Famed hacker and computer security consultant Kevin Mitnick has seen quite a bit in terms of online security - or a lack thereof. In a Q&A interview with IBTimes, the author of Ghost in the Wires: My Adventures as the World's Most Wanted Hacker talked about current technology events and gave online protection advice for the Average Joe.
What did you think of the celebrity phone hacking scandal?
It turns out that the FBI had identified an individual in Florida and this person did not hack into their phone, he simply was able to hack into the email account. The hacker was able to get access to photos from the email account and not the actual phone. The celebrities that this guy was hacking into chose passwords that were easy to guess so it was a very simple type of attack. Apparently this guy did research through social networks and Wikipedia and was able to figure out their passwords. So it actually goes to show you that these celebrities kind of choose very easy to guess passwords associated with their real life that led to their compromise. I was expecting some sort of technical sophisticated attack that was clever and instead it wasn't.
What do you think of the group Anonymous?
I don't think at the end of the day they get what they want. But I don't think it affects any real change in the world and I think the only real change is that they become a higher priority on the government's list to prosecute. I guess it's a new form of civil disobedience. And they probably don't consider what they're doing wrong. They look at it is as a means to an end to support their cause. They have particular issues, like for example with BART. I think it's a tactic used to garner a lot of media attention and therefore their message is actually now being sent by the media which is exactly what they wanted in the first place. Exposure. So they get their message out but then what positive change results from it? I don't see much. I see BART calling the FBI and reporting a computer crime but I don't see BART changing anything to be more secure, to try to prevent disruptions.
What are some common mistakes people make when it comes to security?
One of the biggest mistakes is using the same or similar password on multiple sites, for example.
How do you know when you've been hacked?
Sometimes you never do. The best thing to do is always keep randomly generated passwords everywhere and use a password tool to manage it and then you don't have to remember those passwords at all, just the master password that unlocks the database.
What are some prevention tips for the Average Joe?
Using a password manager. A lot of people use open wireless networks at a coffee shop and at an airport. That's definitely risky. Use a virtual private network service for ten or fifteen dollars a month. Using VPN service is, I think, very important when you're using open networks at hotels, coffee shops, etc.
How can we keep our Facebook accounts secure?
There's a feature on Facebook where you can enable security that checks the device you're coming from. By default these features are likely off but as a consumer you can enable them.
How can we be secure with a Blackberry or an iPhone?
One recommendation I have at least with the iPhone is using a longer password than four digits. As far as protecting your email on your phone, again I would be cautious if anyone sends you a link. I'd be cautious about opening it unless you're expecting it. It's the same on the computer space. You have to be wary of clicking links and opening docs.
How strong is your computer protection?
I keep my stuff updated all the time. Being in the security industry, I keep up to date with securities.