[ISN] Hackers: Under the hood - Kevin Mitnick

From: InfoSec News (isn@private)
Date: Fri Apr 23 2004 - 02:21:03 PDT

  • Next message: InfoSec News: "[ISN] Olympic security system late"

    http://www.zdnet.com.au/insight/security/0,39023764,39116620-5,00.htm
    
    Name: Kevin Mitnick
    Handle(s): Condor, from the movie
    Three Days of the Condor
    Age: 40
    Place of birth:California, USA 
    Marital status: Divorced. Now lives with girlfriend
    and her eight year-old daughter
    Current residence: Las Vegas, USA
    Job: Chief executive of Defensive Thinking
    First computer: Toshiba 4400 SX laptop
    Best known for: His notoriety
    Area(s) of expertise: Social engineering 
    
    
    Even though I was a hacker since the 70s, I used other people's
    computers," confessed Kevin Mitnick. He didn't have to buy his own
    computer until 1992!
    
    Perhaps the best known computer criminal in the world, Mitnick has
    used his mastery of social engineering -- or plain trickery -- to
    illegally penetrate networks all across the globe. His misdeeds was
    the subject of a book and subsequent movie of the same name, Takedown.
    
    After being imprisoned three times for hacking -- the third time
    spending four and a half years behind bars -- Mitnick has gone
    straight. He now writes books about security, travels the world as a
    professional speaker and runs Defensive Thinking, the company he built
    on the back of his notoriety.
     
    It's easy to picture him as a leather-clad cyberpunk or a
    narcissistic, cold, calculating cybervillain.
    
    So frankly it's a little disappointing to speak with him.
    
    Mitnick is -- on the telephone at least -- one of the least offensive
    or aggressive subjects one is likely to encounter. He is pleasant and
    polite, and considering his reputation as a master of deception,
    fairly easy to read.
    
    His generally upbeat demeanour doesn't waver, even when speaking of
    the hardest times in his life -- like when he spent around eight
    months in solitary confinement because a US court was convinced he
    could start a nuclear war by whistling into a telephone.
    
    As you speak to Mitnick, you get the impression his mild manner isn't
    obscuring from view a malicious menace to society, but someone who
    feels victimised. Someone who feels he was in the wrong place at the
    wrong time, and paid too high a price for his mistakes.
    
    Starting out as a prankster while in high school in the late 70s,
    Mitnick fell in love with phreaking -- hacking the public phone
    network -- before being drawn into hacking computers.
    
    "I was involved in phone phreaking before I was into computers. This
    was before AT&T was deregulated. I was pulling pranks on friends and
    family," Mitnick told ZDNet Australia in a recent interview. "I met
    this other kid, who knew about my shenanigans, who thought computers
    would interest me because phone companies were going from magnetic
    switches to computerised systems."
    
    While still in high school, his first hack came in the form of a login
    simulator he authored. When run, the program would display a normal
    login prompt, but when a user name and password was entered, the
    details would be captured before logging the user on. Mitnick used
    this technique to obtain his teacher's username and password.
    
    Looking back, he says he has been described as someone who had a
    terrible addiction to hacking, an all-consuming passion that wrecked
    his life. That's a bit of a stretch, he said.
    
    "I'd spend a great deal of time on it ... it was my hobby. I wouldn't
    characterise it as heroin. I spent more hours than the average person
    would spend on the computer though," he said. To him, Mitnick
    exhibited the same sort of enthusiasm as a child hooked on an Xbox or
    Playstation.
    
    He said his family has always been supportive of his passion for
    technology. "They encouraged it. They didn't know I was doing anything
    wrong until I got a visit from the FBI," he said. "I was in high
    school, I think I was 17. I don't remember why he visited me ... he
    didn't have any evidence, it was a part of an investigation."
    
    Unlike many of his ilk, Mitnick came from a working-class background.  
    His mother worked long hours as a waitress to support him.
    
    These are details one never forgets ... and then some -- he recalls
    being locked up for the first time when he was "around 17 or 18".
    
    "I went to the California Youth Authority," he said, his tone shifting
    slightly. "It wasn't fun, it wasn't like what you see in the movies.  
    It was like being in a brig."
    
    In 1988, he was back in the slammer for hacking into Digital Equipment
    -- which was acquired by Compaq Computer in 1998 -- to steal operating
    system source code. During that time he spent eight months in solitary
    confinement and until today, he attributes that stint to the failure
    of his marriage.
    
    Things went seriously pear-shaped for Mitnick in the early 90s. He
    went on the run after realising that authorities were investigating
    him for parole violation. While on the run, he used various aliases
    such as Eric Weiss -- which was the real name of legendary magician
    and escape artist Harry Houdini -- to gain employment. He even spent a
    considerable amount of time working as a systems administrator for a
    law firm.
    
    When the law caught up with him, he was thrown into prison for four
    and a half years. According to the US Department of Justice, Mitnick
    admitted to stealing software from Motorola, Novell, Fujitsu, Sun
    Microsystems, and Nokia. It's probably why he takes such a dim view of
    the imprisonment of terrorist suspects held -- without charge -- in
    Guantanamo Bay, Cuba by American authorities.
    
    "The United States is a police state. 9-11 was a horrible tragedy for
    the world, and the Department of Justice has used it to trample on
    [our] rights," he said. "[Now] the government makes the call as to
    whether you qualify for certain rights."
    
    The tale of the hunt for Mitnick and his subsequent capture was
    documented into a book by security consultant Tsutomo Shimomura -- one
    of Mitnick's victims, and The New York Times journalist John Markoff.
    
    Mitnick attributes his rough treatment by the US authorities in part
    to the publicity generated by Markoff in both writing about his
    exploits for the New York Times and co-authoring Takedown with
    Shimomura. "They turned me into 'Osama bin-Mitnick,'" he said.
    
    "Not only did it demonise me, it was libellous," Mitnick said,
    obviously still annoyed over the way he was portrayed. "The only
    reason I didn't sue was because I was in custody at the time."
    
    But Mitnick's patience bore fruit.
    
    "What ended up happening is the movie came out in 1998 and I was able
    to get an attorney. I settled out of court for a large sum of money.  
    Markoff is lucky, and Shimomura is lucky that there's a one year
    statute of limitations [on libel cases]," he explained. "They
    exploited me to make millions of dollars."
    
    After his release from prison, Mitnick started working on a book
    titled The Art of Deception , centred around social engineering -- the
    technique he mastered that allowed him to trick system administrators
    and others into divulging information he shouldn't have been allowed
    to have. This included usernames and passwords, system dial-in numbers
    and much, much more.
    
    He also wrote about his experience with Markoff and Shimomura, however
    his publisher refused to print the material. It has since found its
    way on to the Internet, known as the "Forbidden Chapter".
    
    Mitnick has come a long way since his days in incarceration.
    
    Currently working on his next book, tentatively called The Art of
    Intrusion , Mitnick is a sought-after public speaker and runs
    Defensive Thinking, a consultancy specialising in minimising the risks
    posed by social engineering. He freely admits that his notoriety is a
    big part of his recent success, but says his recent good fortune is
    what he's most proud of in life.
    
    Now living in "sin-city" Las Vegas, Mitnick enjoys the simple things
    in life. "I like travelling, going to movies and shows ... I'm going
    to Metallica [concert] this Saturday. Woz is coming up, we're going
    together," he said. And he certainly has some interesting friends .  
    "Woz " is Apple co-founder Steve Wozniak.
    
    But what he relishes the most is spending time with his girlfriend and
    her daughter. "My best accomplishment was the ability to take all this
    negativity and completely turn my life around," he said. -- Patrick
    Gray
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri Apr 23 2004 - 04:25:10 PDT