Thursday, January 25, 2018

Ghost in the Wires

Kevin Mitnick was once the world's most famous hacker. But his deeds got him into trouble with the law, causing him to constantly change identities to stay on the run. In his book Ghost in the Wires: My Adventures as the World's Most Wanted Hacker he tells us how he did it.

Mitnick is not only a natural with computers/phones, but also has a way with people. As a result, he was able to "social engineer" his way into what were considered highly secure systems. Social engineering involves tricking company employees into divulging info that puts their employer's IT security at risk. Mitnick would use all sorts of psychological tricks like take advantage of people's reciprocity tendencies, and/or their willingness to obey authority (by pretending to be a higher ranking employee, for example).

Once armed with the info he needed, Mitnick could then give himself root privileges (i.e. absolute control) of computer systems by taking advantage of software vulnerabilities that hadn't yet been patched.

This two-step process allowed Mitnick to hack into pretty much any system/company he set his mind to. He was able to tap people's phone lines, download the source code for various software programs, and even gather intelligence on the FBI forces that were trying to find him.

The guy is absolutely brilliant. Unfortunately, no matter how many times he was warned or arrested, he just couldn't stop hacking. And so the government kept going after him, resulting in jail time. But it seems like he has now turned his life around, working as a consultant for companies looking to improve their security.


No comments: