February 25, 2005 - World’s Most Famous Former Hacker Delivers Security Certification in Toronto

(Toronto, ON) Kevin Mitnick, the world’s most famous former hacker, will be coming to Toronto at the end of March to deliver for the first time in Canada, his 2-day security certification workshop. Mitnick, most famous for his past “unauthorized access” to some of the world’s largest corporations and most resilient computer systems is a renowned security expert and best selling author on the subject of computer crime and vulnerability.

The announcement was made today by Polar Bear Corporate Education Solutions, a division of CrossOff Incorporated (TSX:OFF), host of the exclusive workshop entitled “Sleeping with the Enemy” (March 29, 30th of 2005 at The Second City).

With over 15 years in exploring computer security, Mitnick comes to Canada to deliver his Certified Social Engineering Prevention Specialist (CSEPS) workshop. He now devotes his life to helping businesses, government and organizations combat data theft, cyber-vandals, hackers and has developed this seminar to create an internationally-recognized standard for Social Engineering (SE) awareness and prevention training. After completing the program, participants are presented with the opportunity to take a comprehensive CSEPS certification exam, testing their knowledge of SE and the ways in which they can apply mitigation strategies back in the workplace.

“Social engineers are targeting more and more organizations every day with new and more clever forms of attack,” says Kevin Mitnick, President Defensive Thinking, LLC. “This certification arms individuals with the necessary tools to develop and implement proper safeguards for their organizations.”

“Security has become one of the top investment priorities for Canadian corporations. They are subject to more and more threats daily, increasing overall risk and compromising competitive advantage, ”, added Wendy Callaghan, Vice President of Polar Bear Corporate Education Solutions. “Investment into technology is one part of the solution, but understanding the threats of exploiting human vulnerabilities through social engineering will ensure that proper defences are in place for a secure environment.”

Online criminals are attacking corporate and government networks more frequently, costing businesses an estimated $666 million in 2003, according to a survey of computer security executives conducted by CSO (Chief Security Officer) magazine in cooperation with the U.S. Secret Service and the CERT cybersecurity center at Camegie Mellon University in Pittsburgh. The survey showed that more than 40 percent of 500 executives polled said hackers have become the greatest cybersecurity threat to business and government networks, compared to 28 percent who feared internal threats such as disgruntled or recently fired employees. More than 40 percent of the respondents said the number of computer crime incidents increased from 2002 to 2003, compared to 6 percent who said it dropped.

“Social engineering” is defined as exploiting human vulnerabilities to steal, modify or destroy critical information assets - or, more simply, hacking into computer systems through people.

SEs are highly skilled in the art of establishing trust and using techniques of deception, manipulation and influence to elicit information without raising any suspicion as to what they are doing. By tricking people in the targeted organization to provide component pieces of useful information, and then using the sum total of intelligence collected to bypass security technology, social engineers can gain access through largely non-technical means.

SE attacks range from hoax viruses that rely on deceptive headers to “trick” unwitting targets into opening email attachments to exploiting unsuspecting employees into providing confidential data and/or the means to achieve full network access. SE can be applied to commit fraud, network intrusion, industrial espionage, identity theft, system disruption….or to simply elicit information for the purposes of gathering personal or professional intelligence.

Gartner, a leading research analyst for the IT industry recently quoted that “social engineering is the single greatest security risk in the decade ahead”.