back to his old ways.
I don't condone what he did, but regardless of whether he is making money from spreading the word or not, he is providing a valuable service and by doing so is making amends.
You don't seem to mind that Microsoft makes money from their illegal activities. Why the double standard? I guarantee you that as much damage as Mitnick did, it pales in comparison to the damage that MS causes.
I am not sure what is more sad, that the someone cooked up this obvious lie or that a judge was stupid enough to believe it.
http://www.youtube.com/watch?v=q3S0RjrXhw0
SEND KEVIN BACK!
- by wyoming.knott July 25, 2008 4:08 PM PDT
- ^Media prostitute^ ... since ***** is censored on cnet.
- Reply to this comment
-
(29 Comments)