- Lawrence M. Walsh
No one need tell Frank Abagnale Jr. about the growing threat of identity theft and social engineering. He's a master of these crimes.
As depicted in the 2002 movie Catch Me If You Can, Abagnale, in the late '60s, used his prematurely gray hair, devilish good looks and unbridled personality to charm millions from banks and fool countless other people that he was, among other things, an assistant attorney general, physician, professor and airline pilot.
Abagnale is the classic bad boy turned good. In the quarter-century since the global masquerade ended, Abagnale morphed his penitence into a wildly successful security consulting and professional speaking career.
This month in Atlanta, Abagnale will take the stage in the last of a series of Novell-sponsored engagements, where he preaches to executives about the dangers lurking on the Internet.
Abagnale rarely grants media interviews, and requests to speak with him for this column were not answered. However, a Chicago Tribune reporter was present for a recent seminar in the Windy City, where Abagnale expressed remorse for his crimes and spoke directly to the issues of cybersecurity.
"What I did in my youth is hundreds of times easier today," Abagnale told his audience. "Technology breeds crime."
And his message is especially poignant, given the dramatic rise in identity theft. The Federal Trade Commission reports that last year 9.9 million Americans were victims of identity thieves, costing individuals $5 billion and corporations $48 billion.
Abagnale's unique perspective and the success of the Steven Spielberg film based upon Abagnale's life drew Novell to hire him as the pitchman for its identity management products.
"He knows [identity management] from the human element of fraud, but he's also very knowledgeable on the technological material," says Randy McDonald, Novell's director of North America field marketing.
"It was a brilliant strategy on our part, especially since Novell has had difficulty getting in front of C-level decision makers," McDonald adds. "And we had a great story to tell."
And what a tale Abagnale mingles with the Novell marketing story. Between the ages of 16 and 21, Abagnale cashed more than $2.5 million in bogus checks in every state and 26 countries, all while impersonating trustworthy professionals. Authorities eventually caught up with him, and he spent nearly five years in French, Swedish and U.S. jails. As part of his probation, Abagnale went to work (unpaid) for the FBI as an instructor on fraud and social engineering.
For Novell, Abagnale has spoken in a half-dozen cities, but rarely invokes the Novell name or product line. Rather, he talks about his sins and the need to guard against criminals in the real and cyber worlds.
"He comes very clean in his speeches," McDonald says. "He talks about how he was an opportunist. His story is so compelling, so strong."
Hard-core security pros usually snub convicted felons, believing that employing their services is legitimizing the way they became legitimate. McDonald concedes some Novell purists openly rejected the idea of signing Abagnale for those reasons. But Abagnale's candor has won over even his sharpest critics.
Frank Abagnale Jr.
"I consider my past immoral, unethical and illegal. It is something I am not proud of," Abagnale writes on his Web site. "I am proud that I have been able to turn my life around and, in the past 25 years, helped my government, my clients, thousands of corporations and consumers deal with the problems of white-collar crime and fraud."
Abagnale is one of the few felons who have successfully turned the corner to make positive contributions to security. Youthful black hatters could learn from his example. Even better, they could learn from his mistakes and not venture down the criminal path.
About the author:
Lawrence M. Walsh is managing editor of Information Security.
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Podcast: The Computer Weekly Downtime Upload – Episode 16
Podcast: The Computer Weekly Downtime Upload – Episode 14By: Computer Weekly Staff
IAM security heightened by cyberterrorism, nation-state attack concerns
Frank Abagnale: No technology can beat a social engineering attack