Confessions of a hacker
Kevin Mitnick's new book, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker, details a career in hacking that began with fiddling with bus passes as a teenager. That led to a strong interest in what was called "phone phreaking" -- manipulating the switches and settings in the phone system in order to create all kinds of mischief.
"A friend in high school was a phone phreak," he says. "It's like hacking the phone system. Steve Jobs and Steve Wozniak did it in late '70s before they founded Apple Computer, and this was the predecessor to hacking. This kid in high school showed me cool things he could do with telephone, including social engineering to get information."
Social engineering as in figuring out how a person might respond in a given situation and then using that tendency to get them to do what you want to do. That's the same idea behind a lot of today's phishing scams, says Mitnick.
"Imagine if you received a .pdf file from a vendor, a customer, a supplier," he says. "And you opened up that .pdf file, because you were expecting it to be something to do with business. And you just saw gibberish. What would you think happened? What could happen in that case is, when you open up the .pdf, it exploits a vulnerability in Adobe Acrobat that sits on your computer and now the hacker is completely in control of your computer and could talk to other computers on the network."
But how does a hacker get that person open the .pdf in the first place? "Imagine you have a target at a company. You do a lot of information recon. Who does this person work with? What customers, what suppliers, what vendors, what other internal people at the company? Even looking at social networks, LinkedIn, Twitter, Facebook. Who are their friends? And then armed with that information, you could send an email or spoof the email so it looks like it came from a friend, colleague, from a business contact, and the person will very likely open up a .pdf attachment."
Mitnick says hackers of the future won't be satisfied with computers. "I think the new target-rich environment is mobile phones," he says. "So, you know before, you had to worry about your computer being attacked, but now you have to worry about your Android, iPhone, BlackBerry being hacked because of so much rich information on there -- banking credentials, passwords for your company, personal emails. Imagine instead of going after the CFO's computer at the office, trying to hack into the CFO's mobile phone and trying to get access to those financials that aren't public. And now just recently has antivirus software been available for mobile phones. So the security products are just evolving to help people mitigate the risk that they're going to be attacked."
Also in this program, a video game that makes you type with speed and accuracy to avoid dying in a horrible plane crash.