send, a pdf file, and that employee opens it, the game is over. the hacker is in. that only takes one employee to make a mistake. kevin, of course. that begs the question, is there any way for a company to be 100% protected? target says this problem was fixed, this one hacking incident. how do you protect against it if it s as simple as one employee opening one pdf? it s about people, processes and technology. companies have to harden their systems, harden their technology. they have to train their people. and actually to inoculate their staff against these social engineering attacks. one of the best ways of doing that is doing mock attacks against your employees to see who s susceptible to this type of who s susceptible to this type of attack and train those people specifically. from your experience, do you think they ll be able to find the hackers or do you think they have to fix the problem and move
identify how hackers stole information from 40 million credit and debit cards over the past couple weeks. they say the security problem is fixed and a dedicated team is working with law enforcement to try to find the hackers. what can you do to protect yourself and how did they pull it off? we talk to a former hacker to try and explain. this is fascinating and scary, kevin, i must say. the more and more you re learning that we are learning about what happened at target, how do you think they pulled it off? can you help explain this? well, i think there s a couple of ways, first of all i think they got malicious software into their point of sales system. how were they able to do that? it could have been an insider. the hackers could have found a security flaw within any web application that the internet has access to. or good old-fashioned social engineering. you asked me what is especially engineering? that is where a hacker can send
affidavit, they ll take that charge after your credit card. however, when you use a debit card, if you don t catch that transaction within a certain period of time, you might be liable for it. one thing i would do, always use a credit card. check your credit card statement and in this particular case, the fraudsters actually stole your credit card information or consumer information actually in a brick and mortar store, not over the internet. this is even more scary where you go into a physical store and your information is stolen. unfortunately, the consumer doesn t have much control of that. the only thing a consumer can do is detect when they ve been defrauded and remediate it at that point. handle it quickly. that seems to be the first thing you need to do. kevin mittnick, using his talents for good, which we like to highlight. ceo of mitnick security. thanks, kevin. thank you for having me on your show.
how does social media factor into all of this? does it at all? it kind of does because when the bad guys are looking to break into your email account they can leverage information that s on social media and sometimes guess your password reset question. for example, if your password reset question is the name of your pet and you re on facebook posting pictures of your pet, obviously, with its name someone will figure that out. in fact ? keep going. there was a guy that hacked into the email of several celebrities. i think this was one or two years ago, they thought that he had some, you know, secret vulnerability to break into their iphones. it turned out he was simply hacking into their email accounts by guessing their password reset questions based on information that was in the public domain. all this guy did was use google. oh, my goodness. yeah. i kind of love you, but i don t know how much i love you right now kevin mittnick. it certainly is a wake-up call
internet is. those attacks have been minor so far. who knows what we ll see tomorrow. joining me now is the world s most famous former hacker, kevin mittnick. did prison time for his exploits in the 1990s. now he s a sought-after consultant. good to talk to you. first of all, hackers really are not hackers are people who like meddling with computers and inventing stuff. it s a fine line to some people whether they re good or bad. right. i mean, hacking is a skill. and some one definition of hacking is people that like to get around security obstacles and fund hoind holes. some of those hackers exploit them for mischievous or malicious purposes. it s really hacking has many different definitions. all right. let s talk from your perspective, as a guy who s done this before, what s the psychology behind this? at one point, it was wikileaks getting access to information and putting it out there in the