[credit provider=”Stian Eikeland” url=”http://www.flickr.com/photos/stianeikeland/3696386615/”]
A former Anonymous hacker says that all the security tools in the world can’t patch the biggest security hole: people.Cisco interviewed the hacker known as @SparkyBlaze, who quit the group a couple weeks ago because he thought some members were spending too much time targeting innocent people.
He confirms what a lot of security experts know but won’t say, because they’re often trying to sell a technological solution: the most effective form of hacking is social engineering — getting people to disclose their passwords and other information.
As he puts it:
In my mind social engineering is the biggest issue today. We have the software/hardware to defend buffer overflows, malware, DDoS and code execution. But what good is that if you can get someone to give you their password or turn off the firewall because you say you are Greg from computer maintenance just doing testing. It all comes down to lies, everyone does it and some people get good at it.
Tools are certainly important — elsewhere he criticises companies for not using encryption software.
But it’s equally important to train employees not to open strange attachments, to implement physical security so people can’t just walk in and steal data, and to educate everybody on social engineering and how to avoid it.
As far as the hacker himself, he says he’s a 20-something white male from Manchester, England, and is moving to the U.S. to study ethical hacking and try to get a job. He also loves guns, and the U.K. doesn’t have a lot of shooting ranges.