This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.
The train of events that led to Kevin Mitnick’s arrest, trial and conviction for computer hacking started pretty innocently, but escalated quickly: from mastering magic tricks at the age of 10, to swindling free rides on public transport and messing with phone systems to prank his friends in his teens.
By his early thirties, however, Mitnick was a fugitive, the US’s most-wanted computer criminal. He went on to serve 5 years in prison, but today is a respected security consultant and the author of several bestselling books about his exploits.
Throughout these experiences, he says, he’s been driven by much the same urges: “curiosity, the seduction of adventure, the pursuit of knowledge and a passion for technology.”
At IP EXPO 2013, Mitnick will be on stage to tell first hand the story of his fall and subsequent rise; to share his thoughts on the challenges faced today by those responsible for securing corporate information systems; and to give his outspoken opinions on the recent revelations regarding the NSA and Prism in the US.
IP EXPO Online caught up with Mitnick to preview with him his keynote plans. Security consultancy, he says, was a natural area for him to explore following his release from jail. His firm Mitnick Security Consulting is a specialist in penetration testing at some of the world’s largest companies. He jokingly likens this career progression to Colombian drug lord Pablo Escobar becoming a pharmacist. “I get to do the same thing I was doing for fun [as a hacker], but this time, I’m getting paid for it. And it’s legal,” he says.
Mitnick’s techniques always relied on an element of social engineering - techniques that work by tricking people into divulging confidential information - but today, he says, it’s never been easier to gather the information needed, because almost everyone has some kind of online profile, whether that’s on LinkedIn, Facebook, Twitter or a gaming platform. In other words, in an age where we’ve never been more forthcoming about sharing personal information online, social engineering is extremely difficult for companies to defend against.
The recent leak of documents by Edward Snowden, meanwhile, represents a “huge failure” by the US government, according to Mitnick. “To not detect a malicious insider like that, who was taking top-secret information, it’s just incredible,” he says - and this is an opinion he promises to expound on in more detail at IP EXPO 2013.
For Mitnick, the thrill of hacking into a system, however, is still the same, even now he’s doing it legitimately, with the full permission of system owners. “I recently worked on a project for a large financial institution here in the US, and not only did I have to hack in electronically, but also physically, to compromise a huge skyscraper in Chicago, get into their suites and break into the data centre. That’s a huge adrenalin rush. It’s so exciting, like sky-diving,” he says.