Kevin Mitnick Email Interception Demonstration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

let me show you this cool setup because it's a little bit unique yeah so we have two computers here they're connected yeah I mean you see all these wires but it's actually this is a user this is the acting as the email server and it's just a fiber connector right okay just a regular office setup just a regular office okay this would normally be a server right but I don't want to carry a server in here and so it's a laptop yeah and all these wires are set up because it's actually converting fiber to Ethernet okay so we we have a direct connection here okay yeah and this wouldn't be like in the same office as being some closet or whatever right this would be sitting on somebody's desk yeah but where the magic happens is over here because on one of the fiber connections what I do here is I have a what they call it cassette okay and what this does is it gives me visibility to actually get to the actual fiber so basically you know this is glass plastic cable it's as about as thin as your hair and I use this coupling device to actually clamp down on the fiber and I can create a wire tap okay would be the MIDI NSA right right right and what this does is it takes the light off of here yeah it sends it down the fiber to this box and it's connected to my Mac and I could actually use drop on the communications and this is your an outside guy outside yeah I I could be I could be inside the company where there's a fiber junction or outside yeah this is kind of what an optical fiber junction looks like over here it's a looks like you know the cylindrical device and you pull it up and you see just multiple of multiples of these cassette stacks and stacks and stacks so anybody could pop it open and couple it and actually create a wiretap it's not a myth really I'm gonna prove it's real yeah so what I'm going to do here is on the hacker computer okay I'm gonna bring up a tool called it's a very common tool that IT administrators use called Wireshark mm-hmm what I'm gonna do is restart it and what I'm gonna do is set it up put what we call a filter on there just to look for SMTP traffic which is email which is email traffic right right right this is the tapping computer okay and it's not hooked up directly into this connection but what we're doing is we're simulating a tap a fiber tab mhm so we're gonna go over to the user computer over here yep and I'm gonna do a new email and as you could see I have a little bit of sense of humor I'm sure kevin Mitnick adenosine not like send a quick email over to Edward Snowden all right not really sending it to Snowden know it right actually this is not even going over the Internet right it's just a demo right and then I'm gonna put the subject a secret in confidential say hi ed oops this is my online banking password mm-hmm that has no two-factor authentication mm-hmm so please guard it with your life mm-hmm Oh buddy type up this type please this kind of sensitive instruction right so this is like you know people send passwords they send you know maybe financials yeah you have a PDF of your your your third quarter financials right and their secret yeah I can get them mm-hmm so go ahead and you know and this is I'm not gonna send an attachment here just a simple email and I'll put in my password is Kevin one two three mmm excavation point yep thank you okay okay so here we have I drafted the email yes and then when I hit the send button over here it's actually going to send the email to this box to the server and this is to the server right so ed would would be on another computer somewhere else that would actually pull the server yep to get the email right so when I hit said I want you to pay attention over here goes to the hacker computer mm-hmm that's um something's gonna happen again it's gonna kind of be gibberish to you then I'll show you what we have here then hit Send yeah boom and you see a bunch of stuff come up and then I'm gonna hit send receive here and if we listen we could hear the email be sent with the typical ping so here we go okay yeah look right so he's mail sent to the server and over here because I'm tapping the transmit on this connection I'm able to not only intercept the email but actually the password so what I'll do is we're gonna head and whoops go to the first packet we're going to follow the TCP stream okay and enlarge it for you and if you look up here you'll see it says log off login in and see this is base64 encoded username password okay okay and then most importantly what we have here is the actual content yeah we have here hi ed this is my online you know banking password with that has no two-factor authentication so please guard it with your life my password is Kevin one two three thank you so we actually intercepted the most important which the which is the content of the email that I was setting to add and as a bonus you got the login connector correct right correct it's scrambled but it's not too hard to you know basically reverse now of course the natural segue is to then say we're someone to actually utilize encrypted email this hacker over here is not seeing anything that they can actually use right because I set up this email server not to using encrypted protocol so we're using pop pop 3 which is not encrypted if it was using an encrypted secure protocol we wouldn't be able to get the credentials if we were actually encrypting the email in the attachments mm-hmm then even though I'm intercepting the packets on the wire it's unintelligible to me I can't read it because it's encrypted right right but this people thought that wiretapping fiber was actually a myth but here were able to you know play NSA for a day and actually demonstrate that this stuff is really real or any hacker right right absolutely absolutely incredible yeah all right well thank you very much for walking us through that and for everyone you know that had a chance to witness this I think you and I think that this is the first time this has actually been demoed alright someone's actually shown this exactly I have a colleague Philippe in in Luxembourg that actually you know put this whole thing together mm-hm and and this is the first time this is being demonstrated publicly mm-hmm but we've had this knowledge that this could be done for quite a while incredible

Info

Channel: Zix

Views: 42,615

Rating: 4.9496403 out of 5

Keywords: Kevin Mitnick (Author), Most Wanted Hacker, Man-in-the-middle, email encryption, fiber tap, fibre tap, Email Interception

Id: FH3sxFl-4is

Channel Id: undefined

Length: 6min 40sec (400 seconds)

Published: Thu Jul 16 2015