In his new book, former hacker Kevin Mitnick says security experts often fail to account for the human element.
(Photo by Monty Brinton - John Wiley & Sons)
_____Web Special_____
Transcript: Kevin Mitnick took questions during a one-hour discussion moderated by washingtonpost.com's Brian Krebs.
By Brian Krebs
washingtonpost.com Staff Writer Wednesday, October 2, 2002; 6:15 PM
The average U.S. corporation spends a small fortune each year constructing a virtual fortress around its information assets, but
no security technology can prevent an unsuspecting employee from being
duped into letting the enemy in through the front gate.
In their new book, "The Art of Deception," legendary hacker Kevin Mitnick and co-author William Simon explore the vulnerabilities
companies forget to guard against in their race to protect their networks against hackers.
Mitnick is a master of the territory. He has about four months left of
a three-year probation that prevents him from using e-mail or the Internet. He went to jail in 1995 for hacking into telephone companies and stealing secret code from software industry titans.
The 38-year-old Mitnick -- who has reinvented himself as a security
consultant -- rarely targeted computer systems during his days as a hacker. Insteaad, he broke into networks by tricking their users into divulging key information. Mitnick
now teaches companies how to spot gifted information thieves and their
clever cons.
In his heyday, Mitnick usually could get the information he wanted
simply by asking for it, he said. Armed with the proper lingo, knowledge of internal procedures, or data only employees would know, he would assume the identity of an insider making routine inquiries, and he warns that this type of human threat is often overlooked.
"Most people are basically trusting and can be manipulated based on
their curiosity and their willingness to be liked and helpful,"
Mitnick said in an interview.
Mitnick says he's looking forward to finally being off probation, but admits he doesn't really know what he's missing when it comes to the World Wide Web. At the time of his incarceration seven years ago, Netscape's Internet browser had only just been introduced.
"I never knew the Internet as it exists today, so it's not like I had
a taste of it and wanted to go back," he said. "But it would be nice
to use e-mail normally."
He writes and reads e-mails, but he doesn't hit the "send" button
himself. Instead, an associate in his office acts as an e-mail
intermediary.
As he awaits the end of his probation, Mitnick is trying to stave off legal bills with his new business -- and maybe a Hollywood movie deal. He's also using eBay.
Mitnick is using eBay to auction an old Toshiba laptop that was seized by the FBI in 1995. The autographed laptop -- relieved of its former contents and sporting a brand new copy of Windows 95 -- has received bids as high as $9,200.