This week were hired consultants working on one of the many attacks orchestrated by the infamous hacker Kevin Mitnick. Here’s the extract from our textbook
Group Project: Breaking into Sprint’s Backbone Network
Read the assigned Case Study at the end of Chapter 2 of the textbook. Work with the group designated by your Instructor as if you are hired security consultants. When you have reached consensus as a group, create a report to document the following:
- What procedures could help prevent a similar breach of security at your organization?
- Phishing is usually associated with identity theft, but could this tactic also be used to gain information needed to circumvent security controls?
- Many social engineering breaches involve using what is believed to be insider information to gain the trust of individuals in an effort to obtain confidential information. Test your ability to obtain what some might consider “insider information” using a search engine to find contact or other useful information referencing your organization.
Case Study: Breaking into Sprint’s Backbone Network
Many of the technical controls put into place can be circumvented with a simple phone call. Recently, famed hacker Kevin Mitnick demonstrated this by breaking into Sprint’s backbone network. Rather than mounting a buffer overrun or DoS attack, Mitnick simply placed a call posing as a Nortel service engineer and persuaded the staff at Sprint to provide login names and passwords to the company’s switches under the guise that he needed them to perform remote maintenance on the system. Once the password information had been obtained, Mitnick was able to dial in and manipulate Sprint’s networks at will. Many people believe this was an isolated incident, and they would not fall for a similar act of social engineering, but Mitnick gained notoriety during 1980s and 1990s by applying similar techniques to computer networks around the world. Mitnick’s more notorious crimes included accessing computer systems at the Pentagon and the North American Aerospace Defense Command (NORAD), and stealing software and source-code from major computer manufacturers. Kevin Mitnick was arrested six times, and has been networking as a consultant specializing in social engineering techniques, having “gone straight” after serving a five-year sentence for his most recent crime. He even has authored several books regarding social engineering including The Art of Intrusion and The Art of Deception