http://www.zdnet.com.au/insight/security/0,39023764,39116620-5,00.htm Name: Kevin Mitnick Handle(s): Condor, from the movie Three Days of the Condor Age: 40 Place of birth:California, USA Marital status: Divorced. Now lives with girlfriend and her eight year-old daughter Current residence: Las Vegas, USA Job: Chief executive of Defensive Thinking First computer: Toshiba 4400 SX laptop Best known for: His notoriety Area(s) of expertise: Social engineering Even though I was a hacker since the 70s, I used other people's computers," confessed Kevin Mitnick. He didn't have to buy his own computer until 1992! Perhaps the best known computer criminal in the world, Mitnick has used his mastery of social engineering -- or plain trickery -- to illegally penetrate networks all across the globe. His misdeeds was the subject of a book and subsequent movie of the same name, Takedown. After being imprisoned three times for hacking -- the third time spending four and a half years behind bars -- Mitnick has gone straight. He now writes books about security, travels the world as a professional speaker and runs Defensive Thinking, the company he built on the back of his notoriety. It's easy to picture him as a leather-clad cyberpunk or a narcissistic, cold, calculating cybervillain. So frankly it's a little disappointing to speak with him. Mitnick is -- on the telephone at least -- one of the least offensive or aggressive subjects one is likely to encounter. He is pleasant and polite, and considering his reputation as a master of deception, fairly easy to read. His generally upbeat demeanour doesn't waver, even when speaking of the hardest times in his life -- like when he spent around eight months in solitary confinement because a US court was convinced he could start a nuclear war by whistling into a telephone. As you speak to Mitnick, you get the impression his mild manner isn't obscuring from view a malicious menace to society, but someone who feels victimised. Someone who feels he was in the wrong place at the wrong time, and paid too high a price for his mistakes. Starting out as a prankster while in high school in the late 70s, Mitnick fell in love with phreaking -- hacking the public phone network -- before being drawn into hacking computers. "I was involved in phone phreaking before I was into computers. This was before AT&T was deregulated. I was pulling pranks on friends and family," Mitnick told ZDNet Australia in a recent interview. "I met this other kid, who knew about my shenanigans, who thought computers would interest me because phone companies were going from magnetic switches to computerised systems." While still in high school, his first hack came in the form of a login simulator he authored. When run, the program would display a normal login prompt, but when a user name and password was entered, the details would be captured before logging the user on. Mitnick used this technique to obtain his teacher's username and password. Looking back, he says he has been described as someone who had a terrible addiction to hacking, an all-consuming passion that wrecked his life. That's a bit of a stretch, he said. "I'd spend a great deal of time on it ... it was my hobby. I wouldn't characterise it as heroin. I spent more hours than the average person would spend on the computer though," he said. To him, Mitnick exhibited the same sort of enthusiasm as a child hooked on an Xbox or Playstation. He said his family has always been supportive of his passion for technology. "They encouraged it. They didn't know I was doing anything wrong until I got a visit from the FBI," he said. "I was in high school, I think I was 17. I don't remember why he visited me ... he didn't have any evidence, it was a part of an investigation." Unlike many of his ilk, Mitnick came from a working-class background. His mother worked long hours as a waitress to support him. These are details one never forgets ... and then some -- he recalls being locked up for the first time when he was "around 17 or 18". "I went to the California Youth Authority," he said, his tone shifting slightly. "It wasn't fun, it wasn't like what you see in the movies. It was like being in a brig." In 1988, he was back in the slammer for hacking into Digital Equipment -- which was acquired by Compaq Computer in 1998 -- to steal operating system source code. During that time he spent eight months in solitary confinement and until today, he attributes that stint to the failure of his marriage. Things went seriously pear-shaped for Mitnick in the early 90s. He went on the run after realising that authorities were investigating him for parole violation. While on the run, he used various aliases such as Eric Weiss -- which was the real name of legendary magician and escape artist Harry Houdini -- to gain employment. He even spent a considerable amount of time working as a systems administrator for a law firm. When the law caught up with him, he was thrown into prison for four and a half years. According to the US Department of Justice, Mitnick admitted to stealing software from Motorola, Novell, Fujitsu, Sun Microsystems, and Nokia. It's probably why he takes such a dim view of the imprisonment of terrorist suspects held -- without charge -- in Guantanamo Bay, Cuba by American authorities. "The United States is a police state. 9-11 was a horrible tragedy for the world, and the Department of Justice has used it to trample on [our] rights," he said. "[Now] the government makes the call as to whether you qualify for certain rights." The tale of the hunt for Mitnick and his subsequent capture was documented into a book by security consultant Tsutomo Shimomura -- one of Mitnick's victims, and The New York Times journalist John Markoff. Mitnick attributes his rough treatment by the US authorities in part to the publicity generated by Markoff in both writing about his exploits for the New York Times and co-authoring Takedown with Shimomura. "They turned me into 'Osama bin-Mitnick,'" he said. "Not only did it demonise me, it was libellous," Mitnick said, obviously still annoyed over the way he was portrayed. "The only reason I didn't sue was because I was in custody at the time." But Mitnick's patience bore fruit. "What ended up happening is the movie came out in 1998 and I was able to get an attorney. I settled out of court for a large sum of money. Markoff is lucky, and Shimomura is lucky that there's a one year statute of limitations [on libel cases]," he explained. "They exploited me to make millions of dollars." After his release from prison, Mitnick started working on a book titled The Art of Deception , centred around social engineering -- the technique he mastered that allowed him to trick system administrators and others into divulging information he shouldn't have been allowed to have. This included usernames and passwords, system dial-in numbers and much, much more. He also wrote about his experience with Markoff and Shimomura, however his publisher refused to print the material. It has since found its way on to the Internet, known as the "Forbidden Chapter". Mitnick has come a long way since his days in incarceration. Currently working on his next book, tentatively called The Art of Intrusion , Mitnick is a sought-after public speaker and runs Defensive Thinking, a consultancy specialising in minimising the risks posed by social engineering. He freely admits that his notoriety is a big part of his recent success, but says his recent good fortune is what he's most proud of in life. Now living in "sin-city" Las Vegas, Mitnick enjoys the simple things in life. "I like travelling, going to movies and shows ... I'm going to Metallica [concert] this Saturday. Woz is coming up, we're going together," he said. And he certainly has some interesting friends . "Woz " is Apple co-founder Steve Wozniak. But what he relishes the most is spending time with his girlfriend and her daughter. "My best accomplishment was the ability to take all this negativity and completely turn my life around," he said. -- Patrick Gray _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Fri Apr 23 2004 - 04:25:10 PDT