News - Security Subscribe to News - Security
July 20, 2008 10:36 AM PDT

Social Engineering 101: Mitnick and other hackers show how it's done

Posted by Elinor Mills

NEW YORK--Kevin Mitnick knows that the weakest link in any security system is the person holding the information.

As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering--manipulating people into doing what you want, such as giving out passwords and other information that unlocks sensitive information on networks.

Kevin Mitnick takes the stage at the Last HOPE conference.

(Credit: Elinor Mills)

Mitnick and a panel of other hackers discussed their social engineering pranks and gave live demonstrations at the Live HOPE (Hackers on Planet Earth) conference late on Saturday.

"Everything happened more than five years ago" and the statute of limitations has passed, he said. "I never said I didn't deserve to be punished, but it really went overboard putting me in solitary confinement" for eight months.

Mitnick, who was released in 2001 after serving five years in jail, announced that he has a contract to write his life story and showed a preview for a reality-based TV series in development in which he would test corporate networks by trying to break into them. As part of his plea agreement, he was banned from writing a tell-all until 2007. He also runs a security consulting firm and lectures.

Dubbed the "most dangerous hacker in the world," Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said.

Mitnick didn't do any whistling on Saturday, but in his keynote following the panel he talked about how he listened in on FBI phone calls during the three years he evaded the FBI, left them doughnuts when he narrowly escaped raids and was chased down by a helicopter. He also demonstrated how to be able to see the phone numbers of callers on caller ID even when they have their number set to be blocked.

Below are some videos taken during the panel:

Mitnick and HOPE organizer Emmanuel Goldstein swap stories about using social engineering to get IDs and directories out of workers at telephone central offices.

Mitnick tells attendees at the Last HOPE conference about how he used social engineering on workers at a Hollywood telephone company central office in the middle of the night.

Goldstein does a live phone prank on a Starbucks employee offering aid for laid off employees from the fictional "Last HOPE Foundation" during a social-engineering panel at Last HOPE.

Topics:

Vulnerabilities & attacks

Tags:

Last HOPE,

Kevin Mitnick,

hacking,

social engineering

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from News - Security
Psychological profiling on the Web
Security expert: DNS attacks are happening
Malicious Flash ads attack, spread via clipboard
Hacker exposes alleged Olympics age fraud
Ireland investigating fake credit card reader scam
Add a Comment (Log in or register) 29 comments (Page 1 of 2)
by gadimari July 20, 2008 11:48 AM PDT
who caught this guy?
Reply to this comment
by brotherbbad July 20, 2008 1:42 PM PDT
The cops if I'm not mistaken....
Reply to this comment
by mrcoder July 20, 2008 2:57 PM PDT
The only person who can catch Mitnick is Mitnick.

He turned himself in if I'm not mistaken.
Reply to this comment View reply
by pelasgian-adslgr-com July 20, 2008 4:09 PM PDT
a) he's not a hacker
Linus Torvalds is a hacker, Kevin Mitnick is cracker.

b) if you make computers for fools, fools end-up using them.
So, the credit for the security problems of having fools using computers should be given to microsoft and not those who scum on them.

c) he was tracked down by a pirate hunter and e-crime forensic specialist called Tsutomu Shimomura
If you need to read a book, read the books he read to get Mitnick.
Reply to this comment View reply
by name_of_shame July 20, 2008 9:18 PM PDT
The cops ate the doughnuts he left.
Reply to this comment
by name_of_shame July 20, 2008 9:19 PM PDT
The cops ate the doughnuts he left.
Reply to this comment
by The_Decider July 21, 2008 1:50 AM PDT
You can't really call Mitnick a hacker(give up trying to reclaim the word, it now means both cracker and clever programmer) or cracker.

He is light on technical skills but as anyone who knows even the slightest about security, he used the one tool that can get past any hardened system, no matter how solid it is. The weak link in security are the users and most users are woefully ignorant about security. Social Engineering works because either companies haven't spent enough time drilling security into the head of every employee from CEO down to the janitor. You can spend $1 billion on security and have the best of everything with a network team to match and it can still be beaten by a slick talker and an ignorant employee.

People look down on social engineers but they are the most effective at breaking into systems.
Reply to this comment
by JimmyCrackhead July 21, 2008 4:32 AM PDT
Absolutely amazing. What a cool guy he must be. I would love to meet him and hang out.

JT
www.FireMe.To/udi
Reply to this comment
by Johnr34231 July 21, 2008 4:36 AM PDT
Do I sense movie potential here.

Sort of "War Games" meets "Catch Me If You Can"

Maybe they can get Tom Hanks to do a reprisal on the FBI guy.

Kevin? I vote for Shia LeBeouf. He even looks a little like him.
Reply to this comment View all 2 replies
by mnovickar July 21, 2008 6:29 AM PDT
What about this thought - is the social engineering just more geekier than running a con or am I wrong??

N.
http://www.chilipress.com/technology.php
Reply to this comment View reply
1 | 2 | Next 10 Comments >>
Powered by Jive Software
advertisement

  • About News - Security

  • Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader
Google
Yahoo
MSN

News - Security topics

Most popular stories

  1. Google's search secret: It gets rid of you

  2. Developer creates copy-paste tech for iPhone

  3. Palm Treo Pro: Not digging it

  4. Will Wright on the origins of 'Spore'

  5. Intel says it has 'first silicon' for next mobile chip

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On CHOW: Does drinking ice water burn calories?
Advanced
search
Advanced
search
Visit other CBS Interactive sites