Saturday, February 14, 2009

Hacking the President's Blackberry - And What We can Learn

There was a great deal of speculation after the presidential election about what President Obama would do about electronic communication and his beloved Blackberry in particular. As most of us geeky types already knew, the President has a serious "Crackberry" addiction and we wondered how he would function without it. There were serious concerns about being able to track the president via the device and, of course, the security of the president is of utmost importance.

It turns out that President Obama got to keep his electronic obsession. By using a very expensive and highly encrypted special version of the Blackberry that eliminates the concerns the Secret Service had the new president is now the first in U.S. history to communicate electronically. Geeks like myself rejoiced!

However, there are still concerns about security. Why? Because being secure is a constantly moving target and you must be ever vigilant in ensuring the safety of your data and network whether you are the Commander-in-Chief of just the owner of a small business. To that end, Fox News this week had a conversation with famous hacker Kevin Mitnick about this issue. Mitnick was convicted of some serious security briefs in the 1990's and now has turned to a "white hat" who runs a security consulting business. In the article below from Fox News, pay special attention to the issue of "social engineering" which is getting past security by dealing with the humans in charge of it. Mitnick was a successful hacker due to the fact that he was also very good at the social engineering aspect of hacking. Never forget that the human element is frequently the weakest link in the security chain.

Here is the article from

There's a new "holy grail" for hackers — President Obama's super-secure BlackBerry.

Despite warnings from his advisers, the president insisted on keeping his beloved PDA, which now has specially designed superencrypting security software.

But that just makes cracking into it more challenging — and, yes, it can be done, says the world's most famous hacker.

"It's a long shot, but it's possible," Kevin Mitnick told "You'd probably need to be pretty sophisticated, but there's people out there who are."

• Click here to visit's Cybersecurity Center.

• Got tech questions? Ask our experts at's Tech Q&A.

Mitnick served nearly five years in prison after pleading guilty to charges of wire and computer fraud for hacking into computer systems at some of the country's largest cell-phone and computer companies during the 1990s.

With his hacking days behind him, he now heads Mitnick Security Consulting.

"If I was the attacker, I would look to Obama's close circle of friends, family and associates and try to compromise their machines at home," Mitnick said. "The objective would be to get Obama's e-mail address on the BlackBerry."

Mitnick said someone with access to Obama is much more likely to be targeted by hackers because their networks, particularly those used at their homes, would be much less secure than those used by the commander-in-chief.

Once armed with Obama's coveted e-mail address, a hacker could theoretically send an e-mail to Obama in an attempt to lure him to a Web site that has previously been breached in order to transfer "malicious code," Mitnick said.

Obama administration officials declined to comment Friday.
Related Stories

* Obama's BlackBerry Spotted in the Wild
* White House Already Well Wired, Bush Staffers Say
* Obama Getting Super-Secure BlackBerry

White House Press Secretary Robert Gibbs told reporters last month that only a small circle of associates and senior aides would be allowed to exchange e-mails with the president.

Chris Soghoian, a student fellow at Harvard University's Berkman Center for Internet and Society, agreed that the most likely route to Obama's BlackBerry would be to trick the president into visiting a pirated Web site.

"These are attacks when you visit a Web site, and within seconds, it hacks into your computer and forces it to download viruses," Soghoian said. "In many cases, people get infected by using out-of-date browsers."

Soghoian said he suspected that the likely culprit wouldn't be a hacker who targets computers for notoriety or fiscal gain, but rather a foreign government looking for classified information.

"By and large, the people who are going to do it for reputation aren't going to have the skills to get into Obama's BlackBerry," Soghoian said. "The real threat is not some dude in an Internet café in Russia; it's a team of 60 hackers working for the Chinese government. The threat is state-sponsored espionage."

The possibility of hackers competing to hack into Obama's BlackBerry is an "ongoing danger," according to Bill Brenner, senior editor at CSO Magazine, a publication for security professionals.

"There's no question there are hackers out there who would love to break into his BlackBerry," Brenner told "At any given time, you have countless people trying to hack into a politician's BlackBerry, Paris Hilton's cell phone and the Department of Defense's computer network.

"If somebody were to break in," he said, "they'd have big bragging rights, and it's definitely a big target. I would imagine to some people it would be a holy grail."

So far, officials with the Obama administration have been tight-lipped on details regarding his BlackBerry.

Some have even questioned if it is indeed a BlackBerry — or rather a Sectera Edge, an ultra-secure smartphone approved by the National Security Agency.

"Nobody has really said with certainty what device he is actually using," said Randy Sabett, a partner at Sonnenschein Nath & Rosenthal LLP and a former NSA employee. "That right there is an important subtlety. The less information known, the better."

Research In Motion, the Canadian company that manufactures the BlackBerry and routes most BlackBerry e-mail through its own servers, did not respond to repeated requests for comment.

Obama administration officials likely considered the potential risks involved, Mitnick said, and instructed the commander-in-chief to keep his communications bland.

"The question is, what intelligence would you get? He probably has a rule that nothing classified is discussed," Mitnick said. "If he's discussing anything classified, I can guarantee you it's encrypted using an advanced algorithm."

Mitnick, who eluded authorities for three years before being apprehended by the FBI in North Carolina in 1995, warned any potential hacker to consider the consequences before acting.

"The government would go after them full force," he said.

Still, the potential threat to national security remains real, however small.

"There's no such thing as 100 percent security, and anyone who tells you otherwise isn't being honest," Brenner said. "And when you're the president, there's always the danger of someone trying to get to you."

No comments:

Post a Comment