“They don’t make a patch for stupid.” Famous hacker Kevin Mitnick launched into his keynote at the Atlantic Design and Manufacturing show in New York City by explaining that gullibility is the biggest vulnerability in corporate and government cybersecurity. He then spent the next hour demonstrating how to gain access to networks by discovering employee log-in credentials.
In his talk, “How Hackers and Con Artists Manipulate You and What You Can Do about It,” Mitnick revealed the tricks hackers use to crack into networks, defying even recent advances in security such as two-factor authentication, which often involves a combination of a password and a smartphone OK. “Just because you use two-facor authentication you’re not safe, not if they can also hack the phone system.”
Kevin Mitnick blamed users for cyber attacks during his keynote at the Atlantic Design and Manufacturing show in New York City last week.
(Source: Design News)
Mitnick began cracking networks as a teenager in the 1970s. He broke into computer networks while using cloned cellular phones to hide his location. He copied proprietary software from some of the country's largest cellular telephone and computer companies by intercepting computer passwords. This led to a well-publicized bust in 1995 and a five-year prison sentence. After leaving prison, he became a security consultant, public speaker, and author.
Your Plant. Smarter. Get informed on factory retrofitting, converging OT & IT, mastering cyber-physical transformation, predictive maintenance, 3DP in the factory, designing for maximum ROI and more in Industry 4.0: The Building Blocks of a Well-Oiled Smart Plant at Design & Manufacturing , Sept. 21-22, 2016 in Minneapolis. Register here for the event, hosted by Design News ’ parent company UBM.
While explaining there are a number of ways to crack a network, he insisted the easiest way is to follow an employee through the company’s or government office’s cyber-door. "So who’s the problem? It’s the user,” said Mitnick. “Your employees make mistakes.” He noted that the first way a hacker breaks into your system is through your company’s website. “You can see the corporate structure and the names of employees. Then you go to LinkedIn and search for titles such as system engineer web authentication. Once you get the names and titles, you can begin to connect.” He showed how easy it is to figure out email addresses when you have the company, a name, and a title. “Once you connect, then you exploit.”
He said an easy way to crack company networks is by using thumb drives that are so plentiful and freely distributed at trade shows. “You can go to conferences. Go to the memory stick bowls and swap out the free ones with weaponized sticks,” said Mitnick. “When they get home, they plug it in the USB and trust it. You can go to the root file and find passwords. You can exploit the firmware and turn the USB into a keyboard to