[ISN] Ex-Hacker Preaches Unique Security Message

From: InfoSec News (isnat_private)
Date: Thu Oct 03 2002 - 00:32:24 PDT

  • Next message: InfoSec News: "[ISN] State consolidates servers, security"

    By Brian Krebs
    washingtonpost.com Staff Writer
    Wednesday, October 2, 2002; 6:15 PM 
    The average U.S. corporation spends a small fortune each year 
    constructing a virtual fortress around its information assets, but no 
    security technology can prevent an unsuspecting employee from being 
    duped into letting the enemy in through the front gate. 
    In their new book, "The Art of Deception," legendary hacker Kevin 
    Mitnick and co-author William Simon explore the vulnerabilities 
    companies forget to guard against in their race to protect their 
    networks against hackers. 
    Mitnick is a master of the territory. He has about four months left of 
    a three-year probation that prevents him from using e-mail or the 
    Internet. He went to jail in 1995 for hacking into telephone companies 
    and stealing secret code from software industry titans. 
    The 38-year-old Mitnick -- who has reinvented himself as a security 
    consultant -- rarely targeted computer systems during his days as a 
    hacker. Insteaad, he broke into networks by tricking their users into 
    divulging key information. Mitnick now teaches companies how to spot 
    gifted information thieves and their clever cons. 
    In his heyday, Mitnick usually could get the information he wanted 
    simply by asking for it, he said. Armed with the proper lingo, 
    knowledge of internal procedures, or data only employees would know, 
    he would assume the identity of an insider making routine inquiries, 
    and he warns that this type of human threat is often overlooked. 
    "Most people are basically trusting and can be manipulated based on 
    their curiosity and their willingness to be liked and helpful," 
    Mitnick said in an interview. 
    Mitnick says he's looking forward to finally being off probation, but 
    admits he doesn't really know what he's missing when it comes to the 
    World Wide Web. At the time of his incarceration seven years ago, 
    Netscape's Internet browser had only just been introduced. 
    "I never knew the Internet as it exists today, so it's not like I had 
    a taste of it and wanted to go back," he said. "But it would be nice 
    to use e-mail normally." 
    He writes and reads e-mails, but he doesn't hit the "send" button 
    himself. Instead, an associate in his office acts as an e-mail 
    As he awaits the end of his probation, Mitnick is trying to stave off 
    legal bills with his new business -- and maybe a Hollywood movie deal. 
    He's also using eBay. 
    Mitnick is using eBay to auction an old Toshiba laptop that was seized 
    by the FBI in 1995. The autographed laptop -- relieved of its former 
    contents and sporting a brand new copy of Windows 95 -- has received 
    bids as high as $9,200. 
    The reserve price has not yet been met. 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 03:02:14 PDT