The formula of Mitnick and our "private" life

Kevin David Mitnick, 35, is the world's most notorious computer hacker.Since his arrest in February 1995, he has been a "computer vandal", accused of having caused up to 80 million dollars worth of damage through his intrusions into Motorola, Nokia or Sun Microsystems. Since his arrest in February 1995, he has been a "computer vandal", accused of having caused up to 80 million dollars worth of damage through his intrusions into Motorola, Nokia or Sun Microsystems.  Hackers around the world consider Kevin Mitnick a martyr. Mitnick admits to having spent most of his life as a "network hacker". His first brush with the law came at the age of 17 for stealing computer manuals. Seven years later, in 1988, the FBI nabbed him for looting software. "He feels his sentence today is disproportionate," says Thomas. For three years after his release from prison, he will not be allowed to touch a computer or mobile phone. 

The recent attacks on Twitter and Doctolib have highlighted two major issues. The first is data management. Too many employees of the firm had access to users' accounts. This problem is the same for ALL online services: clouds or shared servers, medical data (cf. Doctolib), dating sites, Facebook...

For example, with server hosts or SaaS application providers, it is obviously necessary to prevent one user from accessing the data of another. And yet, it still happens regularly that by changing a login a user accesses data that is not his own. Beyond that, can the host or service administrators access our data or metadata? The answer is almost always yes. If the data is sometimes encrypted, who manages and holds the keys? 

Between the service providers themselves on the one hand, and third-party vulnerabilities on the other, attackers have many technical options to access our data. However, solutions exist to protect data: end-to-end encryption, popularised by messaging applications when data is stored or transmitted, or obfuscation, which consists of hiding data when it is manipulated.

But technical attacks are not the only threat.The second issue illustrated by the Twitter attack is that at least one of the employees with excessive access was deceived by the attacker. This type of attack is called "social engineering". The objective is to get a person to perform an action by playing with their brain. These attacks were popularised in computer science by Kevin Mitnick, who was hounded by the FBI for years, phoning people to gain illegitimate access to networks from the early 1980s. Today, "presidential frauds" are based on the same schemes: learn as much as possible about the targets (organisation, who is there? when? interests? etc.) to create trust, put the targets in a stressful situation in order to get them to reveal a secret or carry out an action, in complete serenity.