Despite their link to drugs, murder, extortion—you name it--we glamorize old-time organized crime figures like Al Capone, Bugsy Siegel and Lucky Luciano. These gun-toting thugs, donning pin-striped suits and fedoras and smoking the finest Cuban cigars, exuded a certain class and charm despite their wrongdoings.
Today, the picture of organized crime has a much different face—and very few people have ever seen its members in person or viewed photographs. Sitting secretly behind locked doors or lurking where we least expect them, Carbanak, Dyre Wolf, the Shifu Trojan and the Cryptolocker Gang don’t use brute force or bullets; they use brains, and prey on others’ vulnerabilities.
Unlike in the past when ad hoc networks of individuals motivated mainly by ego and notoriety, today’s breed of hackers is described by CSO Online as: “35-year-old highly experienced developers with deep knowledge that allows them to bring constant innovation into malware and attack tactics; and 80 percent of black-hat (e.g., criminal) hackers are affiliated with organized crime—a playground of financially driven, highly organized and sophisticated groups.”
The 19 cybercriminals on the FBI’s Most Wanted List are absolute masters at getting what they want: credit card numbers, social security numbers, bank accounts, health records, secret government documents, critical business data, client lists and your identity.
So are former hackers who left the dark side to help fight the battle against cybercrime, many of which are landing on the payroll of major corporations or starting their own.
Known for popularizing the term “social engineering,” Kevin Mitnick was convicted of several computer-related crimes, including hacking into Pacific Bell’s voice mail computers and copying proprietary software from some of the country’s largest cell phone and computer companies. Today, he is Chief Hacking Officer at security awareness training site KnowBe4. Businesses now hire him and The Global Ghost Team™ to protect against hackers and to test their systems’ vulnerabilities to attack.
Once on the FBI’s Most Wanted list for hacking into 40 major corporations, Mitnick presented one of three keynotes at Data Center World on Tuesday. His specialty: social engineering. “It takes one to catch one,” he says.
"Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he isn't, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology," 'he said.
Mitnick provided real demonstrations of some of the most current combinations of hacking, social engineering and cutting-edge technical exploits he actually uses to penetrate client systems, with a 100 percent success rate. He even asked for a volunteer from the audience to show how easy it is to steal someone's identity simply by Googling a name and accessing a few databases. The first thing he revealed was the attendee's social security number, followed by everything Mitnick would need to access the man's private accounts.
Although attacks can come from sources other than e-mail—phone, online, social media and onsite filtration--the sheer number we send and receive make it popular among hackers.
According to Mitnick, “All of the firewalls and encryption in the world can’t stop a gifted social engineer from rifling through a corporate database. If an attacker wants to break into a system, the most effective approach is to try to exploit the weakest link—not operating systems, firewalls or encryption algorithms—but people. You can't go and download a Windows update for stupidity... or gullibility."