KB4Con 2022 ended on a high point as it involved an individual many of the attendees had been excited to hear from – someone who is widely considered to have coined the term hacking. It was none other than computing security consultant, author, “one-time world-most wanted hacker” and Chief Hacking Officer at KnowBe4, Kevin Mitnick.
Kevin, who attend virtually via Zoom, was joined on stage by Colin Murphy, Chief Information Officer at KnowBe4. The talk was in the form of a Q&A with Colin asking Kevin questions that varied from his early hacking experiences, recommendations for today’s hybrid workforce as well as his thoughts on vigilante hackers from America that want to provide support to Ukraine.
Kevin’s interest in hacking came from his love of magic. He was fascinated by the tricks that could be played on the mind and individual which eventually evolved into pranking friends and family. He then applied what he learned to computing which was a new and unexplored world. However, he was met with an obstacle. As someone who didn’t study the required subjects to enter a computing class, he was initially turned down by his teacher. Disgruntled but determined not to give up, Kevin wrote a phishing program that stole the credentials of 80% of the staff and students in the 1970s – the first piece of code he had ever written. Astonished, the teacher allowed Kevin to study in the class (and unknowingly gave birth one of the world’s most formidable hackers).
Fast forward to present day and Kevin has a long list of achievements, warrants, items hacked, and media appearances. Yet, he is still a security professional that wants to help the many and parted with helpful advice to those in the audience who were hanging onto his every word.
For example, when Colin asked, “What are your recommendations for today’s hybrid workforce?” Kevin stated that organisations must assume a breach on the network has already occurred, with all devices connected to the network continuously scanned and secured using Endpoint Detection & Response (EDR). He continued explaining the importance of MFA (multi-factor authentication) and education to help train users, and the wider workforce, about popular cyberattack methods like phishing. Enabling the individual at home to be more secure must be a priority for every business that has a remote workforce was his message.
Kevin also noted the importance of prevention to the security of an organisaton, especially given the tactics adopted by modern day ransomware groups are not too dissimilar to those witnessed when he first started hacking himself. The objective, put plainly, is to keep all sensitive credentials safe and to transform the organisation’s security culture and reduce human risk at every level.
The talk also included a live demonstration of a vishing attack that Kevin had created to obtain mobile numbers using the automated voice attendant at AT&T – a familiar voice to those in the US.
It was a fascinating talk and closed an incredible 3 days of KB4Con 2022, where positive connections were made to help us make smarter security decisions for the future.