Newspaper article St Louis Post-Dispatch (MO)

High-Tech Computer Attacks Still Rely on the Human Element, Experts Say

Newspaper article St Louis Post-Dispatch (MO)

High-Tech Computer Attacks Still Rely on the Human Element, Experts Say

Article excerpt

ST. CHARLES * The methods hackers use to gather sensitive data are surprisingly low-tech.

Like less-sophisticated cons, penetrating a company's computer system relies on smooth talking and good acting, so as not to raise suspicions of the humans working there, experts say.

"People are going to be your biggest success or your biggest weakness," said Dave Chronister, owner of the St. Charles-based Parameter Security and its security training company, Hacker University.

His company is the driving force behind ShowMeCon, a two-day conference for Internet technology professionals hoping to guard against cyberattacks. The event continues Tuesday at the Ameristar Casino.

At this year's conference, hackers and cybercrime researchers are showcasing new threats from malware, wireless hacking and drones.

One researcher will offer an inside look at the "dark net," where cybercriminals go to sell and buy identities, stolen credit cards, access to home PCs, as well as drugs and weapons.

Others will be discussing growing concerns that the looming October deadline for retailers to implement more secure payment systems in light of the massive breaches at Target and Neiman Marcus may actually backfire and spark a new cybercrime wave.

On Monday, about 600 attendees got tips from several so-called ethical hackers who conduct security penetration tests for companies.

Valerie Thomas, who heads a Washington-based company, said she uses persuasion, deception and influence to bypass technical controls by exploiting the humans behind them.

She described how she used a variety of resources ranging from the company's website to LinkedIn to eBay to gather everything from company email addresses to the name of the antivirus program used by a firm, to business logo patches to iron on a shirt to better blend in with the actual workers.

She revealed that a large purse she carries doesn't contain lipstick, but a radio-frequency identification reader, to gather information from company badges. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.