World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote

Video Statistics and Information

Video
Captions Word Cloud
Captions
good morning everyone I'm going to introduce the main keynote speaker here in a moment I'll be talking about no before a little later in the day at the panel right after lunch but now I'm going to introduce a man who well some say that cybersecurity started itself with him with his electronic Joyride when he was a youth many of the careers and cyber security investments that you are involved in might not even have come into existence without him I've worked with Kevin for five years now but this is the first time that we actually share a stage which is really cool Kevin is a top cybersecurity keynote speaker and gets to travel all over the world educating and showing the latest threats some of which you are going to see today every single event in 2017 has had record attendance and that is to some degree caused by his his drawing power he is the world's most famous hacker there's no one like Kevin he was once on the FBI's most wanted list I think you won't know that he caught he hacked into about 40 corporations just for the challenge Kevin is now a trusted security consultant for both fortune 500 and basically worldwide governments in mass media he's an author of multiple bestsellers more than 50 countries more than 20 languages he's the subject of countless stories myths movies books he was in theaters last year in a film by Werner Herzog and is currently syndicated on the National Geographic Channel in a series called I am rebel 107 countries KPMG compares him to David Beckham or LeBron James news.com calls him the Mick Jagger of our industry ha he is he is truly one of the few global superstars in cybersecurity and his stories are legendary these are not titles he's very comfortable with but I do know that as part of his security consulting business Kevin and his team of white hat hackers still maintain a 100% successful track record of being able to penetrate the security of any organisation they are paid to hack using a combination of technical exploits and social engineering governments and industry use Kevin and his team to you find the holes before the real bad guys do and we're going to see some actual hacks today so ladies and gentlemen may I introduce to you the chief hacking officer of no before and the world's most famous hacker who I'm also proud to call my friend please welcome kevin Mitnick thank you very much how's everybody doing fantastic great to be here so so we're first of all before anything else when you're a hacker you are kind of relying on the internet and internet especially in downtown is somewhat spotty so we're having a few demos here to do rely on the Internet if it works everything goes fine if it doesn't we flip over to another demo so back up back up back up back up we do it depends on Verizon in this case and how well it performs so this may be a bit of a fluid situation but first we're going to ask a few questions because most people are interested in well how did you get where you were so so Kevin how did you get started in this business well when I was a young kid I was really fascinated with magic I used to ride my bike to the magic store on the weekends and after school to watch the guys in the magic shop perform the tricks over and over and over again because I always wanted to know the secret so when I got to high school I met this kid who can do magic with the telephone he was involved in the hobby called phone phreaking that's kind of the predecessor to computer hacking in fact Steve Wozniak read an article the 1971 edition of Esquire magazine and the article is called the secrets of the little blue box and with this blue box get him admitted certain from what we called multi frequency tones and you could actually control the phone system and Steve liked doing things like calling the Pope jobs have the idea maybe we can make some money with this so they actually built these boxes sold them on Berkeley's campus and with the revenue they generated they bought were able from that revenue buy the components to build the first Apple one board I however went in a different direction I was more of a prankster so I like doing things like changing my friends home phone to a payphone so whenever his parents try to make a call say please deposit 25 cents that my friend would call me all upset change it back change it back and I change it to a prison phone collect calls only but so another kid introduced me to the computer science instructor thinking that I'd be interested in computers and the the Comp Sci professor started asking me have you had calculus have you had physics that you had all these prerequisites are you a senior at the time I was a junior and I hadn't taken those classes yet so he said you know I don't all if I'd have to try next year and then my friend said show mr. crisp which you could do with the phone so I should start showing him all these tricks that I was able to do like we'll call one I can call one number a friend can call another and we've secretly be joined I had a secret number that you can dial and you put in the code you can call anywhere for free and then and the instructors had a phone in the computer lab and he wanted his wife to be able to call him Andy and the number wasn't on the phone he said could you get that number and I have the secret number you could dial and the computer would read back what number it is and so he waived the prerequisites allowed me in the class and he probably regrets that decision today so the first programming assignment he gave the class was to write a Fortran program to find the first one hundredth of the nachi numbers and at the time I thought that was quite boring and let me go back in time late nineteen seventies we had an Olivetti 110 baud terminal that's 10 characters a second we dial up to a PDP 1134 running risk to see an old operating system manufactured by dec and how we we did we dial-up we put the the phone cradle in the acoustic coupler modem and that's how we would log in that's back in the day and I realized that the instructor never hung up the phone to log in here just typed hello put in his credentials and he was done he typed by and the students and the instructor used the same system same terminal so I have the idea what if I could write a program that could simulate the operating system so when the teacher went to log in rather than him talking to the operating system he's talking to my program and I could take this password stored in the file log him in so in the late 1970s I created a fishing program actually it was my first program I actually were ever it and then it came time I was able to get his credential it was actually John Coe Jo HN CEO and his name was John Crist not a difficult password so then it came time to hand in the assignment he's walking by everybody's desk people are turning in their assignment he gets up to my desk I have nothing and he goes where's your assignment I said I didn't have time to do it he says I stuck my neck out let you into class you're not even doing the work I said I wrote a cooler program he goes what are you talking about I go is it your password John Co me like Joe's shocked because how did you get my password well I wrote a program to steal it here it is they turned in that program gave them the source code he got a huge smile on his face got excited wrote the code actually on the board at the time and patted me on the back and gave me a lot of attaboys so this was the ethics taught the young evident that is cool to hack that's how that went very sorry yep that's how it started people are always surprised to know you still hack aren't they pretty much you know I still have don't tell anybody but I do with authorization so companies hire myself and my red team to test their security whether it's physical whether it's you know wireless systems you doing technical types of computer network exploitation social engineering which I'll get into in a moment basically all the initial all the attack vectors that could be used against your business we test the security controls to see if we can find flaws and of course report that to the client so they can fix the bugs exactly so what we do here is a somewhat limited version of kevin's magic show but can you give the audience a little taste of what we're going to see today sure what one area that i love testing that people don't really think about is physical security how do you get into the building because once an attacker you get into the building even though workstations are locked we have ways to access them through what we call direct memory access attacks so first of all how do you get into the building I was tasked to break into one of the three large credit bureaus there's only three Experian Equifax and TransUnion and I was hired by one of those to break into their facility to see if I can get into their data center and what I did the information reconnaissance stage I learned that they used access cards to get into the building now all of you when you have to go into the office after hours or even access to your building used cards or keys cards are keys cards right so the I'd say is a global provider of access card technology the largest provider is a company called hid hid in fact I have a hid reader here and for this demonstration I'd like to know if somebody in the audience could let us borrow your hid card because I actually want to show you how this works yeah can you walk up on the station give this guy hand for thank you for switching computers great well not all his cards are created equal that's a said I class let me see let's see if it even reads it one second because there's different technologies so first we're going to try his see if I could read it we can so you don't hit D Finnell sit down and I'll call you back up to go grab it so the magic part it's a site ID in the card ID if we can get those two pieces of information we could actually clone the card open the door so how does an attacker remotely able to steal your credentials well for this credit bureau I'll tell you the second part of the attack once that people have reached the building and they used hid too and I'll get to that in a bubble um I first early had access to the floor the only thing on the floor was doors with hid readers and the rest room which didn't require a hid reader so I to hide out the rest room and when some guy went to use the urinal I was actually able to remotely steal his credentials because I was able to get close enough to him we go to extreme lengths believe me so let me actually show you how this works so we have this device called the proxmark 3 and this device could read cards from 3 inches away so what I'm going to do is armed it and do you actually use this device do you hold it next to somebody no that's all would you step back as somebody's holding that too you know what you do is you conceal it in like the laptop sleeve so here it's like this doesn't this look fair would you be threatened if somebody's walking by you with this or if you're in the restroom standing here and I think it closely you're busy doing something and you could steal the card so how does that actually work so let me see I'm going to use one of these cards first then we'll use Nathan Elle card Nathan Elle's guard for the other attack so we have a hid card we see this site ID is 1 1 3 and the card ID is 5 4 7 7 imagine the targets here we just get that close take the device out and then I what I do is I put it in the play mode so now let's get this light lit right so now this device will actually be the same as that card so I put the device here and so same card ID and side ID is the card that I stole so with this I was able now that I had access to the floor to get into the actual suite of the credit bureau where their data center was but I know all of you are thinking there's no way I would let anyone within this close personal space don't worry we have a solution for that we have another device this device is a hid reader that reads your card from 3 feet away so do you carry this around and walk around and read people's cards no you put into a backpack it has a micro SD card in there so it writes the credentials to the card has a Bluetooth module so it actually transmits it to my iPhone so how does this work put this down let me let you see what the display looks like so there's the actual display so this 3 feet away so if we get far enough away could be some radio interference let me turn it back on sometimes what happens is we try with Nathan else card first because I think this is AI class I'm not sure it will work like yeah so Nathan else card we have facility 53 card ID 50 51 203 so we're able to remotely steal anybody's credentials from 3 feet away I took this to the RSC security conference last year put in the backpack walked around the vendor hall and was able to get a hundred and fifty eight cards right very easy to do so how was I able to get to the office suite of the credit bureau it was in a very large building multiple tenants multiple floors I think it was like at least over 30 stories what I had to do is set up an appointment with the leasing office under the pretext that I was gonna lease office space so shelf item I'm a nice suit I am the young lady that was at the leasing offices walking around she's showing me the different Suites that are available and I'm negotiating price with her how much is it for a five-year lease how much is it for a ten-year lease you know how much how much how much funds do I get to improve the property I'm trying to get our mind off security and in you know and she's walking and she's three showing me all these different places um I'm carrying my daily planner and then I asked her how many keys do we get I have 50 employees she goes her you know we don't give you keys we give you cards and I see one dangling on her belt right I go oh and she shows and she kind of turns open shows it shows me the card on her hip I said could I could I could I see that so she handed me the card I see her picture I go oh that's a cool picture and I hand it back that's within a second which he doesn't know is I have a hit reader in here same able to steal the credentials but what's cool about this hid reader and this is Nathan lstart oh how that happened let's put those back we're gonna switch back to the system here so here's Nathan Elle's card 53 is the side ID card is 52 103 then what I'm able to do is take an empty card hid card put it here nothing it's just basically blank and put it onto my device hit one button and this becomes a clone so now this card is the same as Nathan Elle's card so what I was able to do is get access to the entire building especially the freight elevator got to that floor level hid out in the restroom used the proxmark 3 was able to get an employee's hid credentials was able to breach the data center and once I got inside was able to compromise all their IT just because we're able to violate physical security so first Nathan oh let me give your car back so you have to be concerned about your physical security as well as your IT security thank you for thank you again if you ever lose that card here's our backup yeah you get to plate Ocean's eleven there you go all day long how do you prevent this how do you prevent it it has different technology they Fidel's using props there's I class okay there's s E and the thing is an SD card with se we can read the card remotely with those long-range readers but we can't still we haven't cracked how to write an SD card so if you have hid technology make sure your reader is se only that it's not backwards compatible to I class or procs and that way it mitigates that type of risk that I was able to show you today so se no work tho backwards no backwards compatibility se readers only very good excellent so the next thing is what would happen if someone gives you an assignment to get into an workstation but from the outside outside how will you do that there's two methods that are the best for it from an attacker perspective at compromising a business one is exploiting app sec bugs in internet basing web applications and the second is good old social engineering so I'm going to demonstrate a social engineering attack and imagine think of this weapons if I want to compromise a law firm and I call the law firm I explain I have this case you know you know it could be a divorce case it could be a current well not a criminal case I don't like those anymore no divorce case and I talked to you know the secretary she's going to you know put me in touch with the partner but I want to send them all these dogs and I say well I'm going to send you my case file it's in a PDF and what are the chances that the partner secretary or even the partner himself or herself will open up a PDF file especially if the antivirus on the gateway of the company and on the endpoint basically says that file is okay what are the chances so I'm going to show you how we do this hopefully the internet will work so we're going to go back to computer - so weird every time I like switch computers it actually like puts it in the screensaver mode so over here on this computer in this white screen this is what we call a Trojan listener and when the attacker successfully exploits the target we're going to get a connection here which will give us full control of the victim computer over here on computer one come up paragraph here we have over here a netbook running the windows 7 OS updated the patches last night and I have a McAfee Antivirus here and I updated the virus definitions actually last night as well so this kind of represents what we still see in businesses I don't see a lot of Windows 8 and not a lot of Windows 10 deployed I still see Windows 7 and unfortunately Windows XP so imagine the target gets an email and there's an attachment here's a file called build mount we're here dot PDF so just based on the name you could trust it right no so let's actually check with the a/v product we're going to right click it we're going to scan for threats we're going to continue and it says it's not found I'll blow this up for you a little bit make it a little bit larger you can see that the a/v product basically said it's a clean file we could bypass any what we call PSP personal security products it doesn't matter what AV it is it could be bypass so what we're going to do is we're going to go ahead and we're going to go ahead and have Wireless here that we're going to go ahead and open the file and because of how this is working it's going to have the property of like when somebody opens it like freezes so if you try minimizing it doesn't do anything if you try maximizing nothing okay and then it finally closes well now the rootkit is actually installed on this machine so the if the IT department tries to look at processes the registry or network connections is actually invisible because we modified the operating system if we go back to the attacker computer we will have something that comes up here this is a Trojan with this Trojan we could steal your keystrokes so when you log on to websites or you log on to like you know like let's say your bank or internal applications we could steal your credentials we could actually if the users away from their computer enable remote desktop and actually control their machine what about laptops what a laptops have that's kind of special built-in microphones so we could enable the microphone and your laptop becomes a room bug so when you bring that into the board meeting the attacker gets to listen to whatever is said in that board meeting what my favorite is is actually turning on the victims webcam so I can see who I am so let's go ahead and do that so this going to spy functions will put in a webcam capture will hit start I'll make this a little bit bigger for you I'll do that for you go ahead in front of this computer and now we could spy hello on the victim right as we see them this is on the attacker machine right so the bottom line is you don't want the software or that's malware what we call malware in the business as an implant a lot of times when we install these in flames instant memory only it's not on disk it makes it very difficult for your personal security products to detect and again all PSBs could be bypassed so this is kind of a an example of types of Trojans but in the real world we're really using command-line we don't really use these points and click type of GUI interfaces so there you go let me actually on I don't like this on my computer so I'm going to stop it I'm going to uninstall it and one other thing we could actually do that I didn't mention is if any of the any users have stored their credentials in Internet Explorer Firefox Chrome Safari we could actually extract your credentials that you've stored because the Crips store and basically you know have access to whatever credentials that you have saved again once the attacker puts an implant on your machine it's usually game over yeah and that it's just some employee in any kind of organization double-clicking on a PDF and that's the only thing it takes we have a few minutes left and we were just discussing wanna cry ransomware a little earlier would anyone like to see they wanna cry ransomware actually in action the real deal yeah let me show you how actually how this works so how what a cry spread was there as a Windows service called SMB okay normally companies do not have SMB exposed to the Internet however it's a shame but I'll show you real quick is there's a site called Shogun that basically were told on one second where there's been scans of the internet essentially and what we could do is we could look for certain types of information so what I'm going to do is look and see what have any systems out there have port 445 open so I'm going to do a search here and we look it's 1.6 million or in the left hand corner so does those that's how many systems out there could be consumer could be business have four four four five up and then well what I did is it exploited an NSA exploit called internal blue and how its spread was by gaining access to SMB exploiting a software flaw in the SMB network service and then the payload was actually the ransomware and we all know it ransomware is it's basically a type of malware that encrypts all your files and then will pop up a message basically demanding payment or you don't get the key to unlock your files so actually how does this actually work so I'm going to close up showdown leave this and while you do that yeah this wanna cry was actually the very first not the ransomware it was ransomware but it was the first ransom worm this thing spread like a traditional computer worm which is if you remember there have been earlier once these things are automated and they can spread in ten minutes through the whole internet and that's the kind of thing that that we saw the North Koreans are supposedly behind this one and let's see how it works actually because the shadow brokers had dumped or leaked a bunch of NSA basics NSA cyber weapon cyber weapons from 2013 anybody could have wrapped those exploits around a worm it reminds me of about 10 years ago when David Litchfield another security researcher found a vulnerability in Microsoft sequel and when that was publicized somebody wrapped that into a worm in it became sequel slammer so it's very similar so basically here I have even ever you know how this attack would work in real life is you know it again require some setup this is contacting the target company maybe via email may or telephone and trying to set up an appointment and normally you know people use free conference com they use goto meeting so it's very normal when you're expecting it to get an invite to go to a conference meeting you know go to meeting order the other ones a free conference calm yeah there's a few of them out there so here I'm logged into one of my email accounts and I have an invite for the cyber investment discussion at 9:30 today I'm probably running a little bit late but we'll open it anyway well there's a second movie there we go and over here is basically the typical thing that you normally see you know you have the access code you have the hyperlink to the go-to meeting site and normally people do is click on the hyperlink in the email to go ahead and join the meeting so we'll go ahead and do that and then we get to go to meeting I forgot what the code was but we could go back whoops and we'll get the meeting number here we'll copy it we'll go back we'll paste it in and we'll join the meeting and before you can join any meeting whether you're on a Mac or whether or Windows the go-to meeting opener as you click run to start the meeting so we'll go ahead and do that click run it's running a scan I don't want to do autocomplete and we'll wait let me actually minimize this this will take about 60 seconds and what the trick here was is that wasn't really GoToMeeting what I did is I registered a domain called go to meeting us comm which looks like it's really go to meeting but it goes to one of my sites and on my site I host the payload for the wanna cry worm so here we go it's encrypting the files and I got the pop up this is the real world right here that's on this virtual machine and it basically warns me that I have to make payment by such-and-such time I don't do it in two days and you know 23 hours the price goes up and if you don't do it in six days you lose your files forever so fortunately these security researchers in France maybe a little bit too late one of these brilliant researchers realize when you when the victim is infected with one a cry it actually you could extract the prime numbers that were used to create the RSA which is an encryption ok RSA decryption key to actually decrypt the files but that requires that the victim doesn't reboot their system because then that those keys are lost in memory so now this machine is completely infected if I take a look at it we'll bring up what we call a Windows shell we'll do a directory and I'll enlarge this let me go to the desktop actually oops it keeps popping up this annoying ransom thing but if we like take a look we see these files with a WM c ry extension those files have been corrupted yeah right and those were originally normal normal working files those are this is a real infection here so what are the three things that you recommend it companies do to prevent this from happening well as far as our social engineering security awareness and training which everybody already knows but I heavily well I rigorously recommend I'm actually work with Stu um this is actually inoculating your employees and your contractors against these type of phishing attacks and how do you inoculate you know kind of give I give a give it like the flu shot and hopefully your body build enough antibodies to fight off the real flu is you actually attack your own employees but I recommend that you don't attack them without giving them notice because you don't want to reduce employee morale you want to let them know they are tested time to time to improve the security of the business and when they're tested when they fall for these types of attacks rather than getting something like wanna cry what what happens it gives a splash screen right letting the employer contractor know that they made a mistake and that becomes a very teachable moment so now we could train that user on this is the type of attacks that are in the wild and this is what you need to look out for so over time people become inoculated in my mind now is there someone that could still fall for it yes but at least we reduced that percentage of course you layer this with other type of technologies that hopefully detect implants and types of implants that attackers you know use in the wild but unfortunately again we could bypass every PSP update your third-party software not just your operating system but like how I did the PDF exploit I exploited a vulnerability in Adobe 11 and through an exploit exploitation of this vulnerability I was able to get what we call remote code execution and was able to actually install my own software so Adobe 11 had been patched so what's important is all third-party software be patched on your users desktops how can you do this there's a product out there I think it's free called personal software inspector and what it does it looks for third-party apps not your operating system but Java Adobe messaging services like ADM and trillion these types of third-party apps and make sure that you are keeping those up to date finally firewall rules whenever an attacker puts it in plan whether it's in memory or on disk of whenever your users guess what that implant must communicate out to the internet to the attacker c2 server what c2 command-and-control server so why is this successful because companies are really good while IT departments at setting up firewall interest rules what's allowed into the company usually only port 80 and 443 which is its Web Services but they don't do such a good job on egress rules they allow too many services out say port 53 which is DNS or SSH or remote desktop which is on port 3389 and then the implant can connect to the attacker ctc to server over these ports so it's important that your IT department reduce the amount of egress reports and anything that's allowed out shall go through a web application proxy because it makes it more difficult for the attacker is there implants out there that a proxy where yes but the whole idea here is we're trying to raise the bar and mitigate risk very good thank you Kevin thank you Stu you bet and by the way if I see you out there I have a cool gift I brought for everybody it's my card and what's unique about my card it actually has a tool set it's not dental tools by the way this is a lockpick set so if you lock yourself out of your home or office just think of kevin Mitnick and i'll open the door for you absol thank you we thanks very much Kevin before we go I would like to give one quick shout out to mr. John ray fuse over here he's Kevin's agent for speaking and endorsements he set this up at the last moment John is the Jerry Maguire of cyber and if you want to work with Kevin he's the guy how did I do okay thanks you will see me right after lunch where I will be in the panel and we'll talk about the work that Kevin and I do with security awareness training so thank you very much and we're going to break down this very quickly and we're getting ready for the next speaker thank you so much thank you [Applause]
Info
Channel: Cyber Investing Summit
Views: 609,191
Rating: 4.7310658 out of 5
Keywords: cybersecurity, hacking, hacker, Mitnick, investing, conference, summit
Id: iFGve5MUUnE
Channel Id: undefined
Length: 36min 29sec (2189 seconds)
Published: Mon Jun 05 2017
Reddit Comments

I remember the little box that gave me free phone calls.

👍︎︎ 1 👤︎︎ u/shenaniganfluff 📅︎︎ Aug 15 2017 🗫︎ replies
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.