Infamous hacker Kevin Mitnick used his keynote address at IP Expo today to lay bare the alleged inability of anti-virus software to protect companies against socially engineered forms of malware.
Once the most wanted cyber criminal in the United States, Mitnick now heads up his own business, Mitnick Security Consulting, and performs penetration tests on companies' security systems.
Speaking today, he claimed computer protection software was not able to defend systems against socially engineered hacks, where people in a company are identified and targeted through their social media presence to then be sent malware via email that can destroy a business's entire network.
He said: "If you think AV is going to save you, you're [still] 60% affected. The only thing McAfee's good at is making videos these days."
He described how IT workers, sales and market professionals and system administrators could be sent applets they believe to be secure, but which actually contain malware undetected by virus scanners.
"Once that target opens it, game over. It's very deceptive. Security people fall for it, IT people fall for it, imagine end users, right?" he told the crowd, before going on to outline the risks of social media.
"Social engineering was very useful back in the '70s and even today it still works.
"You do the attacks surgically. What's my favourite tool to build my target list? LinkedIn. I can put a company name, search for titles and positions; network engineer, systems administrator, or whoever I want in the company."
Mitnick also said ex-NSA analyst Edward Snowden, who leaked sensitive documents which revealed the US has been spying on its own citizens with programmes like Prism and XKeyscore, as well as on other countries, was neither a hero nor a traitor.
"I'm actually really happy that Snowden revealed the NSA operations which violated our rights in the States," he said.
"He's a rogue agent who revealed the wrongs the government did against the American people. Where I think he crossed the line was when he revealed our operations against other allies like the UK - you just don't do that."
But he believes Snowden will find it hard to get permanent asylum in Russia without divulging more American secrets to President Putin.
"He'll have to do something in exchange, that's my personal opinion," Mitnick said. "If you're in Putin's position, you have a guy with four laptops, with information that could be useful for his country.
"I can't imagine this guy showers with his laptops. There must be a point in time where the laptops get separated from the man. All they need is his key."
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...
M86 Security is a global provider of web and e-mail security products. We are the only security company able to provide integrated, reliable and...