[ISN] Done the crime, now it's Mitnick's time

From: InfoSec News (isn@private)
Date: Wed Dec 15 2004 - 00:27:10 PST


http://www.theage.com.au/news/Next/Done-the-crime-now-its-Mitnicks-time/2004/12/13/1102786984190.html

By Patrick Gray
December 14, 2004
Next

After a five-month delay, the Department of Immigration has granted
the world's most notorious convicted cyber-criminal, Kevin Mitnick, a
visa to travel to Australia next year to consult to local companies,
accept speaking engagements and promote his new book, scheduled for
release in March.

It will be Mitnick's first visit to Australia and one of his few trips
outside the US and Europe.

Mitnick spent more than five years in jail for his exploits, which
included hacking into Motorola, Novell, Fujitsu, Sun Microsystems and
Nokia to steal software code. Since his release in 2000, he has worked
as a security consultant and written two books, The Art of Deception
[1] and The Art of Intrusion [2].

Mitnick will fly to Melbourne on March 2 to deliver a keynote speech
to an as yet unnamed company. He will fly back to the US the following
week to start a book tour, returning to Australia in April to conduct
a workshop.

Mitnick is best known for his uncanny ability to trick employees into
revealing sensitive information, a technique called "social
engineering".

He cites the theft of two customs computers from Sydney International
Airport by three men in August last year as one example of a social
engineering attack in Australia.

"A lot of companies in Australia are vulnerable," Mitnick says. "That
was a pure social engineering attack. We all know they weren't after
the hardware, they were after the data."

Both of Mitnick's books are about security but many people will be
more eager to read the one he plans to start writing on January 21,
2007, when a court order that stops him from profiting from his crimes
expires.

"I'm definitely doing an autobiography," he says. "It's going to focus
on the adventure, the things I did when I was a fugitive, how I lived
my life and what was going through my head, the close calls nobody
knows about. It will be the Catch Me If You Can of cyberspace."

Catch Me If You Can [3] was an autobiography written in 1980 by Frank
Abagnale jnr, a con man who passed himself off as a Pan Am pilot while
forging $US2.5 million in fake cheques.

There have been books written about Mitnick's exploits, most famously
Takedown, written by New York Times journalist John Markoff and
Tsutomo Shimomura, one of Mitnick's victims, which was made into a
movie.

But Mitnick says the real story hasn't been told. He has been
portrayed as the "Osama bin-Mitnick of the internet", he says, and he
wants to set the record straight. Mitnick launched a legal action
against the producers of the Takedown movie, which was settled out of
court.

Although Mitnick spent two years on the run from the FBI in the US
living under assumed names, he doesn't expect law enforcement to take
much interest in his travels these days.

"The only time they call me is when they need my help," Mitnick says.  
"They don't contact me because they're suspicious I'm doing anything
wrong."

Mitnick has just finished a vulnerability assessment of a US credit
union. Much of his work involves technical testing and doesn't rely on
his mastery of social engineering.

"I'm doing vulnerability penetration tests, I'm going into companies
and hardening their systems and network," he says. "It's all
technical, no social engineering."

A penetration test is work well suited to Mitnick's talents. Similar
to the fictional hackers in the 1992 movie, Sneakers, for a fee, he
breaks into companies' networks, submitting a report detailing
security weaknesses and vulnerabilities.

Before his release, Mitnick had never been out of the US, with the
exception of Canada and Mexico.

As much as he enjoys seeing the world, Mitnick confesses he is afraid
of flying.

"I hate to fly, man, I hate it. I have to get some sleeping pills to
knock me out."


[1] http://www.amazon.com/exec/obidos/ASIN/076454280X/c4iorg
[2] http://www.amazon.com/exec/obidos/ASIN/0764569597/c4iorg
[3] http://www.amazon.com/exec/obidos/ASIN/0767905385/c4iorg



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Dec 15 2004 - 05:45:18 PST