Tuesday | 7 October, 2008
CIO
Five lessons learned about computer security
How a hacker turned an illegal hobby into a useful career.
Jarina D'Auria 16 July, 2008 11:15:22

Related Topics
(Security)
Related Stories
  • +

    Adobe launches hosted services, adds Flash to Acrobat 03 June, 2008 09:02:44

    Adobe to launch Web site offering users free hosted services for document creation, sharing and storage
    Adobe this week is set to unveil the next version of its Adobe Acrobat software, which adds support for the company's Flash multimedia technology. The company also plans to launch a new Web site offering users free hosted services for document creation, sharing and storage.
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.

Newsletter Subscription

Sign up for our CIO newsletters!
Weekly coverage of the issues that impact corporate and government information
RSS Feeds

Reformed hacker-turned-security-consultant Kevin Mitnick served five years in federal prison for breaking into phone and software company networks. He talks about his past hacking exploits, computer security, and how he turned an illegal hobby into a useful career.

Hacking wasn't always illegal. I started off in what they call "phone phreaking" in the late 70s. This is the same hobby Apple founders Steve Jobs and Steve Wozniak had. At this time, 1978, there were no laws against hacking. The first law that criminalized hacking was passed in 1980 in California. I was doing this before it was illegal. And my interest was entertainment-the pursuit of knowledge, challenge and the trophy of the stolen information. There was no motive for money or malicious intent to use, disclose or destroy the data.

Learn the rules before you play the game. I knew hacking was sneaky when I started, but I didn't think it would get me into trouble. Back in my day, they didn't teach us about ethics in respect to hacking or using computers. Now, I tell kids to not follow in my footsteps. As computers become more accessible, there are more ethical ways to learn about computer security. Plus, there are laws now.

Not everyone takes security seriously. I've been testing a company-a financial institution-and they are governed by Sarbanes-Oxley and other regulations. I've done their security assessments for the last four years and each time I get in the same way. It's surprising that these companies do security audits to find their vulnerabilities but don't do much about them. They are required by law to do the audits so you'd think the auditors would require them to fix the issues, but in a lot of cases they don't.

Use your powers for good, not evil. When I was released from custody in 2000, the US government asked for my help. US senators Fred Thompson and Joseph Lieberman invited me to testify before Congress about the government's computer security vulnerabilities. Once the restrictions of my release were up, I went into full-fledged security work, such as training, security assessments and product evaluations. It's a reversal of fortune. Before, I was doing something exciting-but it was unauthorized and illegal. Now, I do the same thing that got me in trouble, except I do it with authorization. Clients hand me their network and tell me to break in so they can fix security vulnerabilities. To me, it's the same act but it helps my clients and it's legal and ethical, so it's a win-win situation. It's interesting that you can take a criminal activity like hacking and make it into a legitimate enterprise. I can't think of any other illegal activity you can do that with.

Even hackers get hacked. Attackers found a way onto my Web server. However, my website is hosted by a third-party hosting company, so when my site gets hacked it's the hosting service's security shortcomings, not my own. Of course it's embarrassing and I don't like it. Fortunately, I don't have any proprietary information on my public-facing servers. The downside is that people think my company was hacked, but it was really this hosting company's network and not my own site that was breached.

More about Apple, ACT, PLUS, Fred
Market Place
Reduce TCO for SAP with Linux. Get the white paper that proves your Linux is SAP ready.
New white paper | Improving Sales Productivity: An Opportunity for Sales and IT Leadership | Download now
21 October 2008 Live webinar: Learn how to orchestrate activities between a request management process and HP/Mercury/Quality Centre
Computerworld SOA Summit: Improve your margins and eliminate inefficiencies. Register now | 17th October 2008
Cut Printer costs! Printing costs can be up to 3% of turnover, cut them by up to 50%.
CRM Webcast: Learn how to find a CRM solution that fits into your existing business environment. Tune in now.
Webcast: How to get the best out of your network featuring expert analysts, to view now click here
Uncover the security challenges faced when defining and implementing security mechanisms within wired and wireless network environments.
 

Smart SOA World Tour

Discover how SOA can create smarter outcomes for your business.

Attend and learn:

  • How SOA is helping leading companies to become more agile
  • Where you should be applying SOA processes in your company
  • The top SOA implementation mistakes to avoid

Click here for more information.
  • +

    CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00

    For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders.
    [ MP3 (7.32 MB) | Windows Media (5.67 MB) ]
  • +

    CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25

    For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders.
    [ MP3 (7.56 MB) | Windows Media (5.14 MB) ]
  • +

    CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00

    Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (4.90 MB) | Windows Media (4.40 MB) ]
  • +

    CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00

    Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (5.89 MB) | Windows Media (4.84 MB) ]
  • +

    CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05

    Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (6.41 MB) | Windows Media (5.13 MB) ]
  • +

    Google blacklists ATUG Web site 07 October, 2008 12:46:00

    ATUG unaware of breach, Google unwilling to discuss details
    Hackers may have hit the Australian Telecommunications User Group (ATUG) Web site, according to Google which has placed security threat warnings across all pages displayed in searches.
  • +

    10 steps to loading dock security 07 October, 2008 11:30:00

    Companies in all industries struggle to secure the loading dock, that sensitive spot where goods come in and go out. Follow these best practices and sleep better tonight.
    It's the stuff of CSO nightmares. Early on the morning of September 2, while most folks were home sleeping off the hot dogs, thieves used bolt cutters to break into an Alltel Communications warehouse and four of its loading docks in Fort Smith, Ark. Sources say they escaped with an estimated US$10 million worth of cell phones, not a bad haul for their Labor Day efforts.
  • +

    Corporate security and the climate crisis 03 October, 2008 11:21:00

    How to adapt security and risk management policies - including IT security - to deal with climate change.
    US military strategists, CIA analysts, international agency officials and Nobel Prize winning economists concur with the consensus of the world's scientific community: the Climate Crisis is a planetary security issue, as well as a national security issue for each of the one hundred ninety two countries that belong to the United Nations. But the Climate Crisis is also, by extension, a corporate security issue, as well as, yes, a cyber security issue.
  • +

    Companies own up to virtual security blind spot 02 October, 2008 11:05:00

    VMWorld attendees reveal vast majority of companies have little or no security in place for their virtual systems.
    The vast majority of companies have little or no security in place for their virtual systems. That is a scary statistic revealed in a survey of attendees at the recent VMWorld 2008 conference in Las Vegas.
  • +

    How to minimize the impact of a data breach 01 October, 2008 08:54:00

    ID Experts' Rick Kam describes a customer-centric action plan
    Thirty-one percent of customers--nearly one-third of a company's client base and revenue source--are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute.
CIO Webcast Innovation #8 - What are the biggest roadblocks to IT's involvement in innovation at your company?
Watch the latest latest edition of CIO Innovation which is now available for download.
Watch the webcast
Sign up to the CIO Innovation update email


CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II
Listen to the latest edition of CIO Live which is now available for download.
Listen to the podcast
Sign up to the CIO Live email
Get a job Careerone
Whitepaper
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About

Read Whitepaper

Still Sneaking In: The Threats Your Security Tools Aren't Telling You About

Web 2.0 applications are all the rage, offering us tremendous value when it comes to collaboration and communication. They also open us up to new kinds of attacks however, and can cause problems in keeping systems and data secure. Read on to learn about the new attack methods and how you can defend yourself and your business.

Sponsored Links