DUBAI – Governments and private companies are at risk of having their systems hacked into if they do not do more to protect themselves against social engineering hacking attacks, an expert hacker has warned.
Speaking on the sidelines of the Gulf Information Security Expo and Conference (Gisec) that opened on Monday, April 1, Mr. Kevin Mitnick, one of the world’s most famous hackers from the US, warned businesses: “Make your staff hack-conscious, or it could bring your company to its knees.”
According to analysts, this is the largest cyber-security event in the Middle East, Africa and South Asia.
Revealing that obtaining personal information via social engineering is “child’s play”, Mr. Mitnick explained that social engineering relies on influence, deception and manipulation to convince another party to comply with a request in order to compromise their computer network.
Shocking live hacking demonstrations
In live examples, Mr. Mitnick shocked the world when he managed to obtain confidential e-mail data that would have allowed him to penetrate a local bank. He also hacked his way through Gmail accounts and LinkedIn, live on the stage at the expo which ends Wednesday, April 3.
“The main point of weakness for any company lies in poor cybersecurity awareness in staff,” he said, adding: “People aren’t being trained about how to defend their workplace from these attacks. If they are, then they are not listening. These social engineering tricks worked in the 1970s and still work in 2019.”
Khaleej Times reported that Mr. Mitnick also demonstrated how a simple USB cable can be weaponised to access a user’s computer system. Using WiFi or Bluetooth, attackers can access a victim’s computer and data. The key logger can be used to get credentials; access file systems; access the audio tools, webcam and much more.
According to Mr. Mitnick, today, any device that can be plugged into a computer can be weaponised to give hackers access to any system under the sun.
Demonstrating at the Gisec stage, the expert hacker highlighted how, within just an hour, he was able to access HR data, including names, social security numbers and how long an employee has worked at a certain company.
As a first step, social engineering hackers conduct an “information reconnaissance”, he said. They do their research online to find the information that will support their social engineering attack.
“Social media platforms like LinkedIn can be used to identify people, their backgrounds, name, titles, and discover leads to their e-mail addresses,” Mr. Mitnick said.
According to the daily, live hacking events also took place at a secondary stage during the event called ‘Dark Stage’, which discussed the intricacies of the ‘dark web’.
At the event, Kuwait Hackers, a cyber-security consulting firm, also presented a live demo on how mobile phones can be easily hacked.