Kevin Mitnick, founder, Mitnick Security Consulting, discusses how remote access Trojans grab data from computers.
CNET's Dan Patterson interviewed Kevin Mitnick, founder of Mitnick Security Consulting, and Chief Hacking Officer of the security awareness training company KnowBe4, who demonstrates the dangers of RATs (remote access trojans) and how easily it grabs data from computers. The following is an edited transcript of the interview.
Campaign 2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.
Dan Patterson: Kevin, I know you have a demonstration of how RATs, that's remote access trojans, can be used to grab data from computers.
Kevin Mitnick: So over here, on my left, I have a Windows 10 computer that you might have in your office. Over here, this big white screen, that's the attacker computer.
SEE: IT leader's guide to the threat of fileless malware (Tech Pro Research)
So what's going to happen is, when I plug in the malicious cable into this Windows 10 computer, it's going to inject keystrokes. You're going to see like the invisible man that's typing on the computer. Ordinarily, we would trigger this through a Bluetooth connection. So we could click a button on a device or use our mobile phone, and it would actually tell the cable, "Go ahead and inject these keystrokes." So that way, the victim is not watching their computer.
So as soon as it injects those keystrokes, it downloads malicious software from the internet, installs it, and over here I'll get a connection back that lets me control it. So this attacker computer can be anywhere in the world.
So what we're going to do here is I'm going to plug in what looks to be an ordinary lightning cable that you would charge your iPhone with or another type of Apple device. So what we're going to do is go ahead and plug it in. There we go. And it just looks like your desktop is up.
So I'm going to plug in the cable and in a second, now, it's like the invisible man typing in keystrokes into the computer. It will disappear from the screen in a second. And that's all it takes to infect the computer. And then over here, something will pop up in about 10 seconds, there we go.
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
Over here you see this line popping up, that allows the bad guy to actually control this computer. It's what we call a remote access trojan. So imagine the victim just plugs in a charging cable, and we're able to get control of their computer.
Dan Patterson: Kevin, how could RATs or remote access trojans like you demonstrated be used to meddle with political campaigns or an election?
Kevin Mitnick: That would be tough because any of the systems that are used within the election are not really PC's, per se, or Mac's. You have the individual voting appliances, if you will, that you wouldn't be able to attack through doing it with something like with a cable. And then these systems communicate and eventually go to the system that does the counting of the votes, and that's a server.
What this could be used for is if an attacker was able to get into a facility where they were administrators or where people that administrate the election, they can compromise their computer.
But this cable couldn't be used to compromise the election. It really could be used to compromise a computer system that is in the same network as the people that actually administrate certain systems that are involved in the election.
- How to protect yourself from the Telegram-exploiting remote access Android HeroRat trojan (TechRepublic)
- How to stop Windows Defender from mistaking legitimate files for trojans (TechRepublic)
- Banking trojans, not ransomware, are the biggest threat to the enterprise now (TechRepublic)
- New banking trojan malware getting ready for a global campaign, experts warn (ZDNet)
- What is cyberwar? Everything you need to know about the frightening future of digital conflict(ZDNet)
- Your smartphones are getting more valuable for hackers (CNET)