The following came to me via email. I believe there is a link in the text. Jen B. ______________________

03/02/00- Updated 05:24 PM ET Hacker Mitnick testifies before Congress Once prosecuted by government, infamous hacker sought for advice

WASHINGTON (AP) - The government that imprisoned the world's most nfamous computer hacker for nearly five years sought his advice Thursday about how to keep its own networks safe from intruders.

Just weeks after his release from federal prison, an animated Kevin Mitnick advised senators against focusing too much on technical protections at the expense of simpler safeguards - such as making sure a company receptionist does not disclose passwords to sensitive systems.

Mitnick, 36, wearing a slightly ill-fitting navy suit and rocking gently in a witness chair, warned lawmakers about his favored technique of 'social engineering,'' or deceiving others into believing he could be trusted. He told of duped victims at major corporations volunteering their passwords and even sending him secret software blueprints.

''I was so successful in that line of attack that I rarely had to resort to a technical attack,'' Mitnick said. ''Companies can spend millions of dollars toward technological protections and that's wasted if somebody can basically call someone on the telephone and either convince them to do something on the computer that lowers the computer's defenses or reveals the information they were seeking.''

...

***********

Mitnick to Lawmakers: People, Phones are Weakest Links

March 2nd, 12:14 PM PST By Kevin Poulsen

WASHINGTON (SecurityFocus.com News) - In his twenty years of experience, Kevin Mitnick has cracked virtually every system he's targeted. And the secret of his success was letting his fingers do the walking, the hacker told a Senate panel Thursday.

"When I would try to get into these systems, the first line of attack would be what I call a social engineering attack, which really means trying to manipulate somebody over the phone through deception," Mitnick testified in a hearing on federal government computer security. "I was so successful in that line of attack that I rarely had to go towards a technical attack."

Mitnick, arguably the world's most famous computer intruder, plead guilty in March of 1999 to seven felonies arising from a string of intrusions into the networks of cell phone companies and computer makers, including Motorola (NYSE: MOT), Fujtsu and Sun Microsystems (Nasdaq: SUNW). He was released on January 21st, after nearly five years in prison.

In his testimony before rapt lawmakers at the Senate Committee on Governmental Affairs, Mitnick criticized software companies for shipping products with flawed security, and expressed the opinion that open source software is safer because its workings can be closely analyzed by the public and academia.

IRS, Social Security, vulnerable

Mitnick also warned that dial-ups into otherwise secure computer networks are vulnerable, because the telephone network itself is insecure.

But the hacker's most common refrain was that people, not computer bugs, are the path of least resistance to corporate and governmental secrets. By way of example, Mitnick testified that, on a whim, he once used a cell phone during a fifteen minute walk home to pose as a Motorola employee and persuade the company to send him proprietary source code. He said that similar techniques gave him access to confidential information from the Internal Revenue Service and the Social Security Administration. "And I did it all without even touching a computer," Mitnick said.

That was in 1992, "which happens to be beyond the applicable statue of limitations," Mitnick quipped, drawing laughter from lawmakers and the gallery.

"The human side of computer security is easily exploited and constantly overlooked," said Mitnick. "Companies spend millions of dollars on firewalls, encryption and secure access devices, and it's money wasted, because none of these measures address the weakest link in the security chain."

Escape from Reality

Near the end of Mitnick's forty five minutes of testimony, ranking member Joseph Lieberman (D-CT) asked him why he hacked.

"My motivation was the quest for knowledge, the intellectual challenge, the thrill, and also the escape from reality," Mitnick replied. "Kind of like somebody who chooses to gamble to block out things that they'd rather not think about."

Mitnick expressed support for a Senate bill designed to address the security of federal government computers, but suggested that lawmakers add more emphasis on training. He also suggested that agencies produce an educational video on the perils of social engineering attacks.

Lieberman asked if increased criminal penalties might have the effect of "deterring the next Kevin Mitnick."

Mitnick, whose prison term was among the longest hacker sentences in history, hesitated and raised an eyebrow. "You're talking about enacting further criminal legislation?"

The Senator answered that he was.

"I'd encourage coming up with methods of detection and prevention," Mitnick replied.

-- Jen Bunker (jen@bunkergroup.com), March 02, 2000

Answers

Thank you to POLITECH for this information

http://www.well.com/~decl an/politech/

-- Jen Bunker (jen@bunkergroup.com), March 03, 2000.