Infamous hacker Kevin Mitnick sniffs fiber, reads email

Kevin Mitnick demonstrates how easy it is for a hacker to tap into your network and read your email messages, even if it's a fiber optic network.
Written by Ken Hess, Contributor
Kevin Mitnick in action
Kevin Mitnick, famous former black hat hacker, demonstrates just how easy it is for a hacker to tap into your network and read your email. And he's doing it with a fiber optic network connection, not a simple and very non-secure CAT5x or CAT6x network wire. And he doesn't have to connect to the Internet, your network, or any outside resources to do this. He clamps onto a fiber optic "wire", opens Wireshark, and sniffs away your most guarded secrets.

Mitnick demonstrates in under five minutes how he could get near your network, set up a clandestine connection, sniff your network, grab your passwords, email, anything sent "over the wire" unencrypted, and disappear within minutes. And you'd never catch him doing it.

Although it isn't obvious from the video, the hardware item that they discuss is an optic fiber clip-on coupler. It's not designed for the purpose that Mitnick uses it for, but it works and that's the "beauty" of being a hacker: You use hardware and software in creative ways to get the information and the results you want.

The video shows just how easy it is to eavesdrop on conversations on-the-wire, even if the wire is fiber optic cable. Standard cabling is easier still to tap without cutting any wires by simply using alligator clips to attach to the cables. However, if someone wants your data bad enough, he can quickly splice a cable and plug both ends into a small hub and collect all the data he wants. Cutting your cables isn't a problem for a thief and yes, they will do it.

So, someone wants to place a "vampire" tap into your network and there's not much you can do about it if he or she has physical access and a few minutes of uninterrupted time. What do you do?

As Mitnick explains in the video, use encrypted connections for everything you do and that includes email, chat, web browsing, remote connectivity -- everything.

Of course, he has everything set up on a nice table top, but the entire process would only take ten minutes in a cramped wiring closet. And if the hacker is really clever, he could hide the tap, use a tiny Raspberry Pi computer to grab the data, hook it up to his or her Google Drive account and siphon data 24x7. Not a bad haul for $50 worth of materials, a free online account, and ten minutes of time. Kind of makes working for a living look like a silly undertaking, doesn't it?

Take a few minutes to watch the video and then take a few more to write back, in the comments section, to tell me what you think.

Editorial standards