Controversial reformed hacker Kevin Mitnick has slated companies for focusing too much on business assets and productivity, rather than on securing the enterprise comprehensively.
Mitnick was a keynote speaker at ITWeb`s Security Summit last week. The event attracted up to 500 delegates from around the world and featured 41 speakers, panellists and chairmen.
During his keynote on "wireless insecurity" Mitnick presented a video of his wardriving expedition in Sandton, (searching for wireless networks by using a moving vehicle equipped with detection equipment). He also elaborated on the tricks of social engineering, which involves gaining valuable information through tactics as extreme as rummaging through a company`s trash.
OSS vs proprietary
Mitnick said while open source software (OSS) is slightly easier to hack than proprietary because the hacker has access to the source code and can identify and capitalise on its weaknesses, he would still rather run his own business on open source software. "I could audit the code and a light-box audit is much easier to do than a black-box audit," he said.
Bluetooth sniffer
Mitnick also warned that intercepting mobile device communications was as easy as acquiring a Bluetooth "sniffer" device.
This device, he said, could intercept mobile device conversations.
A Bluetooth sniffer allows one to find the ID associated with the mobile device user, and this can be used to allow a hacker to masquerade as the authorised device user.
Punishment
Mitnick`s exploits earned him five years in prison. "What I did was never for financial gain; and I never planted Trojans designed for destruction," he said.
"It was more of a magical illusion for me," he said, comparing himself to famous magician Harry Houdini, saying that he breached security systems of large organisations just to see if he could, and to become the best at it.
He said he was always aware his actions were a crime; but added that there are many computer hackers today - especially teenagers - who do not fully realise the seriousness of what they are doing: "It`s often more of a hobby for them," he noted.
Mitnick cited the example of two people who intended to hack into the point-of-sale system of a large US hardware store chain, to intercept credit card transactions. One of them was sentenced to 12 years in prison based on malicious attempt of potentially stealing millions of dollars from a financial services institution via hacking.
"I think that`s a bit extreme," he commented.
But such harsh sentences, or what he himself went though, are not a deterrent to the hacking community, said Mitnick. "Otherwise we wouldn`t be having this conference."
Related stories:
Former hacker doubts total security
Top security threats for 2006
Mitnick on 'wardrive` in Sandton
Architecture, vendors at fault, says MS architect
Mitnick warns of 'holes in human firewall`
Share
