Social Engineering Hacker Provides His Insight

Kevin Mitnick used to obtain security credentials not by using special hacking software or tools, but by using social engineering. This way he would manage to get passwords and code which he would later use to hack into company networks. His most prestigious hacks include Nokia, Sun Microsystems, Fujitsu Siemens and Motorola. After spending 5 years in a federal prison paying for his crimes, he decided to switch sides and he now works as a security consultant, willing to share with the world what he learned about IT security.

In the 70s, the law did not cover hacking, so there was no penalty for it. Even when a hacking law was issued in 1980, people involved with hacking were doing it for recognition, not with malicious intent. "There was no motive for money or malicious intent to use, disclose or destroy the data," he says as cited by CIO.

When Mitnick got into hacking, he never thought that he would end up in jail because of it. The current laws and ethics code should deter any would-be hacker from going down the wrong path and getting in trouble. Mitnick advises young users to learn from his mistakes.

The issue of security is taken incredibly lightly by some companies. Even after Mitnick discovers a vulnerability, a way of hacking into a corporation's network, the problem is not remedied right away. The law asks that all organizations do security audits, but it seems that some auditors do not get the company to solve the issue.

If you are skilled at hacking, try getting a legitimate job in IT security Mitnick advises. "Now, I do the same thing that got me in trouble, except I do it with authorization. Clients hand me their network and tell me to break in so they can fix security vulnerabilities. To me, it's the same act but it helps my clients and it's legal and ethical," he says.

"Penetrating a company’s security often starts with the bad guy obtaining some piece of information or some document that seems so innocent, so everyday and unimportant, that most people in the organization don’t see any reason why the item should be protected and restricted," says Mitnick in his book, "The Art of Deception."

[Source: softpedia]