Jewish World Review
http://www.jewishworldreview.com | (KRT) The biggest danger of hackers comes not from massive coding assaults but smiles and conversations.
Take it from Frank Abagnale Jr., the scheming boy wonder turned FBI instructor whose life of deception spawned a book and Steven Spielberg movie, "Catch Me if You Can."
Between the ages of 16 and 21, Abagnale – who benefited from a fountain of charm, a photographic memory, prematurely gray hair and a 140 IQ – masqueraded as a Pan Am pilot, supervising resident doctor, Louisiana lawyer and college sociology professor. In that time, he also managed to cash more than $2.5 million in bogus checks.
The reformed con man was in Chicago last week to pitch for Novell Inc. The security software and Web development firm is jetting Abagnale around the country (he's nowhere near the pilot's seat this time) to recount some of his wild adventures for executives working in technology security and information management.
Abagnale rarely mentions Novell during his talks – and doesn't have to. The need for tighter computer security in offices and homes becomes painfully obvious.
"What I did in my youth is hundreds of times easier today," Abagnale said. "Technology breeds crime."
Abagnale blames man more than machine for the security breaches that contributed to more than 17,000 cases of identity theft reported last year to the federal Internet Fraud Complaint Center alone. Employees give away too much information over the phone, he said. They open doors for unauthorized visitors. They fail to cancel computer passwords and voicemail accounts the minute a worker leaves the company.
Abagnale also said businesses open themselves up for trouble by producing slick corporate brochures. Using today's high-resolution copiers and printers and illustration software, it's a snap to forge an executive's signature or to lift a university seal or company logo.
"I often ask myself, `Where the hell were these people when I needed them?'" Abagnale said.
His perspective is consistent with the jaw-dropping stories shared recently with a group of local network administrators who attended Ernst & Young's annual Extreme Hacking boot camp. The accounting firm's "white-hat hackers" are consultants specifically responsible for breaking into clients' networks to reveal security vulnerabilities.
Before delving into the nitty-gritty of computer codes and individual systems, instructors spend plenty of time discussing the "social engineering" hackers use to accomplish their nefarious missions.
A clean shave, pressed suit and winning smile is all it often takes to gain entry to a business. A smoking habit can also come in handy because smokers are usually generous door-openers. And an attractive woman willing to run interference with mostly male IT departments never hurts, E&Y consultant Patrick Hynes said.
Hynes said he and a "very pretty" female co-worker showed up several mornings in a company cafeteria. They smiled at everyone, introduced themselves and explained that they were visiting "on business." Soon, someone opened a door, allowing them to roam through the building until they found an empty cubicle from which to set up a laptop.
Hynes said his co-worker often flirted with the IT staff, giving him enough time to use a wide range of technological tricks to download sensitive corporate information. The duo worked in the office for two weeks before they were detected.
It was one of the few times a client has caught on to him, Hynes said. Typically, he's the one who works in secret and slaps his highly sensitive findings on an executive's desk – like the day just a few months ago that he presented a bank president with screen shots of the financial summaries of some of the bank's celebrity customers.
"It's too easy," he said. "People want to trust other people, and they really shouldn't."
Abagnale couldn't agree more. Identity theft, he said, is a "huge, huge problem" – and "one we haven't begun to scratch the surface of."
Abagnale, a security consultant, said he encourages his corporate clients to buy software that sharply limits employees' access to customer data ("Why should a bank teller have access to every shred of information about every one of the bank's clients?" he asked.) and to terminate a worker's computer access with the click of a mouse.
For consumers, Abagnale recommended a security service he uses: PrivacyGuard. For about $110 a year, he said the company will contact him by e-mail, pager and phone to inform him the moment someone runs a check on his credit history. He said the company also provides a complete credit history compiled from all three national credit bureaus.
To top it off, Abagnale said he also carries a $25,000 insurance policy to cover any losses he may incur should someone steal his identity.
Appreciate this type of reporting? Why not sign-up for the daily JWR update. It's free. Just click here.
Comment by clicking here.