Kevin Mitnick Interview on Social Engineering


There’s a good interview with Kevin Mitnick on Social Engineering.

Well afterall, that is where his skill lies, not in technical hacking.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement.

In his days on the wrong side of the law, Mitnick used so-called social-engineering techniques to fool users into handing over sensitive information. Rather than overt technical hacks, he was able to convince employees to hand over information that enabled him to hack systems, while redirecting telephone signals to avoid detection by the authorities.

As always the answer to social engineering is education!

Are you seeing any new attack methods?
Mitnick: They use the same methods they always have–using a ruse to deceive, influence or trick people into revealing information that benefits the attackers. These attacks are initiated, and in a lot of cases, the victim doesn’t realize. Social engineering plays a large part in the propagation of spyware. Usually, attacks are blended, exploiting technological vulnerabilities and social engineering.

What can businesses do to safeguard themselves?
Mitnick: Businesses should train people to try to recognize possible attacks.

The interview is a good read anyway, do check it out. You can also check out Mitnicks book on Social Engineering, The Art of Deception:

Source: News.com

Posted in: Social Engineering

, , ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


3 Responses to Kevin Mitnick Interview on Social Engineering

  1. Daniel June 4, 2007 at 8:59 am #

    read his books. they rock. this interview is boring.

    i sound like a loser.

  2. Mark November 5, 2007 at 8:53 pm #

    You could have added a link for the interview… guess I’ll go google…

  3. Darknet November 6, 2007 at 5:15 am #

    Mark the link is at the bottom (Source: News.com )