There’s a good interview with Kevin Mitnick on Social Engineering.
Well afterall, that is where his skill lies, not in technical hacking.
Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement.
In his days on the wrong side of the law, Mitnick used so-called social-engineering techniques to fool users into handing over sensitive information. Rather than overt technical hacks, he was able to convince employees to hand over information that enabled him to hack systems, while redirecting telephone signals to avoid detection by the authorities.
As always the answer to social engineering is education!
Are you seeing any new attack methods?
Mitnick: They use the same methods they always have–using a ruse to deceive, influence or trick people into revealing information that benefits the attackers. These attacks are initiated, and in a lot of cases, the victim doesn’t realize. Social engineering plays a large part in the propagation of spyware. Usually, attacks are blended, exploiting technological vulnerabilities and social engineering.
What can businesses do to safeguard themselves?
Mitnick: Businesses should train people to try to recognize possible attacks.
The interview is a good read anyway, do check it out. You can also check out Mitnicks book on Social Engineering, The Art of Deception: