At the Wall Street Journal, Kevin Mitnick writes about how to protect your information from people like this famous hacker. He points out that most of the time, he didn’t have to hack anything to get access to data — he used social attacks in phone calls in order to get valid passwords to accounts and he would then misuse the data he found in those accounts. This is an excerpt from his book, “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker.”
We’re also told that the records kept on us by government agencies—the Internal Revenue Service, the Social Security Administration, the DMV—are safe from prying eyes. Maybe they’re a little safer now, but in my day, getting any information I wanted was a pushover. […]
The California Department of Motor Vehicles would turn out to be one of my greatest sources of information.
At the beginning, I simply called a DMV office from the pay phone in a restaurant and said something like, “This is Officer Campbell, LAPD, Van Nuys station. Our computers are down, and some officers in the field need a couple of pieces of information. Can you help me?” The lady at the DMV said, “Why aren’t you calling on the law-enforcement line?”
Oh, OK—there was a separate phone number for cops to call. How could I find out the number? Well, obviously the cops at the police station would have it, but…was I really going to call the police station to get information that would help me break the law? Oh, yeah.
Placing a call to the nearest station house, I said I was from the Los Angeles County Sheriff’s Department, we needed to call the DMV, and the officer who had the number for the law-enforcement desk was out. I needed the operator to give me the number. Which she did. Just like that.
After phoning the DMV’s law-enforcement line, I found there was a second level of protection. I needed a “Requester Code.” I had to come up with a cover story on the spot. Making my voice sound anxious, I told the clerk, “We’ve just had an urgent situation come up here, I’ll have to call you back.”
Calling the Van Nuys LAPD station, I claimed to be from the DMV and said I was compiling a new database. “Is your Requester Code 36472?”
“No, it’s 62883.”
(That’s a trick I’ve discovered very often works. If you ask for a piece of sensitive information, people naturally grow immediately suspicious. If you pretend you already have the information and give them something that’s wrong, they’ll frequently correct you—rewarding you with the piece of information you were looking for.)
Read the full excerpt at the Wall Street Journal.