Compared to today’s hackers, “celebrity hacker- turned security specialist” Kevin Mitnick is definitely a “white-hat” but in his time he was pretty scary stuff. Even in prison the authorities thought he just might strike out:
…Today’s laws on cyber-crime were practically invented because of Mitnick. His pranks earned him the respect of hackers as well as numerous arrests, culminating in his five-year prison stint. Mitnick spent eight months of that time in solitary confinement, he says, because the judge was told that Mitnick could start a nuclear war by calling up NORAD on a payphone and whistling modem tones into the receiver. His radio was seized for fear that he would turn it into a cell phone. Even using an electric typewriter in the prison library got him handcuffed and whisked away. “These guys were watching too much MacGyver, he quips.
Gregory T. Huang in MIT Technology Review, March 2005
This account reminds me of the scene in Terminator 3 when the Terminatrix uses her remote-control abilities to start a police car and drive it without being in the car. Fine, but current cars don’t have steering servos to remotely control.
Should people learn a little more about the technology around them? OK, most people don’t need to know the OSI networking model or how to use tracert. But we at least ought to understand the one technique that made Kevin Mitnick famous: social engineering. Charm and believability did his most significant hacking for him.
To understand social hacking, you need to home in on the darker side of human nature.
Social Engineering is the best method of breaking any security. People are weaker than technology, and most typically want to be helpful (they are usually trained that way) and a bit of ego stroking, playing dumb, and near brink hysteria will get you in 9 times out of 10.
The weakest link of any security plan or policy is the human factor