Kevin Mitnick
-
Upload
karan-bansal -
Category
Software
-
view
213 -
download
0
description
Transcript of Kevin Mitnick
The Art of Deception
Kevin Mitnick
Famous Social Engineer Hacker• Went to prison for hacking• Became ethical hacker
"People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
Kevin Mitnick
Arrested and convicted on several counts of computer crime,
including hacking and theft of intellectual property
Kevin Mitnick
Arrested and convicted on several counts of computer crime,
including hacking and theft of intellectual property
Began at age 12 with faking punch cards for the bus system to
gain free rides and continued on to phone phreaking.
Kevin Mitnick
Arrested and convicted on several counts of computer crime,
including hacking and theft of intellectual property
Began at age 12 with faking punch cards for the bus system to
gain free rides and continued on to phone phreaking.
Used social engineering to steal passwords to company systems.
Kevin Mitnick
Arrested and convicted on several counts of computer crime,
including hacking and theft of intellectual property
Began at age 12 with faking punch cards for the bus system to
gain free rides and continued on to phone phreaking.
Used social engineering to steal passwords to company systems
He still believes this is far easier to do, even today, than hacking
into a system.
Kevin Mitnick
Arrested and convicted on several counts of computer crime,
including hacking and theft of intellectual property
Began at age 12 with faking punch cards for the bus system to
gain free rides and continued on to phone phreaking.
Used social engineering to steal passwords to company systems
He still believes this is far easier to do, even today, than hacking
into a system.
Since his release from prison, Kevin has started his own computer
security company and gives talks around the country about social
engineering and other security topics.
What is Social Engineering?
What is Social Engineering?
• Attacker uses human interaction to obtain or compromise information
What is Social Engineering?
• Attacker uses human interaction to obtain or compromise information
• Attacker my appear unassuming or respectableo Pretend to be a new employee, repair man, etc.o May even offer credentials
What is Social Engineering?
• Attacker uses human interaction to obtain or compromise information
• Attacker my appear unassuming or respectableo Pretend to be a new employee, repair man, etc.o May even offer credentials
• By asking questions, the attacker may piece enough information together to infiltrate a companies networko May attempt to get information from many sources
Kevin Mitnick - Art of Deception:
Kevin Mitnick - Art of Deception:
• "People inherently want to be helpful and therefore are easily duped"
Kevin Mitnick - Art of Deception:
• "People inherently want to be helpful and therefore are easily duped"
• "They assume a level of trust in order to avoid conflict"
Kevin Mitnick - Art of Deception:
• "People inherently want to be helpful and therefore are easily duped"
• "They assume a level of trust in order to avoid conflict"
• "It's all about gaining access to information that people think is innocuous when it isn't"
Kevin Mitnick - Art of Deception:
• "People inherently want to be helpful and therefore are easily duped"
• "They assume a level of trust in order to avoid conflict"
• "It's all about gaining access to information that people think is innocuous when it isn't"
• Here a nice voice on the phone, we want to be helpful
Kevin Mitnick - Art of Deception:
• "People inherently want to be helpful and therefore are easily duped"
• "They assume a level of trust in order to avoid conflict"
• "It's all about gaining access to information that people think is innocuous when it isn't"
• Here a nice voice on the phone, we want to be helpful
• Social engineering cannot be blocked by technology alone
Examples of Social Engineering
Examples of Social Engineering
• Kevin Mitnick talks his way into central Telco office
Examples of Social Engineering
• Kevin Mitnick talks his way into central Telco officeo Tells guard he will get a new badge
Examples of Social Engineering
• Kevin Mitnick talks his way into central Telco officeo Tells guard he will get a new badgeo Pretend to work there, give manager name from another
branch
Examples of Social Engineering
• Kevin Mitnick talks his way into central Telco officeo Tells guard he will get a new badgeo Pretend to work there, give manager name from another
brancho Fakes a phone conversation when caught
Examples of Social Engineering
• Kevin Mitnick talks his way into central Telco officeo Tells guard he will get a new badgeo Pretend to work there, give manager name from another
brancho Fakes a phone conversation when caught
• Free food at McDonalds
Examples of Social Engineering
• Kevin Mitnick talks his way into central Telco officeo Tells guard he will get a new badgeo Pretend to work there, give manager name from another
brancho Fakes a phone conversation when caught
• Free food at McDonalds
Live Example
Live Example
• Convinced friend that I would help fix their computer
Live Example
• Convinced friend that I would help fix their computer
• People inherently want to trust and will believe someone when they want to be helpful
Live Example
• Convinced friend that I would help fix their computer
• People inherently want to trust and will believe someone when they want to be helpful
• Fixed minor problems on the computer and secretly installed remote control software
Live Example
• Convinced friend that I would help fix their computer
• People inherently want to trust and will believe someone when they want to be helpful
• Fixed minor problems on the computer and secretly installed remote control software
• Now I have total access to their computer through ultravnc viewer
Weakest Link?
Weakest Link?
• No matter how strong your:o Firewallso Intrusion Detection Systemso Cryptographyo Anti-virus software
Weakest Link?
• No matter how strong your:o Firewallso Intrusion Detection Systemso Cryptographyo Anti-virus software
• You are the weakest link in computer security!o People are more vulnerable than computers
Weakest Link?
• No matter how strong your:o Firewallso Intrusion Detection Systemso Cryptographyo Anti-virus software
• You are the weakest link in computer security!o People are more vulnerable than computers
• "The weakest link in the security chain is the human element" -Kevin Mitnick
Conclusion
Social Engineering will always exist, and it is
extremely difficult to defend against, but the
success of such attacks can be decreased
substantially with proper policy and personnel
training
Policy from a Social Engineer
“The Art of Deception” – K. Mitnick
Policy from a Social Engineer
“The Art of Deception” – K. Mitnick
Kevin Mitnick outlines an excellent security policy at
the end of the book with detailed reasoning at every
level to defend against Social Engineering Attacks.
Policy from a Social Engineer
“The Art of Deception” – K. Mitnick
Kevin Mitnick outlines an excellent security policy at
the end of the book with detailed reasoning at every
level to defend against Social Engineering Attacks.
This book teaches you the tricks of deception so that
you can learn how to protect against them.
Policy from a Social Engineer
“The Art of Deception” – K. Mitnick
Kevin Mitnick outlines an excellent security policy at
the end of the book with detailed reasoning at every
level to defend against Social Engineering Attacks.
This book teaches you the tricks of deception so that
you can learn how to protect against them.
This is a must read for all security professionals.
Questions?