The closing keynote speaker on Monday at the NAPA 401(k) Summit in Las Vegas made people sick.
Attendees were heard saying, “This makes me want to throw up,” and “It was disconcerting.”
The speaker wasn’t bad—on the contrary, he’s a good guy and entertaining speaker. But it was his subject matter that had NAPA attendees feeling a bit uneasy—about their cybersecurity (or lack thereof).
Kevin Mitnick, billed as “the world’s most famous hacker,” is a global bestselling author, and the top cybersecurity keynote speaker.
Once one of the FBI’s Most Wanted because he went on an “electronic joyride” during which he hacked into more than 40 major corporations just for the challenge, Kevin is now a trusted security consultant to the Fortune 500 and governments worldwide.
Mitnick shared stories of how he hacked into companies like Motorola to steal trade secrets, how two-factor authentication helps but doesn’t stop hackers, and how “bad actors” use social engineering—manipulating others to comply with a request in order to compromise their computer network—to attack.
Most cyber attacks are the result of phishing schemes, because it’s easy to send emails to employees and it only takes one to make a mistake that lets them in.
The guy who as a kid once changed his home phone to a pay phone and then to a prison phone allowing collect calls only to prank his parents, says his road to hacking started when he was 10 years old with a fascination with magic tricks.
Today, he runs a company that performs “ethical” hacking, in which companies hire his firm to show them their vulnerabilities to hackers.
Mitnick uses every trick in the book to test his clients, who challenge him to hack into their systems. He is a master impersonator, who uses tradecraft and gets to play “spy” to unwittingly compromise employees who end up providing whatever is needed to hack into their systems.
He then tells them what went wrong and how to stop it. After consulting with companies he hacks, where perhaps 30% of employees will fall for a phishing scam of some sort, Mitnick said only about 8% fall for it again after training.
From the “long con” to high-tech equipment that steals information from employee office access cards or mimic power cords, Mitnick alarmed the audience with the wide array of techniques hackers use to target victims.
“I hope this has been a call to action, because the bad actors are going to look for the weakest link in your chain,” Mitnick said. He closed by telling attendees to come up and get one of his unique business cards, which—no kidding—double as lock-picking tools.
“Think of Kevin Mitnick,” he said, “and I’ll open the door for you.”