Ex-hacker warns over ‘social engineering’ threat

Dubai: Hackers today don’t even need to gain access to a target’s computer and could use “social engineering” on the target when it comes to disclosing information, Kevin Mitnick, the hacker-turned international cyber security consultant and the keynote speaker at the inaugural Gulf Information Security Expo and Conference (Gisec) Conference taking place at Dubai World Trade Centre, said.

“It is easier for a hacker, (than hacking a system) and it evades all intrusion-detecting systems,” he said.

While relatively unknown to the general public, the term “social engineering” is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole.

“The intensity and frequency of the attacks are more likely to strengthen, putting everyone at risk as the internet has become closely interwoven with the way we do business and conduct our lives. It is imperative for everyone to adopt next- generation security solutions to protect the integrity of their data and to have greater confidence when doing online transactions,” Ahmad Elkhatib, Managing Partner at Shifra Middle East, said.

Mitnick illustrated why a misplaced reliance on security technologies alone, such as firewalls, authentication devices, encryption, and intrusion detection systems are virtually ineffective against a motivated attacker using these techniques.

He also demonstrated how hackers are using malwares to steal information without even detected by anti-virus software.

He said that not only the number the cyber attacks are growing aggressively, they are also growing in sophistication.

This was also echoed by Roger Cressey, senior vice-president at Booz Allen Hamilton.

He said that people need to be dynamic and proactive.

Humans are the weakest link in any corporate security system, which is why it is essential that companies spend “more resources inoculating their employees” by performing simulated attacks and training their employees on how to resist such intrusions.

Humans have to be “careful when visiting websites. And when discarding your old hard disk or discarded media drivers, remember one man’s trash is another man’s treasure,” Mitnick said.

With cyber crime attacks throughout the region increasing in frequency and gravity, Mitnick said that hackers are not only using software but also hardware to steal information and install malwares on a target’s computer.