Top 145 Quotes & Sayings by Kevin Mitnick - Page 3

If I needed to know about a security exploit, I preferred to get the information by accessing the companies' security teams' files, rather than poring over lines of code to find it on my own. It's just more efficient.

I'm not a fugitive anymore. Never will be in the future. After spending five years in jail, you learn your lesson. I never want to return there.

The government does things like insisting that all encryption programs should have a back door. But surely no one is stupid enough to think the terrorists are going to use encryption systems with a back door. The terrorists will simply hire a programmer to come up with a secure encryption scheme.

When somebody asks for a favor involving information, if you don't know him or can't verify his identity, just say no.

The first programming assignment I had in high school was to find the first 100 Fibonacci numbers. Instead, I thought it would be cooler to write a program to get the teacher's password and all the other students' passwords. And the teacher gave me an A and told the class how smart I was.

Penetrating a company's security often starts with the bad guy obtaining some piece of information that seems so innocent, so everyday and unimportant, that most people in the organization don't see any reason why the item should be protected and restricted.

I don't know of any case that involves computer hacking where there were multiple defendants charged where there wasn't an informant on the case.

The Patriot Act is ludicrous. Terrorists have proved that they are interested in total genocide, not subtle little hacks of the U.S. infrastructure, yet the government wants a blank search warrant to spy and snoop on everyone's communications.

Nine out of every 10 large corporations and government agencies have been attacked by computer intruders.

I think a cyber-terrorism attack is overblown, though the threat exists. I think al Qaeda and other groups are more interested in symbolic terrorism, like what they did to the World Trade Center - suicide bombers or something that really has an effect and is meaningful to people.

I obtained confidential information in the same way government employees did, and I did it all without even touching a computer. ... I was so successful with this line of attack that I rarely had to go towards a technical attack.

When I was in prison, a Colombian drug lord, offered me $5 million in cash to manipulate a computer system so that he would be released. I turned him down.

Social engineering bypasses all technologies, including firewalls.

Of course I'm sure half the people there hate me and half the people like me

The human. Now you know all about your target

You can't go to Windows Update and get a patch for stupidity.

It’s actually a smarter crime because imagine if you rob a bank, or you’re dealing drugs. If you get caught you’re going to spend a lot of time in custody. But with hacking, it’s much easier to commit the crime and the risk of punishment is slim to none.

A hacker doesnt deliberately destroy data or profit from his activities.

The Americans are the most gullible, because they don't like to deny co-workers' requests.

Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems

Social engineers veil themselves in a cloak of believability.

You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.

The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.

The intent of the individuals who created the DDoS attacks has nothing to do with hacking, and they are vandals, not hackers.

There is no patch for stupidity.