Kevin Mitnick
I don't know the capabilities of our enemies. But I found it quite easy to circumvent security at certain phone companies throughout the United States. So if an inquisitive kid can do it, why can't a cyberterrorist do it?
I could pose as a Yahoo rep claiming that there's been some sort of fault, and somebody else is getting your e-mail, and we're going to have to remove your account and reinstall it. So what we'll do is reset the current password that you have - and by the way, what is it?
A log-in simulator is a program to trick some unknowing user into providing their user name and password.
Hacking was the only entertainment that would occupy my mind - like a huge video game, but with real consequences. I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.
When I read about myself in the media, even I don't recognize me. The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care.
I don't condone anyone causing damage in my name, or doing anything malicious in support of my plight. There are more productive ways to help me. As a hacker myself, I never intentionally damaged anything.
The best thing to do is always keep randomly generated passwords everywhere and use a password tool to manage it, and then you don't have to remember those passwords at all, just the master password that unlocks the database.
There's a feature on Facebook where you can enable security that checks the device you're coming from. By default these features are likely off, but as a consumer, you can enable them.
I keep my stuff updated all the time. Being in the security industry, I keep up to date with securities.
A lot of individuals out there carry a lot of proprietary information on their mobile devices, and they're not protected. It's a very target-rich environment.
I love solving puzzles, I love finding my way around obstacles, and I love learning new things about technology.
The Internet is like the phone. To be without it is ridiculous.
One of my all-time favorite pranks was gaining unauthorized access to the telephone switch and changing the class of service of a fellow phone phreak. When he'd attempt to make a call from home, he'd get a message telling him to deposit a dime, because the telephone company switch received input that indicated he was calling from a pay phone.
I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list.
The explosion of companies deploying wireless networks insecurely is creating vulnerabilities, as they think it's limited to the office - then they have Johnny Hacker in the parking lot with an 802.11 antenna using the network to send threatening emails to the president!
I have done a lot to rehabilitate my reputation.
Usually companies hire me, and they know full well who I am, and that's one of the reasons they want to hire me.
Protecting yourself is very challenging in the hostile environment of the Internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses and exploit them to gain access to your most sensitive secrets.
Back up everything! You are not invulnerable. Catastrophic data loss can happen to you - one worm or Trojan is all it takes.
Not being allowed to use the Internet is kind of like not being allowed to use a telephone.
A hacker doesn't deliberately destroy data or profit from his activities.
If I needed to know about a security exploit, I preferred to get the information by accessing the companies' security teams' files, rather than poring over lines of code to find it on my own. It's just more efficient.
I don't know of any case that involves computer hacking where there were multiple defendants charged where there wasn't an informant on the case.
If hackers, if anyone committing a criminal act, wants to reduce their risk, they obviously don't involve anybody else. The greater the circle of people that know what you're doing, the higher the risk.
For a long time, I was portrayed as the Osama bin Laden of the Internet, and I really wanted to be able to tell my side of the story. I wanted to be able to explain exactly what I did and what I didn't do to people who thought they knew me.
I think a cyber-terrorism attack is overblown, though the threat exists. I think al Qaeda and other groups are more interested in symbolic terrorism, like what they did to the World Trade Center - suicide bombers or something that really has an effect and is meaningful to people.
A lot of companies are clueless, because they spend most or all of their security budget on high-tech security like fire walls and biometric authentication - which are important and needed - but then they don't train their people.
I'm not a fugitive anymore. Never will be in the future. After spending five years in jail, you learn your lesson. I never want to return there.
People are prone to taking mental shortcuts. They may know that they shouldn't give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure - all these are triggers, which can be used by a social engineer to convince a person to override established security procedures.
Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systemsCollection: People
There is no patch for stupidity.Collection: Stupidity
Social engineering bypasses all technologies, including firewalls.Collection: Technology
You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.Collection: Self
The human. Now you know all about your targetCollection: Target
The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.Collection: Years
Social engineers veil themselves in a cloak of believability.Collection: Veils
Of course I'm sure half the people there hate me and half the people like meCollection: Hate
You can't go to Windows Update and get a patch for stupidity.Collection: Stupidity
It’s actually a smarter crime because imagine if you rob a bank, or you’re dealing drugs. If you get caught you’re going to spend a lot of time in custody. But with hacking, it’s much easier to commit the crime and the risk of punishment is slim to none.Collection: Punishment
When I was in prison, a Colombian drug lord, offered me $5 million in cash to manipulate a computer system so that he would be released. I turned him down.Collection: Drug
I obtained confidential information in the same way government employees did, and I did it all without even touching a computer. ... I was so successful with this line of attack that I rarely had to go towards a technical attack.Collection: Successful
The intent of the individuals who created the DDoS attacks has nothing to do with hacking, and they are vandals, not hackers.Collection: Hacking
A hacker doesnt deliberately destroy data or profit from his activities.Collection: Data
The Americans are the most gullible, because they don't like to deny co-workers' requests.Collection: Gullible