People have witnessed most easy and convenient cyber-attack online in which a bank account is hacked by a famous hacker. It was as easy as watching a child’s play. Those fancy keyboards which we use to login for online bank could not save you from cyber-attack when the computer system is already hacked by skilled hacker. Such attacks raise the need of two important factors used for authentication of accounts and user.
Kevin Mitnick known for his hacking skills had displayed his skill in public by hacking a bank account. He was jailed twice and listed among FBI’S most wanted hacker. After his imprisonment, he converted from a black hat hacker to a white hat or ethical hacker. He runs his Mitnick security which is a firm for decreasing the cyber hacks and crime.
He works through his arduous skills of testing and verifying the attempts of hack to company websites and security breaches. After his prison shift he reestablished his image in public trust by training and testing and by becoming certified ethical hacker. He told his efforts and future prospects at CeBIT Australia technology Fai held at Sydney Olympic Park.
Mitnick used a series of computers kept on stage and reveled how hacking is done. Out of series of computer, few were kept as victim computers using Windows 7 or Apple OS X and others for displaying information. Results were kept above all to be seen by everyone. The kind of attack was “man in middle”, in this attack. The hacker catches the communication between user and website.
He logged in a standard Westpac Online account and Mitnick captured his keystroke ad displayed it on hacker’s screen. Westpac told his security for customer data and information is 100 percent and guaranteed. They basically use multiple layers for customer protection and safety. They have used various safeguard to check and rectify attacks.
If anything goes wrong with customer account then they will refund the missing funds in full. Mitnick has displayed this by installing a bogus flash update and to make it look real they have added an update feature after downloading in 10 minutes through a compromising email.
Generally a user might not see such update on adobe’s name, but in this attack hacker will show a registered company name displayed as Verified Secure Applet to make it look more authentic. Mr Mitnick has focused on Social Engineering hacks in which hacker compiles details about employee name , contact detail and other in-out from software installed on their respective machines.
Hackers dive deep to study such details about any organization and staff before making them their prime targets for cyber-attack. Hackers always look for weakest link and people often send them missing part of information to hackers and don’t care about security issues. 9 out of 10 people are ready to reveal their passwords for freebies like pen, Marks & Spencer Easter egg as cited in survey at London’s Waterloo Station. Social media has provided a platform to hackers to know victim’s details and further likes and disliked so that hacker can easily enter his cycle of trust.
Knowing what software was on the desktop in turn offered up vulnerabilities for a hacker to exploit. At this stage, the hacker could pose as a potential vendor and, if the user opened an attached Word document or PDF of pricing, it was “game over”. The hacker would have full control of that machine and through it, the company’s network. At a time a hacker keep targeting three to four users at a time.
Beyond windows, the hack was performed even on Computer using OS X.
Mr Mitnick in his teenage day was indulged into dumpster driving when one day he found torn documents in a bin and reassembled to make a list of US telco usernames and passwords.
Peer to Peer network help hackers to gain access and control of user’s hard drive. In one of attempt, a hacker got control of a network which displayed entire network details like routers, switches, IP addresses. Later that system map was identified as a part of Pentagon secret network.
Mr Mitnick also proved how a concealed device can read and clone the employee data from a swipe card from a distance of 3 feet which stores their in-out details. Such details can provide employee’s detail about them and workplace details with location.