GISEC – the Middle East’s leading cybersecurity event – opened yesterday (MONDAY) with a stark warning to the region’s businesses: make your staff hack-conscious, or it could bring your company to its knees.
That was the message from the world’s most famous hacker Kevin Mitnick, who shared his unparalleled hacking skills and know-how with a packed Dubai World Trade Centre audience on Day 1 of the three-day event that runs from 1-3 April.
Flown in from the US specifically to present at GISEC, Mitnick, 55, wowed the hundreds attending his morning seminar as he performed eye-opening hacks that saw him demonstrate the ease with which someone could plunder information online to impersonate another and go on a hacking spree. His prime method is social engineering, which is a form of hacking that relies on influence, deception and manipulation to convince another party to comply with a request in order to compromise their computer network.
In live examples, Mitnick managed to obtain confidential email data that would have allowed him to penetrate a local bank. He also burrowed his way through Google Mail accounts and LinkedIn, live on stage.
And while his more in-depth investigation was performed using a number of pieces of intricate computing soft and hardware, he was absolutely conclusive in saying that the main point of weakness for any company lies in poor cybersecurity awareness in staff.
He said: “People aren’t being trained about how to defend their workplace from these attacks. If they are, then they’re not listening. These social engineering tricks worked in the 1970s and still work in 2019. People are way too polite.
“When teaching staff about security, have something relevant, entertaining and informative – not a boring book that they won’t read. You need to educate train and inoculate your users. The hacker is always going to go after the weakest link, and social engineering is the easiest way in and easiest attack your enemies will use today.”
Live hacks ranging from “weaponised cables” to keyloggers
Hired by companies to test their security systems, Mitnick claims a 100 per cent success rate for himself. From two factor authentication, professional networks to webmail and simple phishing exercises, he highlighted how it is so easy today to gain access to systems.
Hacking live on stage at GISEC, he highlighted how within only an hour he had access to HR data including names, social security numbers and how long an employee worked at a certain company.
He explained how, as a first step, social engineering hackers conduct an “information reconnaissance.” They do their research online to find information which will aid a social engineering attack. A platform like LinkedIn can be used to identify people, their backgrounds, name, titles, and discover leads to their email addresses.
Mitnick also demonstrated how a simple USB cable can be weaponised to access a user’s computer system. Using WiFi or Bluetooth, attackers can access a victim’s computer and data. The keylogger can be used to get credentials, access file system, access the audio, webcam, and much more. Today, any device which can be plugged into a computer can be weaponised to give hackers access, warned Mitnick.
Dubai is open to international collaboration to counter cyber threats
Opening GISEC’s main stage was Dr Marwan Alzarouni, Director of Information Services Department at Dubai Electronic Security Center. He said: “His Highness Sheikh Mohammad bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, always encourages us to be future-forward planners. We continue to look at the challenges within the security landscape, particularly in strategically important sectors such as the medical field, finance and education and subsequently allocate resources.