Kevin Mitnick has been there, at the mercy of another company’s cybersecurity vulnerabilities.
The man billed as the world’s most famous hacker, who now helps others protect themselves, once had his own AT&T account compromised through some nefarious social ingenuity: Someone posing as an AT&T employee who called a store to reset his information.
It’s not magic, but sometimes it feels like it and on Oct. 6, Mitnick plans to put on a show as the keynote speaker at the Virginia Cyber Convention & Expo at the Virginia Beach Convention Center to demonstrate how “the bad guys” do what they do.
Mitnick, arrested in 1995 for infiltrating the networks of notable corporations and sent to prison for nearly five years, is now a consultant, author and frequent speaker on the cybersecurity circuit, taking the stage at nearly 50 events this year and last year. His book, “The Art of Invisibility,” is expected to hit store shelves in February.
Mitnick said he has audience participation planned for Virginia Beach, where he’ll figure out one person’s identity (think mother’s maiden name, Social Security number) in two minutes.
“Of course it really freaks them out,” he said.
The event, presented by the Hampton Roads group Cyber Protection Resources, costs $100 to $200 to attend. Other scheduled speakers include Sen. Mark Warner, D-Va., and retired Navy Adm. Bill Gortney.
What scares Mitnick? Sophisticated hacking groups, like Israeli-based NSO or the government surveilling phone calls, text messages, emails and data, using tools that can take over an iPhone with a simple text and link.
Mitnick said there’s no telling to whom NSO might be selling its services.
“That’s what’s scary to me,” he said.
The key, for bad-actor hackers, is persuading the person to click on it.
Healthy skepticism can sometimes be the best defense.
“Just be cautious,” he said before repeating a reminder: “Stop, look and think before you click on a link.”
And when a company like AT&T (or AOL or Verizon, in the recent case involving teenage hackers infiltrating the CIA director’s email) divulges your information to a savvy hacker, what would Mitnick do? Demand that the companies reset passwords only if given a specific passcode or if physically shown a form of identification at the company’s store.