Hacking and cybercrime evolution at IP EXPO

Graham Cluley

It seems they’ll let anyone talk at IP EXPO, the UK’s number one end-to-end enterprise IT event.

Today, at Earl’s Court in London, the keynote was given by Kevin Mitnick, the notorious ex-hacker who has served time in US prisons on two separate occasions for his criminal activities.

Kevin Mitnick at IP Expo

Tomorrow, Thursday 17th October, I’ll be taking to the same stage to talk about how cybercrime has evolved from back bedroom hackers to state-sponsored espionage.

Collage of Graham Cluley's slides

I haven’t ever been sent to prison, but I have been fined for parking badly and occasionally had legal threats over my karaoke performances.

Neither breaking the law nor poor renditions of power ballads should ever be considered a qualification to speak at an IT event about computer security.

I didn’t see Mitnick’s talk, but the word on the Twittersphere is that it was very entertaining and included a quip that the only thing McAfee was any good at was was making videos.

Whether he was talking about the anti-virus company McAfee, or their eccentric founder John McAfee (who *does* make some NSFW videos), is unclear to me at this time.

But if it *was* directed at McAfee the company, it seems a bit of a cheap shot to me.

Of course, no anti-virus software is perfect, and you should be suspicious of any “solution” which claims that it can protect your computers against all different types of attacks. But that’s a very different thing from declaring a particular security company or product worthless.

McAfee, and its many well-known competitors in the anti-malware field, have successfully protected hundreds of millions of computers around the world against online threats, and drastically reduced innocent users’ exposure to viruses, Trojan horses and spyware over the last 25 years.

Sure, anti-virus companies screw up sometimes – but generally they do more good than harm.

I have much more respect for the people who create security software and have helped develop technology to make the online world a safer place than those who have demonstrated their dubious moral standards by breaking the law.

That’s not to say that Mitnick hasn’t got useful things to say, and can’t contribute to the security debate. I just wonder if any contribution he has made to computer security can match the good that has been done by one of the world’s best-selling anti-virus products.

You can read more about the talk I will be giving on the IP EXPO website.

If you are in London and attending IP EXPO, please do come along (Thurs 17 Oct, 15:50, Keynote theatre) and say hello.

I promise not to do any Meat Loaf.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “Hacking and cybercrime evolution at IP EXPO”

  1. Somewhat agree about the use of 'poachers turned gamekeepers' such as Kevin Mitnick.

    However, 'The Art of Intrusion' is an excellent resource to understand how security breaches can happen in the real world. There is often a false sense of security among companies who have installed anti-virus/firewalls and think they are safe. No wonder 'hackers' laugh at this ridiculous complacency. Unfortunately you also make the same mistake in underestimating the value of what Mitnick is telling us.

    Have his books and openness about 'hacking' methods done more good maybe than McAfee and other anti-virus solution vendors? Did you add up the cost and danger of 'false sense of security' risk due to AV over-sell claims? Did you take into account the economic value of all those computers slowing down or crashing, or time spent re-installing and updating due to AV software? Do AV companies take any responsibility if your computer is infected or hacked? You don't even get refunded the cost of the product. Never mind damages, they (the AV software vendors) have a risk free business.

    If companies took the trouble to listen to 'hackers', this would be a major step in protecting against security threats. Turning this debate into a 'Good vs Evil' argument is completely missing the point about security issues and privacy concerns.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES