Frank Abagnale, the true life inspiration behind the Steven Spielberg’s hit film, Catch Me If You Can talks to TechRepublic’s Karen Roby about cybersecurity, passwords, and the place executives go unsuitable.
Well-known con man Frank Abagnale: Crime is four,000 instances simpler at this time
Frank Abagnale, the true life inspiration behind the Spielberg hit, “Catch Me If You Can” talks to TechRepublic’s Karen Roby about cybersecurity, passwords and the place executives go unsuitable.
Partially considered one of TechRepublic’s four-part sequence “Mastermind con man behind Catch Me If You Can talks cybersecurity” TechRepublic’s Karen Roby sat down with Frank Abagnale, the well-known con man turned FBI Academy teacher, who impressed the Leonardo DiCaprio character within the film Catch Me if You Can to debate his work on the FBI’s legislation enforcement coaching and analysis middle and what C-suite executives must know concerning cybersecurity.
The next is an edited transcript of their interview held at Louisville’s Bowman Subject Regional Airport.
SEE: Mastermind con man behind Catch Me If You Can Talks Cybersecurity (free PDF) (TechRepublic)
Why breaches occur
Karen Roby: What do you inform CIOs and CEOs about cybersecurity?
Frank Abagnale: Nicely, to begin with, I inform them that a very powerful factor that they need to do is educate their workers, and a very powerful job they’ve is defending the data that is been entrusted to them by their shoppers. So, that is a very powerful factor.
Sadly, lots of people are usually not skilled by their firms, and they also fall for phishing scams, or they fall for social engineering scams over the cellphone the place they offer away quite a lot of info the place they should not. Individuals are mainly trustworthy and since they’re trustworthy, they do not have a misleading thoughts. So, after they see an e mail that appears very official wanting, they assume that it’s actual.
I have been an teacher on the FBI Academy for 43 years. I’ve taught two generations of FBI brokers who’ve gone by way of the academy. What’s wonderful to me is how a lot simpler crime is than after I did it 50 years in the past. It is really four,000 instances simpler as a result of I did not have all the know-how that exists at this time. So, know-how completely breeds crime. It at all times has, and there’ll at all times be individuals who will use know-how in a adverse, self-serving means.
TechRepublic’s Karen Roby with Frank Abagnale.
SEE: Person Privilege Coverage (TechRepublic Premium)
I have been concerned in safety breaches going again to TJ Maxx 14 years in the past, as much as Marriott and Fb just some months in the past. One factor that I’ve realized over my profession is that each breach happens as a result of any person in that firm did one thing they weren’t presupposed to do, or any person in that firm did not do one thing they have been, excuse me, suppose to do.
Hackers don’t trigger breaches, individuals do. All hackers do is search for weak factors to get in. So within the case of Equifax, they did not replace their methods, they did not repair their safety patches, and that opened the door for hackers.
I dwell in South Carolina. Somebody hacked into the tax income workplace 4 years in the past and stole three.eight million tax returns from the residents of South Carolina—that was everybody. After the investigation, it was decided that an worker took dwelling a laptop computer they should not have taken dwelling. They opened it an unrestricted surroundings, and the hacker received in.
So that is why it’s so essential to coach your workers about a very powerful a part of the job they’ve, and that’s defending the data that is been entrusted to them.
The way forward for passwords
Karen Roby: What’s your tackle passwords and password authentication? The place is that this going as a result of passwords don’t get the job carried out?
Frank Abagnale: Passwords are for tree homes. Passwords are 1964 know-how. So, they have been developed after I was 16 years previous earlier than I did any of the issues I did. I simply turned 71, and we’re nonetheless utilizing passwords, and passwords are the rationale we have now many of the malware, ransomware, and all of the issues which can be happening.
I’ve spent the final 5 years on a authorities venture to remove the world of passwords, not simply in our nation, and we mainly have carried out that now. Shere is an organization out in out in Arizona referred to as Trusona that I counsel which stands for true persona. ou could have seen an advert the place Serena Williams is operating by way of a market, in her jogging outfit, and he or she solely has her cellphone in her hand. She sees a necklace she likes. So she walks over to a Chase ATM, she presses an app on her cellphone, she will get her cash with no password, no card. Mainly, most of all of the banks in America are beginning to convert to no password.
The entire airways, all of the locations that use passwords, it is going to take two or three years to get individuals used to no password. So quite a lot of these websites will come up and say, “You should use your password, or you can’t use your password, it is as much as you.” However we’re lastly to the stage the place we’re attending to remove passwords, and that was lengthy, lengthy overdue.
“Passwords are for tree homes. Passwords are 1964 know-how.”
There isn’t any know-how nor will there ever be any know-how together with AI that may defeat social engineering. I used it 50 years in the past on a cellphone to get a Pan Am uniform. I did not know I used to be social engineering somebody, however that is what I used to be doing, however I solely had one type of communication, a phone. As we speak there are numerous types of communication. So what occurs is, for instance, there is a large factor happening proper now with the cellphone firms the place I name the cellphone firm, and I say that I am you. Then I mainly have all the safety questions answered that they might presumably ask me, after which I inform them that I broke my sim card in my cellphone, and I must have it changed. So, they ship me a brand new sim card. I put that in my cellphone and now I’ve your cellphone.
So, I’ve all the things you have got in your cellphone. Your entire contacts, all of your banking info, all of your info. Once more, that is a type of social engineering the place they’re utilizing a name middle, and so they’re convincing that individual that they really are me, however that individual does not know apart from to ask no matter questions have been placed on the pc. What’s your social safety quantity? What’s your mom’s maiden identify? These are issues that anybody can discover out on social media. So it is not troublesome to seek out all of the solutions to those safety questions.
So consequently, until you have really taught the worker to grasp the questions they’re asking you and the way they’re answering them is definitely their social engineering you. Then you possibly can cease and say, “You have gone far sufficient. I do not consider you’re who you say you’re. You must really go in-person and establish your self to somebody at considered one of our shops or someplace like that.”
Actor Leonardo DiCaprio performed Frank Abagnale within the blockbuster film “Catch Me if You Can.”
Catching criminals at this time
Karen Roby: How far more troublesome is it now for these FBI brokers, and other people in these varieties of roles to slender all of this down?
Frank Abagnale: Nicely the issue is that the web has made all of this world. So again after I was doing this stuff, the FBI was dealing primarily with home criminals. So that they have the ability to go arrest them; they’ve the ability to analyze them.
As we speak, most of this stuff occur. We’ve about 5,000 phishing emails day-after-day. Many of the cash, about $12 billion a yr from phishing emails goes out to 115 different completely different nations world wide—Russia, China, India, the place they provoke these phishing emails. Even when we all know who they’re, and we have now the handle the place they’re positioned, we actually haven’t got the ability to go arrest them, carry them again, and extradite them and all that. So it makes it far more troublesome. And that is why over time, what’s develop into far more essential is prevention then after the actual fact, as a result of as soon as they steal your cash, you are most likely by no means going to get your a refund.
“Hackers don’t trigger breaches, individuals do.”
So the entire thing is to not allow them to steal your cash to start with. We’ve nice know-how. The issue is that almost all firms do not use it. They’re all of that angle, “Oh, it will by no means occur to me. I am not a giant firm. I do not need to spend the cash on it.”
And so when you do not use the know-how, then you definately simply open your self as much as that door that opens for the hacker to get in, that is all he is in search of.
On the FBI Academy, I educate new brokers. I educate our nationwide academies the place we carry legislation enforcement in to be educated and undergo an 11-week coaching program. However I additionally educate with the FBI CSO Academy, and twice a yr we usher in about 50 CSOs from Fortune 500 firms. They spend per week on the academy, and I educate a part of that class whereas they’re there.. This goes again 40 years in the past after I used to exit and solely communicate to bankers about test forgery, embezzlement. I used to take a seat up there and say to myself, “I should be singing to the choir” as a result of I’d assume that every one these individuals know all the things I am telling them.
SEE: Cybersecurity technique analysis: Frequent techniques, points with implementation, and effectiveness (TechRepublic Premium)
After which I got here to appreciate they did not know any of it. Nicely this is similar factor now, 40 years later. I am chatting with people who find themselves presupposed to be the chief info safety officer of their firm, and I begin to understand they do not know a complete lot.
It is just a few job somebody’s assigned them to do, and so they’re form of studying as they go alongside, and that is—what’s to me— is a bit scary.
Cybersecurity Insider Publication
Strengthen your group’s IT safety defenses by conserving abreast of the newest cybersecurity information, options, and finest practices.
Delivered Tuesdays and Thursdays
Join at this time
Join at this time