The Art of Deception
Kevin Mitnick Famous Social Engineer Hacker Went to prison for hacking Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property
Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking.
Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking. Used social engineering to steal passwords to company systems.
Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking. Used social engineering to steal passwords to company systems He still believes this is far easier to do, even today, than hacking into a system.
Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking. Used social engineering to steal passwords to company systems He still believes this is far easier to do, even today, than hacking into a system. Since his release from prison, Kevin has started his own computer security company and gives talks around the country about social engineering and other security topics.
What is Social Engineering?
What is Social Engineering? Attacker uses human interaction to obtain or compromise information
What is Social Engineering? Attacker uses human interaction to obtain or compromise information Attacker my appear unassuming or respectable Pretend to be a new employee, repair man, etc. May even offer credentials
What is Social Engineering? Attacker uses human interaction to obtain or compromise information Attacker my appear unassuming or respectable Pretend to be a new employee, repair man, etc. May even offer credentials By asking questions, the attacker may piece enough information together to infiltrate a companies network May attempt to get information from many sources
Kevin Mitnick - Art of Deception:
Kevin Mitnick - Art of Deception: "People inherently want to be helpful and therefore are easily duped"
Kevin Mitnick - Art of Deception: "People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict"
Kevin Mitnick - Art of Deception: "People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict" "It's all about gaining access to information that people think is innocuous when it isn't"
Kevin Mitnick - Art of Deception: "People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict" "It's all about gaining access to information that people think is innocuous when it isn't" Here a nice voice on the phone, we want to be helpful
Kevin Mitnick - Art of Deception: "People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict" "It's all about gaining access to information that people think is innocuous when it isn't" Here a nice voice on the phone, we want to be helpful Social engineering cannot be blocked by technology alone
Examples of Social Engineering
Examples of Social Engineering Kevin Mitnick talks his way into central Telco office
Examples of Social Engineering Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge
Examples of Social Engineering Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch
Examples of Social Engineering Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch Fakes a phone conversation when caught
Examples of Social Engineering Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch Fakes a phone conversation when caught Free food at McDonalds
Examples of Social Engineering Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch Fakes a phone conversation when caught Free food at McDonalds
Live Example
Live Example Convinced friend that I would help fix their computer
Live Example Convinced friend that I would help fix their computer People inherently want to trust and will believe someone when they want to be helpful
Live Example Convinced friend that I would help fix their computer People inherently want to trust and will believe someone when they want to be helpful Fixed minor problems on the computer and secretly installed remote control software
Live Example Convinced friend that I would help fix their computer People inherently want to trust and will believe someone when they want to be helpful Fixed minor problems on the computer and secretly installed remote control software Now I have total access to their computer through ultravnc viewer
Weakest Link?
Weakest Link? No matter how strong your: Firewalls Intrusion Detection Systems Cryptography Anti-virus software
Weakest Link? You are the weakest link in computer security! No matter how strong your: Firewalls Intrusion Detection Systems Cryptography Anti-virus software You are the weakest link in computer security! People are more vulnerable than computers
Weakest Link? You are the weakest link in computer security! No matter how strong your: Firewalls Intrusion Detection Systems Cryptography Anti-virus software You are the weakest link in computer security! People are more vulnerable than computers "The weakest link in the security chain is the human element" -Kevin Mitnick
Conclusion Social Engineering will always exist, and it is extremely difficult to defend against, but the success of such attacks can be decreased substantially with proper policy and personnel training
Policy from a Social Engineer “The Art of Deception” – K. Mitnick
Policy from a Social Engineer “The Art of Deception” – K. Mitnick Kevin Mitnick outlines an excellent security policy at the end of the book with detailed reasoning at every level to defend against Social Engineering Attacks.
Policy from a Social Engineer “The Art of Deception” – K. Mitnick Kevin Mitnick outlines an excellent security policy at the end of the book with detailed reasoning at every level to defend against Social Engineering Attacks. This book teaches you the tricks of deception so that you can learn how to protect against them.
Policy from a Social Engineer “The Art of Deception” – K. Mitnick Kevin Mitnick outlines an excellent security policy at the end of the book with detailed reasoning at every level to defend against Social Engineering Attacks. This book teaches you the tricks of deception so that you can learn how to protect against them. This is a must read for all security professionals.
Questions?