Famous hacker proves your firm's system can be accessed in an hour

   

01 Apr 2019

Famous hacker proves your firm's system can be accessed in an hour

Mitnick also demonstrated how a simple USB cable can be weaponised to access a user's computer system.

Governments and private companies must be better prepared to protect themselves against social engineering hacking attacks, as according to Kevin Mitnick, one of the world's most famous hackers from the US, obtaining personal information via social engineering is "child's play".

He explained that social engineering relies on influence, deception and manipulation to convince another party to comply with a request in order to compromise their computer network.

Speaking on the sidelines of the Gulf Information Security Expo and Conference (Gisec) that opened on Monday (April 1), Mitnick warned businesses in the region: "Make your staff hack-conscious, or it could bring your company to its knees."

In live examples, Mitnick managed to obtain confidential e-mail data that would have allowed him to penetrate a local bank. He also hacked his way through Gmail accounts and LinkedIn, live on the stage.

"The main point of weakness for any company lies in poor cybersecurity awareness in staff," he said.

"People aren't being trained about how to defend their workplace from these attacks. If they are, then they're not listening. These social engineering tricks worked in the 1970s and still work in 2019."

Weaponised cables are potential threats

Mitnick also demonstrated how a simple USB cable can be weaponised to access a user's computer system. Using WiFi or Bluetooth, attackers can access a victim's computer and data. The key logger can be used to get credentials; access file systems; access the audio tools, webcam and much more.

Today, any device that can be plugged into a computer can be weaponised to give hackers access, he said.

"When teaching staff about security, have something relevant, entertaining and informative at hand - not a boring book that they won't read. Hackers are lazy. He or she is always going to go after the weakest link, and social engineering is the easiest attack your enemies will use today," explained Mitnick.

Hacking live at Gisec stage, he highlighted how, within just an hour, he was able to access HR data, including names, social security numbers and how long an employee has worked at a certain company.

As a first step, social engineering hackers conduct an "information reconnaissance", he said. They do their research online to find the information that will support their social engineering attack.

"Social media platforms like LinkedIn can be used to identify people, their backgrounds, name, titles, and discover leads to their e-mail addresses," said Mitnick.

Live hacking events also took place at a secondary stage during the event called 'Dark Stage', which discussed the intricacies of the 'dark web'.

Cybersecurity consulting firm Kuwait Hackers presented a live demo on how mobile phones can be easily hacked.

Jason Dibley, director of QCC Global, gave a live demonstration of TSCM (technical surveillance counter-measures). According to Dibley, TSCM is the original US Federal government abbreviation denoting the process of bug-sweeping or electronic counter surveillance.

Dr Aisha bint Butti bin Bishr, director-general of Smart Dubai, officially opened Gisec, the largest cybersecurity event in the Middle East, Africa and South Asia, It will run until April 3 at the Dubai World Trade Centre.

Source: Khaleejtimes

View all In the News
Loading

Thank you to all our Partners & Sponsors

OFFICIAL GOVERNMENT CYBERSECURITY PARTNER

Dubai Electronic Security Center Logo

Official Smart City Partner

dp

Sponsors & Partners

Strategic Partner

Strategic AI Partner

Huawei_gisec

Strategic Sponsor


sap

IOT Partner


Vodafone_iotx

 

Strategic Partner


cb

 

Official Digital Partner

etisalat_gisec

Strategic Partner

Strategic Partner

tahaluf

Platinum & Diamond sponsors

Platinum Sponsor

pp

Diamond Sponsor

fe

Gold sponsors


cs
 

gold sponsor


so

know

emailauth
HumanFirewall

thales

Silver sponsors

cf

df

Education Partner

isc2

ras

vf

GISEC

west

GISEC

nedaa

oracle_gisec

crest

Country Partner

India Pavilion Partner

Logo

Thank you to Exhibitors

VIEW MORE EXHIBITORS
 

Thank you to our Media Partners