[ISN] Mitnick offers cash for hacking tales

From: InfoSec News (isn@private)
Date: Wed Dec 31 2003 - 01:12:21 PST

  • Next message: InfoSec News: "[ISN] An Unrepentant Spammer Considers the Risks"

    http://www.infoworld.com/article/03/12/29/HNmitnickcash_1.html
    
    By Paul Roberts
    IDG News Service 
    December 29, 2003   
    
    Noted computer hacker Kevin Mitnick is offering cash in exchange for
    tales of hacking escapades to fill a new book he is writing for
    publisher John Wiley & Sons Inc.
    
    Mitnick used e-mail messages to online security discussion groups and
    his Web page to issue a call to the hacking community for stories of
    online derring-do, promising an award of $500 for the "most
    provocative story," according to Mitnick.
    
    "I'm putting out a call to all current and former hackers to tell me
    about your sexiest hack," Mitnick wrote on his Web page,
    www.freekevin.com, which also provided a phone number and e-mail
    address for submitting hacking stories.
    
    Mitnick will judge the stories based on their innovation and the
    ingenuity that hackers used to compromise their targets. Winning
    stories will involve a combination of technical, physical and social
    aspects, Mitnick wrote.
    
    The new book, which may be released as early as October or November of
    2004, is tentatively titled "The Art of Intrusion." It is a follow-up
    to Mitnick's first book, "The Art of Deception." That book focused on
    so-called "social engineering," the subtle techniques that computer
    hackers often use to get computer users and administrators to divulge
    useful information that can be used in attacks.
    
    The new book concentrates on "the untold true stories of the most
    salacious hacks in history," Mitnick said on Monday.
    
    Mitnick will look for stories about hacks against high-value targets
    such as universities and governments and will agree to keep the
    author's identity a secret in exchange for the details about how
    computer networks were compromised, he said.
    
    Unsophisticated hackers who use automated scanning and hacking
    programs, commonly referred to as "script kiddies," need not apply,
    Mitnick said.
    
    "I'm looking more for attacks that have an industrial espionage flavor
    to them," he said. "I look at hacking like a chess game, and I'm
    looking for stories that are 'Bobbie Fischer-like,'" he said,
    referring to the American chess grandmaster and 1972 world champion.
    
    In addition to publishing the hackers' untold stories, Mitnick and a
    co-author will analyze the attacks and offer readers suggestions on
    how to avoid such attacks on their own networks, he said.
    
    The biggest challenge will be verifying the truth of the stories,
    Mitnick said.
    
    Proof of the compromise, such as proprietary information taken from
    the organization, could help to establish the veracity of the hacker's
    tale. However, Mitnick is wary of receiving such information and
    finding himself on the wrong side of the U.S. Justice Department, and
    he would speak with his lawyers about the legality of receiving such
    information first, he said.
    
    "If receiving (proprietary information) is not legal, I'll have to
    find some other way to exercise due diligence on the stories. I don't
    want the book to be fiction," he said.
    
    Mitnick denied that he was in any way encouraging illegal acts by
    offering money in exchange for stories.
    
    "I certainly don't want to encourage people to go out and do a hack
    just to tell me the story," he said.
    
    The escapades of one famous hacker will be absent from the new book:  
    Mitnick himself.
    
    A plea agreement with the U.S. government restricts Mitnick from
    telling stories about his own hacking until January of 2010, he said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 31 2003 - 03:04:44 PST