| ▲ | mcfunley 6 hours ago |
| I worked at a company that had hired Mitnick as a security consultant. His report for a client that turned out to have been rife with SQL injection at the time was largely movie plot physical security stuff. Not wrong exactly, but not the center mass of the threat model they needed either. He seemed to lack systems thinking, producing a report that focused on calling out specific employees as dumb or incompetent. Counterproductive at best. It seemed like his PR exceeded his utility by a great deal. That trend continues beyond the grave, maybe. |
|
| ▲ | skeaker 5 hours ago | parent | next [-] |
| In all fairness, a genuine attacker WILL be abrasive and abusive. They WILL single out employees that are gullible and exploit them. It's not pretty because a genuine attack is not pretty. Of course a simulated attack will be indecent and discourteous in nature, that is how attacks are. |
| |
| ▲ | wjnc 24 minutes ago | parent | next [-] | | Yeah, this is a part about itsec I don’t understand in my firm. They run social engineering tests, but never notify management when individuals fail, only in general terms. While being psyopped needs to be activelly discussed among coworkers imho. | |
| ▲ | 3 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | deepsun 2 hours ago | parent | prev | next [-] | | Not necessarily WILL. I've seen awesome attackers who were mostly checkbox spreadsheet clerks. Friendly, methodical, boring, expert. | |
| ▲ | 3 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | bawolff 3 hours ago | parent | prev | next [-] |
| Isn't he famous for social engineering/physical security type things? If you hire an expert in X, you are probably going to get X. |
| |
| ▲ | mcfunley 3 hours ago | parent | next [-] | | Yeah I agree, caveat emptor and all that. The blameful framing is bad work product though. | |
| ▲ | rixed an hour ago | parent | prev [-] | | Isn't he famous for getting caught? | | |
| ▲ | teo_zero an hour ago | parent [-] | | Getting caught didn't make him a superstar. Telling his techniques in books and public speeches did. |
|
|
|
| ▲ | leetrout 5 hours ago | parent | prev | next [-] |
| Dude I was called out by name in the report either right before you got there or the first one you were there. I was called out in the one where they got B's Audi keys in his office. Whole thing was so dumb. A floor full of smart monitors that they could have put a keylogger on. A plethora of physical network access and I get called out for leaving my laptop on the lock screen and going downstairs for food. And they got found out because I ran little snitch I paid for myself and it caught their hijacked chrome making all sorts of weird network calls. But I don't remember being given credit for that. (Sips mojito) |
|
| ▲ | firebot 4 hours ago | parent | prev | next [-] |
| He mostly used social engineering. Not technical exploits. So that's how he succeeded. Call it crazy, but it worked. |
| |
| ▲ | fma 2 hours ago | parent [-] | | Why hack a password when you can get the employee to just tell you. | | |
|
|
| ▲ | 6 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | the_af 6 hours ago | parent | prev | next [-] |
| Kevin's security company is also a mess, and the training videos they produce are embarrassing at best. I understand he probably just lent his name to the company (though he did show up in some of the videos), but still... |
| |
| ▲ | anthk 6 hours ago | parent [-] | | This is what happens when the 90's PC community renamed crackers as hackers. Proper hackers would have been the ITS/WAIS ones doing crazy things with computers for its era. |
|
|
| ▲ | esikich 4 hours ago | parent | prev | next [-] |
| "He didn't breach us the way we wanted him to do it so it was dumb." Idk man, sounds like you locked your doors but left the windows open. That's the point of these things. |
| |
| ▲ | mcfunley 3 hours ago | parent | next [-] | | The point is really after working through remediations, there were pretty massive issues remaining that weren’t hard to find and were relatively vastly easier to exploit if the attacker is a Russian teen and not Bruce Lee. And the budget for such things was blown. Priorities, etc | |
| ▲ | murderfs 3 hours ago | parent | prev [-] | | "a client that turned out to have been rife with SQL injection" sounds more like they left the doors open, but the report focused on the lack of security bars on the windows. |
|
|
| ▲ | ActorNightly 2 hours ago | parent | prev | next [-] |
| I mean, the landscape changed quite a bit since early days of what Mitnick did as a blackhat. He did his best to adapt and make money, which given his prison term, isn't really that surprising. |
|
| ▲ | lern_too_spel 6 hours ago | parent | prev | next [-] |
| He social engineered your company into contracting him, and that adds to the legend, but people don't see how many other companies he failed to social engineer. |
|
| ▲ | topham 6 hours ago | parent | prev | next [-] |
| The hero worship of him makes me physically ill, always has. He did cost people their jobs though, so I guess he's a good person. |
| |
| ▲ | deepsun an hour ago | parent [-] | | It's like we don't have any messiah's today that are mediocre professionals at best. |
|
|
| ▲ | kingforaday 6 hours ago | parent | prev [-] |
| > "He was a hacker-turned-security consultant who, later in life, helped shape the modern white-hat." They left out convicted criminal. |
| |
| ▲ | firefax 6 hours ago | parent | next [-] | | I have so many stories about his absolutely terrible behavior at conferences. He once refused to pay the entry fee to a charity event and had to be physically ejectedy. Absolutely better at PR than any actual work, pay careful attention and none of his early stuff was particularly novel, from a technical perspective. But for whatever reason, we venerate him just because he was victimized by the state. The world is not a dichotomy -- sometimes bad things happen to bad people. | | |
| ▲ | colechristensen 5 hours ago | parent [-] | | He got all of the "Free Kevin" attention because of how long he was left in jail before trial and then being stuck in solitary confinement after sentencing for months. If he had been treated fairly by the justice system he wouldn't have gotten nearly as much attention. He was also autistic, a lot of the behavior can be explained through that lens. | | |
| ▲ | firefax 5 hours ago | parent [-] | | >He got all of the "Free Kevin" attention because of how long he was left in jail before trial and then being stuck in solitary confinement after sentencing for months. That was uncalled for on the part of DOJ. >He was also autistic, a lot of the behavior can be explained through that lens. I'm autistic. Maybe I should go commit a bunch of felonies to increase my chances of a good job and stature in the hacker community, since things like publishing code, publishing peer reviewed papers, and mentoring newbies have not been productive ways of finding gainful employment nor respect of my peers. I have friends who did things like take a gap year to travel the world or met their spouses on nights I stayed in to study, and some evenings when browsing HN I feel very sad that I wasted my 20s on a society that does not care about me. Anyways, sorry to wall of text, but what you said really struck a nerve with me -- there are hierarchies in any community, and one thing I've noticed with the hacker scene is one group of people can mess up over and over using the same sets of facts or diagnoses, but others can expect to have worse outcomes with better behavior for reasons that elude me to this day. | | |
| ▲ | coryrc 4 hours ago | parent | next [-] | | > I have friends who did things like take a gap year to travel the world or met their spouses on nights I stayed in to study, and some evenings when browsing HN I feel very sad that I wasted my 20s on a society that does not care about me. I'm glad you have finally recognized the problem. Stop living for your idea of others and start living for yourself. | |
| ▲ | colechristensen 4 hours ago | parent | prev | next [-] | | Kevin was famous for being mistreated by the DoJ and writing some books which were perhaps not particularly true in hindsight. After he got out of jail and rejoined the community he lost a lot of respect for being himself, though it's not impossible that years of imprisonment and a long time in solitary had some permanent negative effects. In other words... you shouldn't envy Kevin's life. For the rest: nothing's stopping you from having fun, regardless of age. | |
| ▲ | lnxg33k1 3 hours ago | parent | prev [-] | | It's good that somewhere the quality of work is rewarded more than the quantity |
|
|
| |
| ▲ | ActorNightly an hour ago | parent | prev [-] | | You act like thats a bad thing given the nature of his crimes. If more people strived to be like Mitnick today, the tech world would have a lot more power. |
|
