They are accused of offering advice on trading high-risk foreign currency derivatives over the social media platform
Dubai — Companies and individuals are vulnerable to cybercriminals using “social engineering” techniques to hack into their computer and mobile systems, according to one of the world’s most infamous former cybercriminals turned security consultant.
Kevin Mitnick, 51, now travels the world lecturing on cyber security threats and how to protect yourself against them. But as a young man, Mitnick was one of America’s most wanted cybercriminals, with a long record of breaking into the systems of more than 40 well-known international corporations, including IBM, Nokia and Motorola.
After years as a fugitive, Mitnick was eventually arrested by the FBI in 1995 and imprisoned for five years on the charges of computer and wire fraud, as well as charges related to the illegal interception of private communications and causing damage to computers.
Speaking to Khaleej Times at a Dell-sponsored event in Dubai on Wednesday, Mitnick explained that the easiest way for hackers to gain entry into systems is through the manipulation of human beings, rather than through technical know-how.
“Cultures are different. It’s much easier to target someone in Japan than in Russia. Different cultures have different etiquettes for trust,” he said. “An attacker who does his research targeting a particular company, understands its structure, keeps an eye on who works for them and who they do business with, can easily plan his attack and execute it. If you target one or two people at a time, it’s very effective.”
As an example, Mitnick said that hackers recently gained access to the White House by going through the unsecured e-mail of a State Department employee.
“Social engineering has a 100 per cent success rate,” he noted. “It requires lots of training, and lots of trying to attack your own people within the company. Once people become more security-aware, they are less likely to be conned.”
To prove his point, Mitnick conducted a “live-hack” demonstration in which — within the span of minutes — he seized control of an individual’s computer and intercepted log-in details of a hypothetical Emirates NBD account by sending a false but realistic-looking pop-up message requesting a software update, which was then clicked on and downloaded.
Mitnick, who claims his company has a 100 per cent success rate while penetrating major corporations to test their security over the last 14 years, said criminal hackers likely have similar success rates.
“They’re probably getting 100 per cent as well,” he said. “It’s not because we are unique and special. It’s because it’s so effective and easy to attack. It’s easy to find one or two people in an organisation that are going to be fooled.”
Mitnick noted that the best security would be through technology that pre-supposes that humans will fall victim to trickery one way or another.
“The best solution is to develop technology that assumes that the user will be fooled, so even if they are fooled, the trick wouldn’t work,” he said. “But that technology hasn’t been developed yet.”
“There are a lot of people who are worried about it, they just have no control...For now, it’s a game of being aware.”
bernd@khaleejtimes.com
They are accused of offering advice on trading high-risk foreign currency derivatives over the social media platform
The two days of hearings at the International Court of Justice are part of a case brought by South Africa accusing Israel of genocide
Chennai Super Kings, who are fourth, and Royal Challengers Bengaluru lead the hunt for the remaining playoff spot
The 22-year-old batter became only the fifth uncapped player in IPL history to score over 500 runs in a season
Brent had touched an intra-day low of $81.05 on Wednesday
Digital payments remain a rapidly growing sector
Imports of aid through southern Gaza completely halted as fresh fighting adds to distribution challenges
The Spice Board of India has taken steps to ensure the safety and quality of Indian spice exports to these regions