The “world’s most famous hacker” wanted to prove how easy it is to steal someone’s identity — and he needed a volunteer.
One brave hand shot up Sunday night in a ballroom in the Hyatt Regency Chicago.
Minutes later, Kevin Mitnick splashed the 30-year-old New Yorker’s cellphone number, date of birth and address on a screen for everyone to see. And that’s not all.
“You have my Social Security number?” the volunteer asked regretfully, once he saw it on display.
Already, an “oh s—” had floated up from the back of the ballroom where a crowd gathered to kick off International Telecoms Week.
Mitnick said he exposed the volunteer’s personal information with a database that charges 50 cents per search. Then he used a second database to look up actor Leonardo DiCaprio’s mother’s maiden name. That database costs $60 a year, Mitnick said.
“In America, the system’s broken,” he said, noting that the next step for a cyber criminal would be a trip to a free credit report website.
It’s been about 20 years since the FBI considered Mitnick one of its “most wanted” criminals for hacking into major corporations. He led authorities on a manhunt but ultimately served five years in prison. He told the crowd he once wiretapped the National Security Agency when he was 16, and he said a federal prosecutor once warned a judge Mitnick could whistle tones into a phone to launch nuclear missiles.
Since then, Mitnick has used his talent to become a security consultant to Fortune 500 companies and governments around the globe. His Global Ghost Team claims a 100 percent successful track record of penetrating the security of any system it is paid to hack to expose shortcomings.
His demonstration kicked off a four-day conference at the Hyatt Regency. He also joined Sir John Sawers, a former chief of the British Secret Intelligence Service, and Ret. Gen. Keith B. Alexander, a former commander of U.S. Cyber Command and director of the NSA, for a panel discussion about cyber security.
Mitnick repeatedly said the Internet is “broken,” and he recommended people focus on protecting their most at-risk information online. They may not be able to protect it all.
“There are so many holes and so many vulnerabilities out there,” Mitnick said. “What is the silver bullet to really protect yourself? I don’t think there is any.”