...The reality, however, is that hackers are a very diverse bunch, a group simultaneously blamed with causing billions of dollars in damages as well as credited with the development of the World Wide Web and the founding of major tech companies. In this article, we test the theory that truth is better than fiction by introducing you to ten of the most famous hackers, both nefarious and heroic, to let you decide for yourself. Black Hat Crackers The Internet abounds with hackers, known as crackers or "black hats," who work to exploit computer systems. They are the ones you've seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile five of the most famous and interesting "black hat" hackers. Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off." James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee...
Words: 1397 - Pages: 6
...William Parshall Mr. Burke June 6, 2015 Information Theft Is information theft in today’s world, using the internet primarily, a pertinent issue? The world grows continually smaller. Each passing day interconnectivity amongst personal computers becomes increasingly normative. These electronic bridges are at the foundation of the networks of networks which comprise the Internet, which was initially a concept developed as a means by which both communication and vast archives of information could be preserved in the event of a nuclear war. The design was simple: a system of information exchange which was indestructible in its redundancy. In other words, Russia would need to vaporize North America entirely to with the Cold War. In the absence of a real war, for years the Internet remained inhabited largely by members of academic and scientific communities who prized and throve upon instant exchange of information. It was these individuals who became the first denizens of cyberspace, a new frontier characterized, like the wild west, by anarchy and governed, similarly, by the good sense of inhabitants. With interest in the Internet as a phenomenon increasing steadily over the past decade, however, it is evident that those now living are witnesses of a bizarre transformation whereby technological experience becomes wholly integral to our daily routine. As scores flock to experience the new online realm, tiny enclaves of similarly-interested individuals coalesce into electronic...
Words: 1062 - Pages: 5
...Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author and hacker. In 1999, he was convicted of various computer and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.[1] He now runs a security firm named Mitnick Security Consulting, LLC that helps test a company's security strengths and weaknesses, and is the Chief Hacking Officer of security awareness training company KnowBe4. Mitnick is an active advisory board member at Zimperium,[2] a mobile defense firm that develops a mobile intrusion prevention system.[3] Contents 1 Early life 2 Computer hacking 3 Arrest, conviction, and incarceration 4 Controversy 5 Media 6 Pop culture references 6.1 Video games 6.2 Graphic novels 6.3 TV 7 See also 8 References 9 Bibliographies 9.1 Books 9.2 Articles 10 External link Early life Mitnick grew up in Los Angeles and attended James Monroe High School.[4] He was enrolled at Los Angeles Pierce College and USC.[4] For a time, he worked as a receptionist for Stephen S. Wise Temple.[4] Computer hacking At age 15, Mitnick used social engineering to bypass the punch card system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method...
Words: 2292 - Pages: 10
...country. In 2001 and 2002 Gary McKinnon hacked into US military computer networks. He Deleted important files in the operating systems in the US army’s district in Washington. Shutting down 2000 computers for 24 hours. He deleted weapons logs and crashed 300 computers for munition’s delivery to the US NAVY. He also broke into NASA networks to search for evidence of UFO cover-ups. In 2009, Albert Gonzalez helped steal about 36 million credit card numbers from TJX ,which cost the company about 160 million Dollars. Literature Review Social engineering is a practice of obtaining confidential information by manipulating users in social communication. In The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick. The Book talks about social engineering and how it is used to gain information in financial, manufacturing, medical, and legal companies to gain access to their networks. I thought this book was important reading for company’s...
Words: 689 - Pages: 3
...KEVIN MITNICK Worlds Most Infamous Hacker KEVIN MITNICK Worlds Most Infamous Hacker Most of you don’t know about the world’s most notorious hacker, Kevin Mitnick! Starting at a young age16, Mitnick used social engineering and dumpster diving to bypass the punch card system in the bus system. He broke into DEC’s computer network and copied their software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of supervised release, Mitnick hacked into Pacific Bell voice mail computers. He started breaking into companies like IBM, Motorola, and Nokia. He also joined a phone phreak gang, which met irregularly in a pizza parlor. They mostly used the phones to prank people and confuse them. For example they would change the class of someone’s phone service on someone’s house phone to payphone status, so that whenever they picked up the receiver a recorded voice would ask them to deposit twenty cents to make a call. Mitnick had plenty of run-ins with the police, all of them where computer related. In 1987 and 1988, Kevin and a friend, Lenny DiCicco, fought a pitched electronic battle against scientists at Digital Equipment’s Palo Alto research laboratory. Mitnick was obsessed and determined to get a copy of Digital’s VMS minicomputer operating system, and was trying to do it by gaining entry to the company’s corporate computer network, also...
Words: 1094 - Pages: 5
...Kevin Mitnick – Social Engineering and Computer Hacking Mastermind Shelby Descoteaux Professor Kabay IS 340 A Nov. 22, 2013 Table of Contents Introduction 3 Kevin Mitnick 3 Hackers and Their Motives 3 The Early Years 4 Adolescence 5 Kevin in Trouble 6 Kevin’s Final Visit from the FBI 7 Hacker or Engineer? 8 Impact on Computer Security 8 Conclusion 9 Works Cited 10 Introduction Most people today are aware of the detrimental risk that hackers pose to their computers. They might know about identity theft, viruses, Trojans and worms however what they fail to recognize is how these things are accomplished and if they have actually fallen victim to one of these horrible attacks. But what about attacks with even greater impacts…like someone hacking into the computer system of a car that controls the brakes? Perhaps penetrating the systems that control nuclear power plants? Although it seems unlikely that either of these extremely scary scenarios would ever happen, it is most definitely possible. One researcher for IBM’s Internet Security Systems told the owners of a nuclear power station that he could hack into their system through the Internet. The power station took this as a joke, responding to Scott Lunsford, the IBM researcher, with a laugh in his face saying that it was “impossible”. In response, Scott took up the power plant on their words and proved them wrong. In less than twenty-four hours, Scott’s team had infiltrated the system and in...
Words: 4016 - Pages: 17
...“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Kevin Mitnick [4] Social engineering is one of the ways hackers get an access to sensitive information, such as passwords, access codes, credit card numbers, etc. Instead of breaking into a computer system, the persuasive hackers trick people into giving up the information on their own. [1] According to the Security and Risk website, social engineering attacks are very costly for businesses. For example, once hackers get the needed log in information, they can then spy on an organization’s activity and transactions. Annually, an organization can lose thousands of dollars on such attacks. New employees are the primary victims that become the prey of hackers via phishing emails and social networking sites. [2] The most common method of social engineering attacks is phishing or spam scams. The victim receives an urgent email where he or she asked to follow a link to verify the account number or any other “important” data. Hackers use well known organizations and banks’ logos and these kinds of emails are very convincing. There are different variations to this method, though. Instead of phony emails, a victim can receive a phony call from an “authority” or an IT specialist that tries to get the sensitive information from a victim. Also, there are different variations to it when hackers pretend to be some...
Words: 508 - Pages: 3
...Kubutona Letuka Week 1 - Homework Exercise 5 Investigation about Kevin Mitnick Background PT2013-0675 C_ITSS311 Born 6-Aug-1963, Kevin Mitnick reached his adolescence in late 70s while living in Los Angeles, when the computing industry was in its infancy and beginning to grow. Kevin grew in a lower-middle-class environment, with his parents having divorced while he was still young. He had an interest in how the telephone network worked and how he could use the telephone network for his benefits (i.e. hacking). By using a personal computer and a modem Kevin was able to commandeer a phone company’s digital central office switch by dialling in remotely, this simple technique allowed Kevin to make free calls and eavesdrop all communications made by every individual. This was the start of his hacking “career”. At the of 17 years old, Kevin was arrested and charged with “destroying data over a computer network”, he spend three months in jail. What did he do? Instead of using his knowledge to explore the various computer adventures, Mr Kevin preferred to rather have a run-in with the police. Time after time he had a collision with the police. His next arrest was in 1983 at the University Southern California, where he was caught trying to gain illegal access to ARPnet using the university’s computer. For the crime committed he was sentenced to six months in prison. When he was released, he had the number plate of his car printed “XHACKER”, but he still had a hacking appetite. A couple...
Words: 935 - Pages: 4
...Chapter 1 Assignmnet Ryan M. Kethcart INFOST-491 SEC-OL Exercises 1. Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined? a. A paper titled the “Rand Report R-609” was sponsored by the Department of Defense and initiated the movement toward security that went beyond protecting physical locations. It attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following: securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security. 3. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit. a. Threat: i. Theft of Media b. Threat Agent: ii. Hacker (Ex: Ima Hacker) c. Vulnerability: iii. Unprotected system port d. Exposure: iv. Using a website monitored by malicious hackers, reveals a vulnerability – i.e. Unprotected system port e. Risk: v. Low level risk – The probability that...
Words: 790 - Pages: 4
...important to have a different level of access based on duties and also mandatory training on security best practices it's important. • On the other hand, vulnerability is a weakness that allows one to be exploited. For example, when terminating user’s login access but yet the user can still login into the access system. This is a flaw and unauthorized user can access the system. 5) Using the web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous. • Kevin Mitnick from Los Angeles, California, also knowing as “The Condor, The Darkside Hacker”. In mid 90s, he was the most wanted hacker in the world. He did wire fraud and possession of unauthorized access device, he accessed federal computer and causing damage to computer unlawfully. He hacked into Tsutomu Shimomura machine and he established a link to Mitnick and decided to let FBI know and arresting the hacker. with Shimomura help on February 15, 1995, at 2 AM, the FBI burst into Mitnick’s apartment with Shimomura and caught Mitnick and sent to prison for 5 years. • 6) What are the six critical components of an information system? Select three of the six components, and describe a potential vulnerability inherent with that component. Also describe what a threat agent might do to exploit that vulnerability. • The six components of an information system are; o Hardware - o Software – unauthorized installation or changes to software can...
Words: 927 - Pages: 4
...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or...
Words: 4896 - Pages: 20
...Chapter 1 Solutions File Review Questions 1. What is the difference between a threat agent and a threat? A threat is an object, person, or other entity that poses a risk of loss to an asset—i.e., the organizational resource that is being protected. A threat agent is a specific instance of a general threat. 2. What is the difference between vulnerability and exposure? A vulnerability is a weakness or fault in the protection mechanisms that are intended to protect information and information assets from attack or damage. An exposure is a weakness that is revealed or exposed to the attack environment. 3. What is a hacker? What is a phreaker? A hacker is a person who uses information systems or data networks without permission or in ways that violate the owner’s intentions, usually by bypassing controls or ignoring policy. A phreaker is a hacker on the voice telecommunication network. 4. What are the three components of the C.I.A. triangle? What are they used for? The C.I.A. triangle, an industry standard for computer security since the development of the mainframe, is based on the three characteristics of information that make it valuable to organizations: confidentiality, integrity, and availability. Confidentiality is the protection of information from disclosure or exposure to unauthorized individuals or systems. This means that only those with the rights and privileges to access information are able to do so. Integrity is when information...
Words: 1780 - Pages: 8
...THE ART OF DECEPTION Controlling the Human Element of Security KEVIN D. MITNICK & William L. Simon Foreword by Steve Wozniak Scanned by kineticstomp, revised and enlarged by swift For Reba Vartanian, Shelly Jaffe, Chickie Leventhal, and Mitchell Mitnick, and for the late Alan Mitnick, Adam Mitnick, and Jack Biello For Arynne, Victoria, and David, Sheldon,Vincent, and Elena. Social Engineering Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology. Contents Foreword Preface Introduction Part 1 Behind the Scenes Chapter 1 Security's Weakest Link Part 2 The Art of the Attacker Chapter 2 When Innocuous Information Isn't Chapter 3 The Direct Attack: Just Asking for it Chapter 4 Building Trust Chapter 5 "Let Me Help You" Chapter 6 "Can You Help Me?" Chapter 7 Phony Sites and Dangerous Attachments Chapter 8 Using Sympathy, Guilt and Intimidation Chapter 9 The Reverse Sting Part 3 Intruder Alert Chapter 10 Entering the Premises Chapter 11 Combining Technology and Social Engineering Chapter 12 Attacks on the Entry-Level Employee Chapter 13 Clever Cons Chapter 14 Industrial Espionage Part 4 Raising the Bar Chapter 15 Information Security Awareness and Training Chapter 16 Recommended Corporate Information Security Policies Security at a Glance Sources...
Words: 125733 - Pages: 503
...chapter 2 40 Chapter 2 you. I’ve asked Charlie Moody to come in today to talk about it. He’s waiting to speak with us.” When Charlie joined the meeting Fred said, “Hello, Charlie. As you know, the Board of Directors met today. They received a report on the expenses and lost production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project...
Words: 24411 - Pages: 98
...The Necessity of Information Assurance 1 The Necessity of Information Assurance Adam Smith Student ID: Western Governors University The Necessity of Information Assurance 2 Table of Contents Abstract ........................................................................................................................................... 5 Introduction ..................................................................................................................................... 6 Project Scope .............................................................................................................................. 6 Defense of the Solution ............................................................................................................... 6 Methodology Justification .......................................................................................................... 6 Explanation of the Organization of the Capstone Report ........................................................... 7 Security Defined ............................................................................................................................. 8 Systems and Process Audit ............................................................................................................. 9 Company Background ................................................................................................................ 9 Audit Details ...........................
Words: 12729 - Pages: 51