Many cyber criminals are using social engineering to get a foot in the door and gain access to corporate and government systems, says the world’s most famous hacker, Kevin Mitnick. Mitnick – a former black hat hacker who was wanted by the FBI in the United States after hacking into 40 corporations just for a ‘challenge’ – will speak about social engineering on Wednesday night at CeBIT in Sydney. Mitnick describes social engineering as using manipulation, deception and influence to get a target to comply with a request to access a network. Today, as chief white hacker at Mitnick Security, he is hired by organisations to hack into their networks to identify and remedy security holes. “A lot of attacks these days are because of insecure Web applications that have vulnerabilities that we can exploit in social engineering,” he told CIO Australia. “The foot in the door is through social engineering and then when you are on the corporate or government network, you can use technical exploits to gain access to targeted systems. “That’s how the White House was hacked. Attackers got into the state department using social engineering through a phishing email. Once they hacked into the state department, they were able to worm their way into the White House network because they must have had an extranet.” Meanwhile, Mitnick told CIO that organisations he works with as a white hacker often have a lot of dormant accounts that have not been disabled. “I also see password patterns. Once as a security tester, I was able to compromise the company and crack or obtain their domain passwords in an Active Directory environment. “We could determine the patterns that people used so no matter where they have credentials or accounts, we could determine the next credential. “For example, when Sony was recently hacked, Michael Lynton [CEO of Sony], his domain user account was ‘Sonyml3’ so I assumed the next password change would have been ‘Sonyml4,” Mitnick said. Mitnick said that in his experience, everything has been hackable. “You can raise the bar extremely high and make it extremely difficult but at the end of the day, everything I have seen out there has been broken. It just depends on timing and resources,” he said. Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia Follow Byron Connolly on Twitter:@ByronConnolly Related content feature 5 CxOs on leading change To be the agents of change that businesses require today, IT leaders must embrace a flexible mindset, prep their orgs for change, and recognize that intention and purpose are vital to empowering transformation. By Dan Roberts Jun 01, 2023 13 mins Digital Transformation Change Management IT Leadership feature Top 8 data engineer and data architect certifications Data engineers and data architects are in high demand. Here are the certifications that will give your career an edge. By Thor Olavsrud Jun 01, 2023 9 mins Certifications Big Data Data Mining news analysis L’IA nelle imprese italiane, a che punto siamo? Il 61% delle grandi aziende ha avviato progetti e il 34% è nella fase dell’implementazione. Le Pmi inseguono: per ora vince l’uso dell’IA embedded. Ma l’interesse è alto, come dimostra la curiosità suscita By Patrizia Licata May 31, 2023 6 mins Artificial Intelligence events promotion Australia's CIO50 Team of the Year Awards finalists revealed Along with the unveiling of the annual CIO50 List and the team category winners, the 2023 CIO50 Awards will also recognise the inaugural Next CIO winner and a new Hall of Fame recipient. By Cathy O'Sullivan May 31, 2023 3 mins IDG Events Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe