Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker


Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies--and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn't just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI's net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down. 

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

My review on this book

While reading this book I feel the thrill of the true story about this man. Always hungry of new information and technology around him. Always one step ahead on the people who chase him. The funny part is how he simply manipulate his victims in doing what he want them to do even after being fooled many times. A honest man and not boastful of his hacks. Another big plus is most the hacks depended as much on "social engineering", his main weapon. Plus an awesome skills on phreaking. Mitnick was more relax and confident at social engineering people as he was writing code. You must read his book!

Rootcon X: Call For Papers


Call For Papers

Let the freshest hacks be submitted and share them among the hacker community.

Guidelines

Where to submit? - Submit your paper to cfp [at] rootcon [dot] org

Email Subject - email your talks with subject line of RC10 CFP Submission - [TOPIC NAME]

Submission Deadline - will be before June 13, 2016

Minimum Time: 30 minutes

Maximum Time: 45 minutes

Topics of interest but not limited to:

- Real-life hack (responsible disclosure)
- Non-tech hacking
- New tool release
- Exploit Development
- Reverse Engineering
- Web Application Attacks
- Tools 101 (Metasploit, Nmap, etc…etc…)
- Wireless Attacks (3G, 4G, 802.11(x))
- Cloud Security
- Vulnerability Discovery
- OS Level Vulnerabilities
- Physical Security (Lock picking – Digital Locks or Digital Safes)
- SQL Injections
- Vendor Appliance Vulnerabilities
- Exploitation Techniques
- Mobile Security

ROOTCON 10 Call For Papers Form

(*) Denotes Mandatory Field

Please copy the needed information together with the agreement and paste them on a .txt format.

Speaker's Bio

This part should contain a little info about yourself, what you do, etcetera - to be posted on the site.

Personal Information

* Speaker Name :

* Title and Company (if applicable):

* Email Address :

* Mobile Number :

* Backup speaker name :

* Email Address :

* Mobile Number :

* Have you talked on previous ROOTCON events or any organized events under ROOTCON ? Yes or No.:

Presentation Information

This part should contain info about your presentation.

* Name of Presentation: (name goes here)

* Abstract: (A sketchy summary of your presentation which we can post on the website, giving the attendee an idea what your presentation is about in a nutshell.)

* Time: AM, PM or Anytime will do

* Day: Day 1 or Day 2? (Applicable to speakers that has only one topic)

Audience Participation needed? Yes or No.

LCD Projector? Yes or No.

Internet access? Yes or No, if yes specify wireless or wired.

White Board? Yes or No.

* Any other equipment requirements? Please specify.

* Location: Metro Manila, Others please specify.

Copyright Agreement

I warrant that the above presentation is of my own work, or if copied, permission has been obtained from the author for publications on ROOTCON 10, and that I will give credits accordingly.

I will grant permission to ROOTCON to post my presentation on the ROOTCON Relics after the event.

Speaking Remuneration Agreement:

1. As a ROOTCON speaker, you will be entitled to the following benefits:

a. Free registration to ROOTCON 10 will enjoy all benefits included on registration. (This will include Swags, Food, etc)
b. Speakers coming from within the Philippines (domestic) will be free of airfare and accommodation (ROOTCON preferred hotel and airline).
c. Speakers coming from outside the Philippines (international) will be free of accommodation (ROOTCON preferred hotel).
d. One ROOTCON speaker token.
e. One Speaker Badge
f. And of course free booze all throughout the conference.
g. Access to ROOTCON 10 post-con party.
h. Certificate of attendance (speaking engagement) by request.

2. ROOTCON will be responsible for providing all equipments and setup needed for the presentation as stated on the Equipment Needs.

3. ROOTCON will not be responsible for all other expenses not included on the Equipment Needs and on the benefits stated above.

4. Creation of the presentation will be done by the speaker himself. ROOTCON members can assist the speaker such as preparing the LCD Projector, white board, prepare the stage, setup of the microphone and assistance during the demo. Other requests should be addressed to the ROOTCON organizing committee.

5. ROOTCON will not disclose speakers personal and contact information unless stated by the speaker.

6. ROOTCON must not be held liable for the safety of their speakers before, during and after the event.

7. Speaker will be held liable in creating his/her disclaimer if the presentation contains hacking exposure.

8. In the event the speaker changes his topic, he must inform the cfp [at] rootcon dot org one (1) month before the event; new topic will be subject to approval.

9. Speakers are advised to check-in at the hotel one (1) day before the event. This is to meet the organizing committee, give you proper orientation about the venue, prepare your equipments and discuss other important matters before the event.

10. On the event proper, the speakers should be at the venue an hour or two prior to his or her presentation.

11. Speaker who wishes to decline or backs out from his speaking engagement, he should inform cfp [at] rootcon dot org one (1) month before the event.

12. Substitution is allowed provided that the original speaker will look for his own substitute and inform the organizing committee the complete profile of the new speaker (substitute) one month before the event.

13. ROOTCON will only pay the additional hotel accommodation if the speaker has pending tracks on the following day

14. To maintain the quality of topics, all topics are selected according to awesomeness level.

15. Final Presentation materials should be sent to cfp [at] ROOTCON /./ org, one month before the CON. This is for security reasons in any case the speaker lost his .ppt presentation due to laptop corruption or any other unexpected circumstances.

I, (insert your name here), have read the above and understand and agree to the terms as detailed in the Speaking Remuneration Agreement and Copyright Agreement.

In the event the Speaker failed to comply with the Speaking Remuneration Agreement and Copyright Agreement, ROOTCON reserves its right to revoke any benefits entitled to the speaker.

More info here.

Rootcon 7 – Topics and Speakers




TRACKS:

CyberCrime Act of 2012: Issues and Concerns 
by: Atty. Al Vitangcol III, C|HFI, C|EI
The revolution in information technologies has changed society fundamentally. It has given rise to unprecedented economic and social changes. With it comes the emergence of new types of crimes. 

These new types of crimes, based on new technologies, challenge existing legal concepts. The Convention on Cybercrime of the Council of Europe, known as the Budapest Convention, is the only binding international instrument on the issue of cybercrimes. Its main objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation. It is a guideline for any country developing comprehensive national legislation against Cybercrime. 

Republic Act No. 10175, known as the "Cybercrime Prevention Act of 2012", was signed into law by the President on September 12, 2012. It took effect on October 3, 2012.

The presentation will focus on the provisions of the law and its compliance vis-a-vis the requirements of the Budapest Convention. It will discuss the various offenses punishable under the law. More so, the presentation will likewise touch on the aftermath of the enactment of the law, including various pros and cons on its implementation. Finally, the law's current status shall be presented and suggestions on the way forward shall be made. 

Love letters to Frank Abagnale (How do I pwn thee let me count the ways) 
by: Jayson E. Street
In previous talks I have shown how I have used emails to gain entry into places I should not have been. In this talk I give an in depth explanation on how I use emails not just for phishing but to gather intel & make a way in. I will go over the steps to recon your target. To find important information to make sure the email is not just believed but acted on in the way you desire. I will also show you how to create a convincing get out of jail free card. That will aid in avoiding being detained but will also get employees to aid you in your attack. 

Ouroboros 
by: Chris Boyd & by: Jovi Umawing
Preemptive strikes against attackers. Mobile Malware on the rise. Government spyware. Printer shenanigans. Cybersecurity lobbying. It sounds like a round-up of the top news stories of the last couple of months - in reality, it's a sample of news stories from 2005 to 2008, when Antispyware companies and security forums clashed over legal battles, death threats, pr spin, Botnet monetisation and more at the height of the old Adware industry's power and ambition. 

Was so much time spent firefighting the Adware industry that many of our current security concerns were allowed to develop and grow largely unaddressed? What factors could have encouraged this security groundhog day? Why did the Adware industry's passing encourage a form of "security fatigue" on Infosec blogs? Why did so many security researchers burn out? What might have happened if the old guard of Adware vendors hadn't gone bust or been sued into oblivion? What legacy have the ghosts of those long dead and acquired technologies left behind? 

ROOTCON 101 
by: semprix (The Fork Meister)
ROOTCON 101 will guide you how to survive at ROOTCON for the next two days of the conference. We will be discussing a little history of ROOTCON and how the community can be involved in such an awesome environment. 

Social Network Analysis as Internet Security Tool 
by: Wilson Chua
Security devices (firewalls, IDS, IPS) produces a huge amount of data by posting each security incident/event into a Syslog database. This (big) data enables the system administrators to identify the source of the largest attacks, and the most frequently victimized/targeted server. 

However, due to massive number of records generated by Syslogs, a quicker and more timely analysis is needed. Social Network analysis is presented here as an optimal way to quickly analyze and create actionable insights from this huge amount of data - by converting (big) data into graphics format. 

Stealth by Legitimacy 
by: Jeffrey Bernardino
Nowadays, its commonplace for cybercriminals to create complicated malware. But as part and parcel of any trade, cybercriminals update themselves by continuously uncovering new techniques to improve malware stealth. Misuse of legitimate services is one of probably hundreds of ways to cover cybercrime tracks. Trend Micro has discovered this with BKDR_VERNOT malware. In this presentation, Trend Micro discusses malicious routines of a particular BKDR_VERNOT malware. We also dive deep into the advantages and disadvantages of using legitimate services by malware - how BKDR_VERNOT used legitimate Evernote C&C, and how this technique will influence future attacks.

MEET THE SPEAKERS:

Atty. Al Vitangcol III, C|HFI, C|EI
Atty. Al. S. Vitangcol III is a practicing lawyer, a registered engineer, a contracts review expert, an academic scholar, an Information Technology (IT) specialist, and an automated elections guru. 

He finished his undergraduate degree at the University of the Philippines in Diliman, Quezon City and his Master of Science in Computer Science degree at the De La Salle University. He is the only lawyer in the Philippines with a formal education in IT and a solid IT working experience behind him. Currently, he is the Philippines' first (and only lawyer) EC-Council certified Computer Hacking Forensic Investigator (CHFI). He was nominated to the 2007 Ramon Ozaeta Most Outstanding Lawyer Award, which is annually sponsored by the Philippine Bar Association (PBA).

He is the author of three books: 1) Computers for Lawyers, 2) technoLAWgy:A Lawyer's Guide to Information Technology in the Practice of Law, and 3) Legal Research in Practice. 

He is currently the managing lawyer of AVALaw. He is a former law professor at the Lyceum of the Philippines - College of Law and a former lecturer at the Ateneo de Manila University – Graduate School of Business. He is a member of various local organizations and the Australian-based International Employment Relations Association (IERA). 

Atty. Vitangcol is a sought after speaker at Mandatory Continuing Legal Education (MCLE) seminars and other training fora. He lectures on such diverse subjects as Law and Technology, Electronic Legal Research, E-Commerce, Automated Elections, Computer Forensics, and IT Security. 

Christopher "@paperghost" Boyd
Christopher Boyd is a Senior Threat Researcher for ThreatTrack Security, former Director of Research for FaceTime Security Labs and a multiple recipient of the Microsoft MVP award for Consumer Security. He has given talks across the globe including RootCon, RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure. 

Jayson E. Street
Jayson E. Street is an author of "Dissecting the hack: The F0rb1dd3n Network" from Syngress. Also creator of http://dissectingthehack.com 

He has also spoken at DEFCON, BRUCON, UCON and at several other 'CONs and colleges on a variety of Information Security subjects. 

His life story can be found on Google under "Jayson E. Street" 

*He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006. ;) 

Jeffrey Bernardino
Jeffrey Bernardino is a member TrendLabs Threat Research Team. A Computer Science graduate, Jeff has been with Trend Micro for eight years. He started as an antivirus engineer, with focus on creating signature for malware, analyzing its behavior and providing clean up. Currently, he heads the Analysis Team, which is responsible for posting relevant malware and other threat information in the Trend Micro Threat Encyclopedia. 

Jovi Umawing
Jovi Umawing is Communications and Research Analyst at ThreatTrack Security. With 10 years in the antivirus industry under her belt, this accomplished threat researcher helps educate enterprises and consumers alike about the latest online threats. She has written for online security publications, is an advocate for online child safety and is a regular contributor to the ThreatTrack Security Labs Blog. 

semprix (The Fork Meister)
Dax Labrador a.k.a semprix is the founder and director of the international hacker conference in the Philippines which is ROOTCON. He is currently working for HP Enterprise Security as Security Consultant. 

Wilson Chua
a Microsoft MVP (Hall of Famer) in the Philppines for windows media. I believe strongly in collaboration and that is why i joined linkedin. 

Specialties: PMP certified Project Manager, ITIL, MCSE+I, MCDBA, Cisco CCNA, CCDA, Wireless LAN Engineer, Ethical Hacker, Security+, BPO, Contact Center, Microsoft MVP, WebCEO, Google Adword Individual 

Register here.