• Recommend:
• 0 Comments

Teaching the Government Hacking 101

Infamous hacker Mitnick says only users can stop security leaks.

By Elizabeth Wasserman, The Industry Standard   

During an exchange with the U.S. Senate Governmental Affairs Committee that was by turns comical and sad, the world's most infamous hacker explained to members of the same government that prosecuted him the means hackers use to infiltrate computer systems.

"Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, and operate computer systems," Mitnick testified.

Mitnick, 36, who walked out of a federal prison in California in January for the first time in nearly five years, boasted to senators that he was able to break into all but one computer system he targeted during a 20-year hacking spree. He detailed how he persuaded employees of companies such as Motorola to divulge passwords, source code, and other sensitive information by trickery. He suggested that federal and corporate workers be trained to recognize such techniques, which he called "social engineering," often the first line of attack.

A court order now bars him from using computers or cellular telephones--"anything capable of accessing computer networks," he said in his testimony. He told reporters he is allowed to have a land-based telephone line, but doesn't know if he's legally allowed to use a bank's automatic teller machine or even the Stairmaster at the gym. He's also been barred from consulting to any individuals or groups engaged in "computer-related activity."

As a result of those restrictions, he said, he's unemployed right now.

Mitnick had been invited to testify and help the Senate panel figure out ways to keep the government's electronic networks safe from intruders. Congress is considering a flurry of measures in the wake of recent high-profile denial of service attacks on some of the most high-profile electronic-commerce companies, such as Yahoo and eBay.

Mitnick said the legislation is "a good first step," but offered his own suggestions for keeping government computers secure, such as changing software if a manufacturer doesn't pay attention to security loopholes, and training employees to recognize signs of an attack.

In questioning Mitnick, committee member Senator Joseph Lieberman (D-Connecticut) probed his motives. "My motivation was the quest for knowledge, the intellectual challenge, the thrill, and in order to escape from reality," Mitnick said.

Mitnick said that hacking was encouraged in the public school he attended. He once was assigned a project to design a log-in simulator that would convince users to give up their passwords.

"I got an A, of course," he said.

Mitnick also pointed out that some computer pioneers, such as Apple founders Steve Jobs and Steve Wozniak, got their start in hacking activities.

"There was a fork in the road that went in a different direction," Lieberman observed. "But you're still young. You still have time."

For more in-depth coverage of the Internet Economy, visit The Industry Standard.