I can imagine the headlines of the day back in 1983 they might have read: USC student arrested for hacking the Pentagon. As a young college student Kevin Mitnick hacked into one of the nation’s most secretive buildings, the Pentagon. According to Aguila (2008), Mitnick gained access to ARPANet, the ancestor of the Internet, which was then reserved for the Army, large corporations and universities.
Mitnick started his computer exploits as a teenager. Even as a young man he realized the powers of social engineering and used it to gain access to networks. How’d he do it you ask? Mitnick would pose as an employee of a company or organization that had forgotten a password to an internal network. The information would be given to him over the phone, thus providing him with an in to the company’s network. Mitnick quickly learned that people who had access to technology were the weakest link in any company or information system. He utilized the art of Social Engineering to manipulate people with access to technology. Mitnick manipulated people first and then entered secure networks with the information he had been provided. After his numerous exploits of various networks Mitnick ran from law enforcement agencies, was caught and has spent time in prison for various crimes. After his release from prison and completing a probationary period that banned him from the use of technology as ordered by the court Mr. Mitnick started his own security company. He is now a reformed hacker and speaks at conferences all over the world. Mitnick is now a security professional.
A TechBiz 2001 news report stated that Maffia Boy, Michael Calce, a 15 year old Canadian teenager was responsible for Distributed Denial of Service (DDoS) attacks on many large websites such as Amazon, Yahoo and EBay. Once arrested Mafia Boy plead guilty and was sent to a youth detention center for eight months with one year of probation. While incarcerated he was forbidden to use a computer. A DDoS attack makes a computer resource unavailable to its intended users. DDoS attacks are typically aimed at large internet sites and shuts down the site to the intended users, either briefly or for an indefinite period. Mafia Boy successfully shut down Yahoo and other sites for a few hours. There was some discrepancy in the media as to whether or not the attacks actually cost the companies the millions of dollars certain media outlets claimed. Yahoo released a statement later saying that none of their content had been breached and they were able to reroute traffic. Subsequently, Yahoo played down the story that they had any monetary loss and maintained that their content and user data remained unharmed.
Both Kevin Mitnick and Michael Calce have reformed and learned from their experiences. Both are now involved in computer security. Both work to educate companies and users how to prevent exploits (similar to the ones they each carried out) on networks and/or systems. It is of paramount importance to learn from individuals like Mitnick and Calce. These gentlemen found ways to exploit sensitive systems that security personnel never considered. Calce used the internet to obtain access to malicious code that would damage sites: Mitnick manipulated people via Social Engineering. Social Engineering can be extraordinarily sneaky and very useful. Since security is the job of each individual you should be leery of people you do not know questioning you about your job. Especially questions pertaining to network and or computer assets. Often times these individuals will compliment you to get the ball rolling. Another popular way to gain information via Social Engineering is to make false statements knowingly. If you work on a military base someone might suggest to you I heard that aircraft can only carry one type of weapon so it is not that useful. You (being challenged) then feel the need to set the record straight. Thereby giving out information you should not have disclosed.
Computer security professionals need to learn from the exploits that have happened and study the ways the hackers gained unauthorized access. This way the security professional can be ready to combat these or similar style attacks in the real world. The Chief Technology Officer (CTO) at White Hat Security said he still uses Calce’s Yahoo attack as a point of reference when he needs to talk about what kind of bandwidth it takes to knock a site offline. (McMillan, 2008)
References
Aguila, Nicolas (2008, March 14). Fifteen greatest
hacking exploits. Retrieved February 23, 2009,
from Tomshardware Web site:
http://www.tomshardware.com/reviews/fifteen-greatest-hacking-exploits,1790-6.html
Anonymous (2001, September 13). ‘Mafiaboy’ sentenced to 8 months .
Retrieved February 23, 2009, from www.wired.com
Web site:
http://www.wired.com/techbiz/media/news/2001/09/46791
McMillan, Robert (2008, October 16). A hacker seeks
redemption. Retrieved February 23, 2009, from
www.mis-asia.com Web site:
http://www.mis-asia.com/news/articles/a-hacker-seeks-redemption