...Kevin Mitnick – Social Engineering and Computer Hacking Mastermind Shelby Descoteaux Professor Kabay IS 340 A Nov. 22, 2013 Table of Contents Introduction 3 Kevin Mitnick 3 Hackers and Their Motives 3 The Early Years 4 Adolescence 5 Kevin in Trouble 6 Kevin’s Final Visit from the FBI 7 Hacker or Engineer? 8 Impact on Computer Security 8 Conclusion 9 Works Cited 10 Introduction Most people today are aware of the detrimental risk that hackers pose to their computers. They might know about identity theft, viruses, Trojans and worms however what they fail to recognize is how these things are accomplished and if they have actually fallen victim to one of these horrible attacks. But what about attacks with even greater impacts…like someone hacking into the computer system of a car that controls the brakes? Perhaps penetrating the systems that control nuclear power plants? Although it seems unlikely that either of these extremely scary scenarios would ever happen, it is most definitely possible. One researcher for IBM’s Internet Security Systems told the owners of a nuclear power station that he could hack into their system through the Internet. The power station took this as a joke, responding to Scott Lunsford, the IBM researcher, with a laugh in his face saying that it was “impossible”. In response, Scott took up the power plant on their words and proved them wrong. In less than twenty-four hours, Scott’s team had infiltrated the system and in...
Words: 4016 - Pages: 17
...o Data - o People - o Procedures – Lack of written security policy and procedure, it will be difficult to apply or enforce if its not written. o Networks – if user accounts communicated across the network insecurely, it will expose username and password to the attacker to gain access. 7) What is an SDLC? Describe the (general) five phases of an SDLC. How does it differ from a SecSDLC? • The five phases of systems development life cycle (SDLC); o Investigation – Planning and requirement gathering – o Analysis – feasibility and assessments of organization systems. o Design – Creating and designing of a system o Implementation – installation of a system o Maintenance and Change - maintenance activities within the database. • SecSDLC methodology for the design and implementation of technologies to protect an organization from intrusion, data corruption, and theft. SDLC develops systems used within a business and business needs, while the SecSDLC develops the systems to protect these systems and...
Words: 927 - Pages: 4
...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or...
Words: 4896 - Pages: 20
...The reality, however, is that hackers are a very diverse bunch, a group simultaneously blamed with causing billions of dollars in damages as well as credited with the development of the World Wide Web and the founding of major tech companies. In this article, we test the theory that truth is better than fiction by introducing you to ten of the most famous hackers, both nefarious and heroic, to let you decide for yourself. Black Hat Crackers The Internet abounds with hackers, known as crackers or "black hats," who work to exploit computer systems. They are the ones you've seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile five of the most famous and interesting "black hat" hackers. Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off." James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee...
Words: 1397 - Pages: 6
...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Anti-Hacking: The Protection of Computers While the term Anti-Hacking may have different meanings to different people, one thing is certain. By definition, it means , "the opposite of hacking." If hacking is defined as an attack on a computer system, then Anti-Hacking is the protection of that system. The three aspects discussed in this paper: Education of the Security Adminis trator, Securing the Environment, and How to Fight Back are just one combined definition of how to protect a system. Copyright SANS Institute Author Retains Full Rights AD © SANS Institute 2003, Author retains full rights Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 © SANS Institute 2003, As part of the Information Security Reading Room. Author retains full rights. Anti-Hacking: The Protection of Computers Chadd Schlotter In the Computer Security industry, there are many solutions available to help combat cyber crime. Firewalls and Intrusion Detection systems are in place across the Internet to help protect more networks than ever before. Teams at software corporations work diligently on creating patches for known vulnerabilities, yet everyday the number of computers that are compromised increases...
Words: 4983 - Pages: 20
...accomplice was arrested. Another accomplice was caught attempting to withdraw funds from an account in Rotterdam. Although Russian law precluded Levin's extradition, he was arrested during a visit to the United States and subsequently imprisoned. (Denning 1999, 55). The above forms of computer-related crime are not necessarily mutually exclusive, and need not occur in isolation. Just as an armed robber might steal an automobile to facilitate a quick getaway, so too can one steal telecommunications services and use them for purposes of vandalism, fraud, or in furtherance of a criminal conspiracy.1 Computer-related crime may be compound in nature, combining two or more of the generic forms outlined above. The various activities of Kevin Mitnick, as described in Hafner and Markoff (1991) are illustrative. Problem areas • Telecommunications • Electronic vandalism, terrorism and extortion • Stealing telecommunications services • Telecommunications...
Words: 2042 - Pages: 9
...THE ART OF DECEPTION Controlling the Human Element of Security KEVIN D. MITNICK & William L. Simon Foreword by Steve Wozniak Scanned by kineticstomp, revised and enlarged by swift For Reba Vartanian, Shelly Jaffe, Chickie Leventhal, and Mitchell Mitnick, and for the late Alan Mitnick, Adam Mitnick, and Jack Biello For Arynne, Victoria, and David, Sheldon,Vincent, and Elena. Social Engineering Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology. Contents Foreword Preface Introduction Part 1 Behind the Scenes Chapter 1 Security's Weakest Link Part 2 The Art of the Attacker Chapter 2 When Innocuous Information Isn't Chapter 3 The Direct Attack: Just Asking for it Chapter 4 Building Trust Chapter 5 "Let Me Help You" Chapter 6 "Can You Help Me?" Chapter 7 Phony Sites and Dangerous Attachments Chapter 8 Using Sympathy, Guilt and Intimidation Chapter 9 The Reverse Sting Part 3 Intruder Alert Chapter 10 Entering the Premises Chapter 11 Combining Technology and Social Engineering Chapter 12 Attacks on the Entry-Level Employee Chapter 13 Clever Cons Chapter 14 Industrial Espionage Part 4 Raising the Bar Chapter 15 Information Security Awareness and Training Chapter 16 Recommended Corporate Information Security Policies Security at a Glance Sources...
Words: 125733 - Pages: 503
...Cyber security is a critical and growing issue in the world today. President Obama said this issue is, "one of the most serious economic and national security threats our nation faces" (Cybersecurity). The United States is one of the most computer dependent societies and has the most computer dependent military and intelligence agencies. With more and, more of our country being ran by technology we are at a bigger risk of attack. A cyber attack could be the most devastating attack our country has ever faced. An attack on America’s cyber infrastructure could cripple the country and put us at an even greater risk of a normal attack. FBI Director said “Counterterrorism — stopping terrorist attacks — with the FBI is the present number one priority. But down the road, the cyber threat, which cuts across all FBI programs, will be the number one threat to the country” (Paganini). The message is clear the cyber security threat we are facing today is a dangerous and growing threat that has serious offensive potential and is often difficult to detect or prevent. An attack on a nation’s critical infrastructure can be devastating and when you add the fact that cyber attacks often do not make themselves know until it is to late could make for a devastating first strike prior to an invasion. Cyber security is defined as measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. The term “cyber security threat” means...
Words: 2041 - Pages: 9
...The World of Cybercrimes Cybercrimes are one of the most dangerous threats to our Nation. There are no boundaries when it comes to cybercrimes. A cybercrime is one of the fastest growing crime types of the century and includes criminal activity involving computers and the internet. Hacking a computer is not the only thing considered a cybercrime. Downloading movies and music illegally is also a cybercrime. Once thought as something that only the military or other government officials had to worry about, it is now on the rise since everyone has a computer and it is easy to find out how to hack into computer systems. With the rise of internet usage among businesses and private users, the risk of being a victim of cybercrime is huge. The Security Tracking Study performed by the Pomemon Institute states that 83 percent of multinational companies feel that within the past 12 months they have been a target of a cybercrime. Price Water House Coopers states that the number of businesses having a security breach is more along the lines of 92 percent. Cybercrimes are attacks on computer hardware and software, downloading illegal movies and music, online fraud involving financial crimes and corruption with an organization, crimes against children and the elderly, cyber bullying and fraudulent telemarketing events for charitable donations. What was once something only “hackers” did is now something anyone can do. The term hacker was originally described as “any technical effort...
Words: 8856 - Pages: 36
...ARTICLES A Kind Word for Theory X: Or Why So Many Newfangled Management Techniques Quickly Fail Michael P. Bobic Emmanuel College William Eric Davis Community College Southern Nevada ABSTRACT Forty-three years ago, Douglas McGregor’s The Human Side of Enterprise offered managers a new assumption of management (Theory Y), which would be more effective than what he considered then-current management assumptions (Theory X). While McGregor’s Theory Y model has been widely adopted in management literature as the preferred model, Theory X management still persists in practice. Moreover, many efforts to introduce management initiatives based on Theory Y have failed to reform the workplace or worker attitudes. While most explanations of these failures focus on training, implementation, or sabotage, this article proposes several defects in Theory Y that have contributed to these failures. Theory Y is based upon an incomplete theory of human motivation that erroneously assumes that all people are creative (and want to be creative) in the same way. Important research by Michael Kirton presents a different model of creativity that explains the failure of Theory Y and justifies Theory X as an important managerial theory and strategy. Theory X persists not because of circumstances or the nature of particular jobs, but because different people have personalities that respond to Theory X management better than to Theory Y management. But if the times and circumstances change, [a...
Words: 14544 - Pages: 59
...only real security that a man can have in this world is a reserve of knowledge, experience and ability.” —HENRY FORD In this chapter, you will learn how to ■ Define basic terms associated with computer and information security ■ Identify the basic approaches to computer and information security ■ Distinguish among various methods to implement access controls ■ Describe methods used to verify the identity and authenticity of an individual ■ Describe methods used to conduct social engineering ■ Recognize some of the basic models used to implement security in operating systems 20 P:\010Comp\BaseTech\619-8\ch02.vp Wednesday, November 09, 2011 2:01:20 PM I n Chapter 1, you learned about some of the various threats that we, as security professionals, face on a daily basis. In this chapter, you start exploring the field of computer security. Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 ■ Basic Security Terminology The term hacking has been used frequently in the media. A hacker was once considered an individual who understood the technical aspects of computer operating systems and networks. Hackers were individuals you turned to when you had a problem and needed extreme technical expertise. Today, primarily as a result of the media, the term is used more often to refer to individuals...
Words: 16889 - Pages: 68
...is just a cracker who is getting paid. Answer: C Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. QUESTION 2: What does the term "Ethical Hacking" mean? A. Someone who is hacking for ethical reasons. B. Someone who is using his/her skills for ethical reasons. C. Someone who is using his/her skills for defensive purposes. D. Someone who is using his/her skills for offensive purposes. Answer: C Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. QUESTION 3: Who is an Ethical Hacker? A. A person whohacksfor ethical reasons B. A person whohacksfor an ethical cause C. A person whohacksfor defensive purposes D. A person whohacksfor offensive purposes Answer: C Explanation: The Ethical hacker is a security professional who applies his hacking skills for defensive purposes. Actualtests.com - The Power of Knowing 312-50 QUESTION 4: What is "Hacktivism"? A. Hacking for a cause B. Hacking ruthlessly C. An association which groups activists D. None of the above Answer: A Explanation: The term was coined by author/critic Jason Logan...
Words: 34575 - Pages: 139
...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information...
Words: 229697 - Pages: 919
...Contents 1. Introduction 2. Assessment Test 3. Chapter 1: Getting Started with Ethical Hacking 1. Hacking: A Short History 2. What Is an Ethical Hacker? 3. Summary 4. Exam Essentials 5. Review Questions 4. Chapter 2: System Fundamentals 1. Exploring Network Topologies 2. Working with the Open Systems Interconnection Model 3. Dissecting the TCP/IP Suite 4. IP Subnetting 5. Hexadecimal vs. Binary 6. Exploring TCP/IP Ports 7. Understanding Network Devices 8. Working with MAC Addresses 9. Intrusion Prevention and Intrusion Detection Systems 10. Network Security 11. Knowing Operating Systems 12. Backups and Archiving 13. Summary 14. Exam Essentials 15. Review Questions 5. Chapter 3: Cryptography 2 1. Cryptography: Early Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions...
Words: 71242 - Pages: 285
...THE FUTURE OF TECHNOLOGY OTHER ECONOMIST BOOKS Guide to Analysing Companies Guide to Business Modelling Guide to Business Planning Guide to Economic Indicators Guide to the European Union Guide to Financial Markets Guide to Management Ideas Numbers Guide Style Guide Dictionary of Business Dictionary of Economics International Dictionary of Finance Brands and Branding Business Consulting Business Ethics Business Strategy China’s Stockmarket Globalisation Headhunters and How to Use Them Successful Mergers Wall Street Essential Director Essential Economics Essential Finance Essential Internet Essential Investment Essential Negotiation Pocket World in Figures THE FUTURE OF TECHNOLOGY THE ECONOMIST IN ASSOCIATION WITH PROFILE BOOKS LTD Published by Profile Books Ltd 3a Exmouth House, Pine Street, London ec1r 0jh Copyright © The Economist Newspaper Ltd 2005 All rights reserved. Without limiting the rights under copyright reserved above, no part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written permission of both the copyright owner and the publisher of this book. The greatest care has been taken in compiling this book. However, no responsibility can be accepted by the publishers or compilers for the accuracy of the information presented. Where opinion is expressed it is that of the author and does not necessarily...
Words: 128899 - Pages: 516
