Kevin Mitnick shares tips and tricks that hackers often use
Kevin Mitnick, one of the most famous hackers in the contemporary world.
Manlina, Philippines one gloomy afternoon, the atmosphere on the stage of the annual conference of PLDT digital business solutions is equally bleak, until the appearance of a notorious character, who had been the most wanted by the FBI in the world, who had been an obsession in the Internet world, that was Kevin Mitnick, one of the most famous hackers in the world.
- The white "monster master" hat hackers
Recently, Kevin Mitnick made an important speech at a major cyber security event hosted by PLDT digital business solution organization.
Talk a little bit about the 'bad' past of Kevin Mitnick.The hacker was arrested by the FBI in 1995, with dozens of charges of multiple charges such as cyber fraud, possession of illegal access devices, and violation of electronic communications and access laws. unauthorized access to federal security systems and many other charges.
Before being arrested, during the time of being hunted by the FBI, Kevin Mitnick was able to make several more successful missions.In particular, one of the most famous cases in the hacker world is the "fluttering" phase of software products from many famous telecommunications and computer companies.Accordingly, in two years of hiding the FBI, Kevin Mitnick only used two different phones and stole many of the software of different telecommunications companies and computers, worth up to hundreds. thousand dollars.If a criminal gang or worse is a sponsored terrorist organization that needs a guy who can turn the tide around or perform seismic missions on cyberspace, no one else is more dangerous than Kevin Mitnick.From stealing data, breaking into or destroying systems, it's all about whether he wants to do it or not.
- 9 most famous hacking incidents in history
However, after the execution of the prison sentence, it was unclear how the FBI was "enlightened" to make Kevin Mitnick completely change, wash his guard and become a speaker on cybersecurity and information security. .And that is why we have been witnessing a confident Kevin Mitnick standing in front of a forest of security experts, journalists, as well as fans to share about a time of his splendor, on PLDT stage.
Let's see what Kevin Mitnick said about the 4.0 world and the cyber security industry in the eyes of one of the world's most famous hackers!
'There is no patch for stupidity'
'Without any patch for stupidity, every mistake will cost' that is the original sentence of Kevin Mitnick.The core strategy that makes the success of Mitnick's missions is social techniques, basically exploiting effectively human behavior and psychology, to make an individual do those things. The job is often detrimental to themselves, and facilitates hackers to show their talents.It is understandable that the technique that Kevin Mitnick uses revolves around "lulling" victims, making them careless and easily deceived.
- Kevin Mitnick: Security must be based on human factors
With this technique, one thing you will learn from Kevin Mitnick is that security tools and technologies are in fact hard to protect us completely - providing the necessary knowledge for people. Using, enhancing knowledge and setting up remote defense tools will play a more important role in the security war."You can own the best security technology, or the best computer system in the world, but if you lack knowledge, experience and not enough alertness and being cheated, you're still just a fat bait. bad for hackers, "said Kevin Mitnick.
One of the most commonly used online scam techniques is the duplication of websites (using virtual websites).Suppose a person who regularly visits the site has the address "safewebsite.com", register an account and log in to this site.A hacker knows that habit, and can create a safewebsite.com clone site with a similar URL, which can be in the form of "safewebsite.co" for example.Then the hacker will email the user, trick them into clicking the link and login to the fake safewebsite.co website.
What hackers want and try to do is make the victim unable to notice the slight difference in the URL of the real website and the fake website, and finally log the personal information into the fake website.What the victim won't know is that once they enter the login information, hackers will be able to steal this information and use it for their own purposes.
"Social techniques when deployed in a mature way will be very difficult to detect. In addition, fast, low cost, easier to hack the system, and reach 99.5% efficiency is the strong point of This technique, "said Kevin Mitnick.
- The most famous horny names in history
Profile exported from the user
It is important here, for owners and administrators of major computer networks, that "assuming users suffer from negligence that can lead to serious consequences".Businesses now need to be protected not only from outside attackers but also by users in their systems.
Kevin Mitnick also revealed another commonly used fraudulent trick: When attacking an enterprise's system, hackers will prioritize targeting individuals with little expertise in security. information, such as sales and marketing departments.Of course, they are not stupid to touch parts with a lot of expertise such as the information technology department because "most likely, IT employees have the knowledge and experience to deal with hacker tricks." .
The normal attack trajectory of hackers when targeting those businesses is: First, cheating (ie using an almost harmless email) and secondly, spreading malware, malicious code Enter the employee's computer, allowing them to scout and gather the necessary information.
And while most companies now own malicious email blocking systems, what some attackers do to deal with these systems is to use reputable domains. Credits to be able to bypass the control of enterprise-class email filters.
During the talk, Kevin Mitnick also mentioned that even the most advanced two-factor authentication systems can still be defeated by social engineering.By using fake mirror sites, hackers can also steal what is called a "session cookie" session, which appears after the user enters the authentication code of the second element that is usually sent. Their phone through the phone number associated with the account.Hackers will try to keep that session cookie, then they can paste the cookie into their console and then, access the user's account.
- Hacker purged two-factor security just by automated phishing attacks
There are also a few other tricks mentioned by Kevin Mitnick.For example, a hacker could name his WiFi access point according to a popular public access point, such as "Starbucks".If the user previously connected to a WiFi network with the same name, most likely, the phone will automatically reconnect to that hotspot - stored by hackers who are trying to gain control. their device.
'Don't put unconditional trust in open wireless networks!'
In addition, Kevin Mitnick did not forget to emphasize the necessity of training as well as improving the knowledge and awareness of security for employees at all levels in a business organization.At the same time, regular monitoring and monitoring of security penetration is also an important part of a truly successful network security model.
'In the era of information technology boom, network security is no longer considered an' option 'as before, especially in the context of changing information security every day. .As cyber threats become more complex, we, as Enterprise Group, assure our customers that we can provide them with the most sophisticated and state-of-the-art services to protect them. before hackers 'top attack techniques,' Jovy Hernandez, head of PLDT and Smart Enterprise Groups, said at the end of the conference.
At this event, ePLDT also introduced a list of solutions, network security ecosystems and operating centers for Security Operations Center - their main operating base.The company explained that their solutions are built on three fundamental pillars, namely: Consultation (risk management and vulnerability assessment), network security management, and ultimately response try.All three aspects form the company's approach to countering threats effectively in the context of today's complex information security.
See more:
- Millions of Android devices stick with security holes in firmware, hackers can exploit to lock users' machines
- Warning: New malicious code is infecting about 500,000 router devices
- The Internet is experiencing a huge problem with C / C ++, causing developers to "sweat"
- Many encrypted SSDs can be decoded without a password
You should read it
- Who is Kevin Mitnick?
- 6 famous hackers from the beginning of the Internet
- Awareness and experience - the most important factor in every network security process
- What you need to know about an information security analyst
- The cybersecurity tools that every business should know
- The first set of books about hackers and network information security in Vietnam is coming soon
- What is cybercrime? How to prevent cybercrime?
- Vietnamnet network crashes: What is anticipated
- Chinese hackers target 27 major universities around the world
- Hackers: Crime and punishment
- Information security test has the answer P3
- Guidelines for securing computer network systems
Maybe you are interested
Cloudflare Withstands Record-Breaking 3.8 Tbps DDoS Attack With Automated Protection Download beautiful iOS 14.2 wallpapers, iOS 14.2 wallpaper collection 17 perfectly symmetrical masterpieces that make anyone happy Vietnamnet network crashes: What is anticipated Some basic points about the mechanism of attacking SQL Injection and DDoS Prepare the total force to respond to DDoS attacks in 2014