[plug] Mitnick comments on social engineering success
Greg Raftery
GregR at scs.com.au
Fri Mar 3 22:47:26 WST 2000
Thought that this was particularly relevant to the recent discussion about
sources of cracking attempts.
Full article available at :
http://www.australianit.com.au/common/story_page/0,2405,383276%255E03%252D03
%252D2000%255E,00.html
Just weeks after his release from federal prison, an animated Kevin Mitnick
advised senators against focusing too much on technical protections at the
expense of simpler safeguards - such as making sure a company receptionist
does not disclose passwords to sensitive systems.
Mitnick, 36, wearing a slightly ill-fitting navy suit and rocking gently in
a witness chair, warned lawmakers about his favored technique of "social
engineering", or deceiving others into believing he could be trusted. He
told of duped victims at major corporations volunteering their passwords and
even sending him secret software blueprints.
"I was so successful in that line of attack that I rarely had to resort to a
technical attack," Mitnick said. "Companies can spend millions of dollars
toward technological protections and that's wasted if somebody can basically
call someone on the telephone and either convince them to do something on
the computer that lowers the computer's defenses or reveals the information
they were seeking."
More information about the plug
mailing list