Tales from a Hacker turned White Knight

At a recent industry event, I heard and watched Kevin Mitnick, a reformed hacker who was wanted by the FBI.  He got caught, went to jail, served his time, and now he does security penetration testing.  He did a demo for us using ‘simple’ tools that hackers have available to them. We were amazed at what he shared, truly stunned by what we were seeing.  I have quite a few takeaways, but here are two that I can share with you right away.

When you’re at the airport or the local coffee shop, you can usually see a list of available wireless options.  There’s often a free one for guests. Turns out, hackers know how to create a Wi-Fi option that looks just like the airline or coffee shop you’re visiting, but it isn’t.

You log on to their bogus Wi-Fi and now they can see your computer, your camera, the keystrokes, the sites you visit, everything you’re doing. They can even install software or spyware on your computer!  In a matter of minutes, Mr. Mitnick had setup the fake Wi-Fi, logged into it, then hacked into his own computer; how unnerving!

Mr. Mitnick is very sure that the next big wave of ransomware attacks is going to hit Office 365. He brought up his own Office 365 email account on one screen, and the hacking software on the other. We could see the email messages and subject lines in his account. On the hacking software screen, he hacked into the email account, encrypted the email, and sent the message demanding the ransom payment. You could see all the email become encrypted – except the subject lines, so you can see what you’re missing.  He then ‘paid’ the ransom and released the encryption so the email was back to normal. This took less than 5 minutes!

What can you do?  First, use your own Mobile Hot spot on your cell phone for a wireless connection, rather than public hot spots.  You can also setup VPN tunnels between your computer and the server at your office.  Use strong passwords (NOT password, or 12345, or your pet’s name!), and change them every 90 days; NEVER share your password with others. If you really need to get on public wireless, limit what sites you visit and avoid any that might pose a security risk to you.  Be Cautious, Be Careful!  – CMW