Home » Weird Wide World

Kevin Mitnick

12 June 2007 One Comment

The other day I attended a small half-day conference with Kevin Mitnick [LINK] as keynote speaker. Kevin is by all accounts the "world’s most famous former hacker". Mitnick is a convicted criminal and was incarcerated for 5 years in the 90′s for stealing information in a number of different instances.

A lot of what he’s done has been exaggerated to mythical levels. For example, at one point in his life he was locked away in solitary for 8 months under the suspicion that he could set off a nuclear attack by whistling into a phone. Sadly the reality is Kevin’s exploits were primarily achieved through lying and gaining people’s confidence; the essential (and very base) skills of a grifter.  Rather than use the term "con-man" or "con" Kevin prefers the term "social engineering exploit".

He related a number of anecdotes from his past and gave a few demos and examples of how to steal identity information:

  1. How you could "in theory" install malicious software on a USB drive then have ‘autorun’ in windows install it automatically when plugged into a PC.
  2. Breaking into a phone company switchboard and re-routing calls to a script. The script asks for account number, then PIN, then tells the caller the information cannot be found and asks for further info like social security number. The point being, don’t assume the voice on the phone is your bank.
  3. How you could call up the helpdesk of a company and basically confidence scam your way into having someone give you source code. Dumpster diving etc.

He used some dramatic language like "it’s what we call "GAME OVER"" which I think detracted from the message.

I work in the banking industry and groups like audit, information security and FFIEC are top of mind constantly. No matter what you do, the weakest link in the chain is the human factor and there will always be con-men. Most attacks are "blended" so take a little from each technique and you might be on to something.

I won a copy of Kevin’s book "The Art of Deception" which he was nice enough to sign. During the signing I did ask Kevin to whistle into my phone so I could record it, but he politely refused stating he didn’t want Homeland Security breathing down his neck.

One Comment »

  • kemi said:

    Kevin Mitnick is “America’s Most Wanted Computer Outlaw” for over two years.

    # 28 July 2008 at 4:55 AM

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.