I woke up excited. The first thing I see after snoozing my alarm are all the email and text notifications on my phone. And Hey, I have an email from Adam. He’s a good friend (and also in security…sort’of). And he got me something. We don’t normally exchange gifts, but I woke up excited, as it’s my BIRTHDAY, which means I eat however my inner fat-kid tells me, my kids and wife are nice to me, and generally life is groovy, for me. So, I open the email, and it’s a digital gift card to my favorite online purveyor of technology, Newegg! Adam, you are awesome, I think as I open the link, and with a few clicks I’ve logged into account and am $25 richer…or so I think. In fact, I just compromised my computer, my network, and every account where I use “P@55w0Rd?” as my login password. In reality, an anonymous snooper with nothing but a Facebook account, had crawled my Facebook page to learn that it was my birthday, that I shopped regularly at Newegg, and that I correspond regularly with Adam. No super hacker skills required. I willingly gave away all the required data to allow an attacker to compromise my digital life. My attacker used the pretext of a birthday gift, and appealed to my greed to get me to click on the link that allowed the attacker to sniff my traffic, and implant my poor PC with a backdoor that could have allowed root access.
Rewind 25 years and this is the exact recipe used by Ghost in the Wires author, and undisputed “World’s Most Famous Hacker,” Kevin Mitnick on every one of his victims.
- Research your target, until you know their weakness
- Create a plausible pretext to gain the confidence of your target
- Offer your target something they want in return for the act you want them to perform
- Reaffirm the pretext that gained the confidence of your target to ensure future usefulness
Ghost in the Wires is a fast-paced and exciting novel that reads like a thriller. Mitnick and his co-author, William Simon do a stellar job in portraying the humanity of Mr. Mitnick, balanced by the obsession that drove him to the top of the FBI’s most wanted list and through the security systems of IBM, Nokia, Motorola, Sun Microsystems, and Pacific Bell. This illustrates why Mitnick deserves his self-titled moniker, “The World’s Most Famous Hacker.”
The book is full of enough IT nostalgia to remind Generation X’ers how far we’ve come with references to the now defunct, North American Air Defense Command (NORAD). At the same time, providing a valuable history lesson to Millennials that reminds them that though technology advances the principles of both criminality and security remain unchanging.
Despite federal agents finding more than 20,000 credit cards numbers and associated data on Mr. Mitnick’s computer following his 1995 capture, there is no evidence that he ever used his human or computer hacking skills for any direct financial gain. Though an argument could easily be made that his four books on hacking, his penetration testing business, and zero-day exploit exchange constitute financial gain from his criminal hacking past.
Subscribe to make sure see next weeks blog on Hacker Lessons Learned.
Mitnick, Kevin; Simon L, William. Ghost in the Wires: My Adventures as the World's Most Wanted Hacker (2011)