Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Art of Deception.

Published byRodger Morris Modified over 5 years ago

Similar presentations

Presentation on theme: "The Art of Deception."— Presentation transcript:

1 The Art of Deception

2 Kevin Mitnick Famous Social Engineer Hacker Went to prison for hacking
Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."

3 Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property

4 Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking.

5 Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking. Used social engineering to steal passwords to company systems.

6 Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking. Used social engineering to steal passwords to company systems He still believes this is far easier to do, even today, than hacking into a system.

7 Kevin Mitnick Arrested and convicted on several counts of computer crime, including hacking and theft of intellectual property Began at age 12 with faking punch cards for the bus system to gain free rides and continued on to phone phreaking. Used social engineering to steal passwords to company systems He still believes this is far easier to do, even today, than hacking into a system. Since his release from prison, Kevin has started his own computer security company and gives talks around the country about social engineering and other security topics.

8

9 What is Social Engineering?

10 What is Social Engineering?
Attacker uses human interaction to obtain or compromise information

11 What is Social Engineering?
Attacker uses human interaction to obtain or compromise information Attacker my appear unassuming or respectable Pretend to be a new employee, repair man, etc. May even offer credentials

12 What is Social Engineering?
Attacker uses human interaction to obtain or compromise information Attacker my appear unassuming or respectable Pretend to be a new employee, repair man, etc. May even offer credentials By asking questions, the attacker may piece enough information together to infiltrate a companies network May attempt to get information from many sources

13 Kevin Mitnick - Art of Deception:

14 Kevin Mitnick - Art of Deception:
"People inherently want to be helpful and therefore are easily duped"

15 Kevin Mitnick - Art of Deception:
"People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict"

16 Kevin Mitnick - Art of Deception:
"People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict" "It's all about gaining access to information that people think is innocuous when it isn't"

17 Kevin Mitnick - Art of Deception:
"People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict" "It's all about gaining access to information that people think is innocuous when it isn't" Here a nice voice on the phone, we want to be helpful

18 Kevin Mitnick - Art of Deception:
"People inherently want to be helpful and therefore are easily duped" "They assume a level of trust in order to avoid conflict" "It's all about gaining access to information that people think is innocuous when it isn't" Here a nice voice on the phone, we want to be helpful Social engineering cannot be blocked by technology alone

19 Examples of Social Engineering

20 Examples of Social Engineering
Kevin Mitnick talks his way into central Telco office

21 Examples of Social Engineering
Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge

22 Examples of Social Engineering
Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch

23 Examples of Social Engineering
Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch Fakes a phone conversation when caught

24 Examples of Social Engineering
Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch Fakes a phone conversation when caught Free food at McDonalds

25 Examples of Social Engineering
Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch Fakes a phone conversation when caught Free food at McDonalds

26 Live Example

27 Live Example Convinced friend that I would help fix their computer

28 Live Example Convinced friend that I would help fix their computer
People inherently want to trust and will believe someone when they want to be helpful

29 Live Example Convinced friend that I would help fix their computer
People inherently want to trust and will believe someone when they want to be helpful Fixed minor problems on the computer and secretly installed remote control software 

30 Live Example Convinced friend that I would help fix their computer
People inherently want to trust and will believe someone when they want to be helpful Fixed minor problems on the computer and secretly installed remote control software  Now I  have total access to their computer through ultravnc viewer

31 Weakest Link?

32 Weakest Link? No matter how strong your: Firewalls
Intrusion Detection Systems Cryptography Anti-virus software

33 Weakest Link? You are the weakest link in computer security!
No matter how strong your: Firewalls Intrusion Detection Systems Cryptography Anti-virus software You are the weakest link in computer security!  People are more vulnerable than computers

34 Weakest Link? You are the weakest link in computer security!
No matter how strong your: Firewalls Intrusion Detection Systems Cryptography Anti-virus software You are the weakest link in computer security!  People are more vulnerable than computers "The weakest link in the security chain is the human element" -Kevin Mitnick

35 Conclusion Social Engineering will always exist, and it is extremely difficult to defend against, but the success of such attacks can be decreased substantially with proper policy and personnel training

36 Policy from a Social Engineer “The Art of Deception” – K. Mitnick

37 Policy from a Social Engineer “The Art of Deception” – K. Mitnick
Kevin Mitnick outlines an excellent security policy at the end of the book with detailed reasoning at every level to defend against Social Engineering Attacks.

38 Policy from a Social Engineer “The Art of Deception” – K. Mitnick
Kevin Mitnick outlines an excellent security policy at the end of the book with detailed reasoning at every level to defend against Social Engineering Attacks. This book teaches you the tricks of deception so that you can learn how to protect against them.

39 Policy from a Social Engineer “The Art of Deception” – K. Mitnick
Kevin Mitnick outlines an excellent security policy at the end of the book with detailed reasoning at every level to defend against Social Engineering Attacks. This book teaches you the tricks of deception so that you can learn how to protect against them. This is a must read for all security professionals.

40 Questions?

Download ppt "The Art of Deception."

Similar presentations

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
The Art of Social Hacking

The Art of Social Hacking
Aleksandra Kurbatova 111611 IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.

Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002.

Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Social Engineering UTHSC Information Security Team.

Social Engineering UTHSC Information Security Team.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.

Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
CIS 5370 - Computer Security Kasturi Pore Ravi Vyas.

CIS Computer Security Kasturi Pore Ravi Vyas.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.

Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.

Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Kevin D. MitnickWilliam L. SimonSteve.

The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Kevin D. MitnickWilliam L. SimonSteve.
Ghost in the Wires Kevin Mitnick 2012 Heather Sliwoski CS408-03.

Ghost in the Wires Kevin Mitnick 2012 Heather Sliwoski CS
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.

Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Cybersecurity Test Review Introduction to Digital Technology.

Cybersecurity Test Review Introduction to Digital Technology.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:

Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:

Similar presentations

Ads by Google