It's actually a smarter crime because imagine if you rob a bank, or you're dealing drugs. If you get caught you're going to spend a lot of time in custody. But with hacking, it's much easier to commit the crime and the risk of punishment is slim to none.
— Kevin Mitnick
I did get a huge endorphin rush when I was able to crack a system because it was like a video game.
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.
I believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.
Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.
As a young boy, I was taught in high school that hacking was cool.
Of course I'm sure half the people there hate me and half the people like me.
Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive.
I'm an expert witness in a case that's in appeal about a guy who allegedly misappropriated source code from a major, major company - he actually worked there and then apparently they found it on his laptop later.
Steve Wozniak and Steve Jobs founded Apple Inc, which set the computing world on its ear with the Macintosh in 1984.
I think malware is a significant threat because the mitigation, like antivirus software, hasn't evolved to a point to really mitigate the risk to a reasonable degree.
I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access.
I think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A.
Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.
All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.
The hacker mindset doesn't actually see what happens on the other side, to the victim.
I made stupid decisions as a kid, or as a young adult, but I'm trying to be now, I'm trying to take this lemon and make lemonade.
Then again, my case was all about the misappropriation of source code because I wanted to become the best hacker in the world and I enjoyed beating the security mechanisms.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
It was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was - and is - respected and admired by others possessing similar technical skills.
Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.
The perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess.
Some people think technology has the answers.
But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.
So the ethic I was taught in school resulted in the path I chose in my life following school.
I was pretty much the government's poster boy for what I had done.
So what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock.
We have problems with our physical security, operational security through to management.
Should we fear hackers? Intention is at the heart of this discussion.
My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.
