Amsterdam, Iceland, New Zealand and other European countries also top Mitnick's destination wishlist, however, when his travel restrictions are lifted in the next five to 10 months, -I'll be very selective," he said. I don't like to fly too much...especially after the terrorist attacks in the US."
-I do get requests to speak overseas quite a lot," said Mitnick, who is permitted to engage in the speaking circuit but isn't allowed to consult on security issues. -I'd love to come to Australia."
Although it will be next year before Mitnick will have that opportunity, he will address the morning crowd on day-two of the SecurIT Conference to be held at Sydney's Merchant Court Hotel on May 14 and 15. His last teleconference was to Istanbul, Turkey.
Mitnick will give a brief talk on social engineering - the very same technique he himself used to compromise company networks and one of the topics covered in his soon-to-be-launched novel -The Art of Deception".
Social engineering, Mitnick explains, is one of the oldest tricks in the book, whereby hackers cajole or trick employees within a company to reveal information that will allow them access to restricted areas of the network.
At the SecurIT conference, Mitnick will outline a number of security information policies that companies should adopt, including using awareness as a training tool.
Staff need to understand why security policies are critical to the company, Mitnick said and organisations have to be prepared to re-educate and retrain staff in order to boost this awareness. -Awareness and training has to become basically a lifestyle or awareness dissipates over a period of time," he said.
Organisations must also have specific policies in place for particular departments that pose certain risks, Mitnick advises.
For example, hackers will manipulate helpdesk personnel purposefully because they are -trained to be polite, curteous, and to help people internally and externally," he said. -One of their functions is to help people with access problems - they have the authority to change passwords," he pointed out.
For this reason organisations should have a policy specific to helpdesk staff, one that promotes early warning detection and rewards such behaviour. Helpdesk employees should also be encouraged to report unusual queries they receive by phone, or else the hacker will simply hang up and target a different member of the helpdesk, according to Mitnick.
As technology continues to evolve, Mitnick believes we will start to see social engineering put to use more often. -The bigger the company the more risk because the more employees there are to dupe," he said.
-The truth of the matter is there are always going to be vulnerabilities and there are always going to be people exploiting them, therefore companies must exercise due diligence to minimise the risk," Mitnick added.
Mitnick has just finished writing to an April 29 deadline for the sample copy of his up-coming book, which will be distributed to media organisations for review. The complete manuscript, published by John Wiley & Sons, will be completed by June 1 and will hit the shelves October 4, 2002.
-The book isn't about any of my exploits," Mitnick said, explaining that it gives some background on his treatment by some journalists, as well as an overview of his travels through the criminal justice system.
