Ask Kevin Mitnick

Okay, Kevin Mitnick is getting back online and can start taking email tomorrow, January 21. We've spoken with Kevin by phone, and he agrees that a Slashdot interview is a fine way to help celebrate his return to the Internet, especially since he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.) One question per post, please. We'll email Kevin 10 of the highest-moderated questions, and post his answers shortly after he gets them to us.

How about....

[Psx29]

What is the first thing that you have done with access to the internet?

Re:How about....

[Rushmore]

He'll be accessing the Internet for the first time in 8 years live on the screensavers on techtv tomorrow.

Re:How about....

[EinarH]

He prob. had to do the same that everyone else is doing each time they are back from vaccation:-->
Delete spam. Tons of spam.

Re:How about....

[SupahVee]

Probably flamebait, but, if it were me, the goat pr0n of Shimomura would be first on my list. Spamming usenet with that would be worth the wait.

Re:How about....

[discogravy]

....bet it'll look a lot like this.

Re:How about....

[VivianC]

Great. We can watch him on live TV trying to remember which password he used for his email...

Re:How about....

[Eil]

I see it going something like this:

TechTV Host: Okay Kevin, here's your computer, you have the controls. You said you were thinking about browsing a few web sites?

Kevin: Yes. I think I'd like to try Yahoo. ...tapettytaptap... a few seconds pass

Kevin: Ah. Here we go. Hmm. This is odd, it doesn't look like the screenshots I've seen in magazines...

Kevin displays shock and surprise.

Kevin: It looks like a hundred pages of CREDIT CARD NUMBERS! Hey, what's going on!?!

Cops bust through the doors, comedy ensues.

No Offense meant, but..

[ackthpt]

No offense meant,but

he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.)

Knowing all this as the result of your choice, would you choose this path again? If so, why?

Re:No Offense meant, but..

I don't think he chose to be kept in Federal prison without a trial for more than 4 years. I don't think he chose to have the software he downloaded (and did not distribute) valued at an amount way beyond reality because the Feds said to. I don't think he chose to have terms of his probation which kept him from using his First Amendment rights or being able to make a meaningful use of his technologic abilities.

Did he choose to be the poster-boy of government corruption when it comes to prosecution of technology-related case? I don't think so.

You're the type of person who would ask Skylarov why he chose to come to the U.S. to speak at a technology conference.

Re:No Offense meant, but..

[ackthpt]

You're the type of person who would ask Skylarov why he chose to come to the U.S. to speak at a technology conference.

On the contrary, I applaud Dimitri Sklyarov and feel his work was construct, in the face of unjust legislation the USA exports and tries to exert on other peoples. It should be the choice of each sovereign nation to determine the extent of copyright/patent protection to inventors. One country, such as the USA, may attempt to hold all others in thrall as long as the life of intellectual property protection.

Besides, Kevin didn't attempt to bypass electronic IP safeguards, except as the DMCA may regard hacking. He revealed the swisscheese security of information systems in their infancy. He made people afraid, powerful people. We already, well most of us, are aware what sort of democracy-for-sale the Congress and Administration are, when their friends sneeze, they catch cold, and act within or without the law. It's a matter for the defendant to pry him/herself out of such a mess. As often as such examples play it's remarkable anyone wants to open themselves to such harrassment, particularly without alerting the ACLU or some group ahead of time that they intend to demonstrate how unjust the system is, in whole or part.

Anyone remember the 414's? A group of young men in the Milwaukee area who, when caught breaking into DEC systems wanted to sell movie rights? It wasn't too hard to figure how they did it, hell, I was admin on a DEC system and there were default passwords and field service passwords easy enough to guess. You just had to be bored and stupid enough to go trespassing.

I have plenty of sympathy for those treated unjustly, but those who go alone to spread fear among powerful interests are no more clever than a swimmer dogpaddling around in a shark tank.

Re:No Offense meant, but..

[overunderunderdone]

I don't think he chose to be kept in Federal prison without a trial for more than 4 years.

Actually (a little googleing reveals that) in many instances he DID - or rather his lawyers did. The trial kept getting delayed due to it's complexity - often at the request of HIS lawyers. Hiring and firing three different lawyers doesn't usually speed things up any either (though I'll grant you it is possible they were incompetant - but the real possiblity exists their client was part of their problem). As for being denied bail that whole time - well that is sort of a natural penalty for running & continuing to commit the same crimes while on the run - for some reason people just don't trust you not to it again. Wasting time in useless appeals to GET bail when no sane judge would give it to you is just another thing that drags out the time you spend waiting for trial.

I don't think he chose to have the software he downloaded (and did not distribute) valued at an amount way beyond reality because the Feds said to.

And they should have been valued at less because he & his lawyers said so? I have no idea what the real value of the damage he caused to various systems was or the value of the information he stole. I doubt HE knows it's value. I am sure his victims and the prosecution exagerated it's value. On the other hand it is not difficult at ALL to assume that the value was quite significant. Big companies worth many billions of dollars keep stuff on their computers that really do have multi-million dollar values to those companies. Those where the kinds of companies he liked to hack and the kind of information he liked to steal BECAUSE he wanted to be a big deal and make a big splash. Well he did.

I don't think he chose to have terms of his probation which kept him from using his First Amendment rights

While convicts have rights the whole point of being a convict is having certain rights taken away. As for his specifically first amendment rights - I don't know of any instance during his sentence when the government established a religion for him, forbade him to excersise his own, forbade him to speak, talk to the (or even run a) press, assemble peacably or petition the government to redress his greavances (this last I think he excersiced far more than most of us) Being forbidden to use a computer after being convicted 4 or 5 times (on multiple counts each time) of computer fraud & abuse is not much different from being forbidden to own a gun after being convicted of a gun crime. Being forbidden to use a tool that you only seem adept at using criminally seems appropriate and fitting not cruel nor unusual. Having himself argued in court before that he was compulsive and unable to control himself probably didn't help his case any on this point.

Did he choose to be the poster-boy of government corruption when it comes to prosecution of technology-related case

After being caught and convicted on numerous prior occasions and being dealt with fairly leniently by the courts at first - then doing the same thing again *while on probabation* - then running when a warrant is issued - then continuing to commit the same high profile crimes while on the run IS asking for it.

Yes, there are murderers that have been dealt with less harshly. That's a GREAT argument for harsher treatment of murderers IMO than for more lenient treatment of multiple offense fraud artist fugitives. All the time I hear on /. that online crimes should be dealt with the same as offline - well his punishment doesn't seem so out of whack for a string of multiple breakings & enterings, thefts, & frauds while on the run from the law.

Re:No Offense meant, but..

[Rary]

Hmmm, I can't just let this post slide. You present a good argument, but you miss some crucial facts. I feel I must respond.

The trial kept getting delayed due to it's complexity - often at the request of HIS lawyers.

Primarily because his lawyers were denied access to the information they needed in order to prepare for any trial. Personally, I'd rather wait in prison a little longer for my lawyers to prepare than go to court with a lawyer who isn't even sure what the charge is (I'm exaggerating there, obviously, but I think you get the point).

As for being denied bail that whole time - well that is sort of a natural penalty for running & continuing to commit the same crimes while on the run - for some reason people just don't trust you not to it again.

It wasn't just that he was denied bail, he was denied a bail hearing. From what I understand, no other defendant in all of American legal history has been denied a bail hearing. This doesn't strike you as a bit odd?

I doubt HE knows it's value ... On the other hand it is not difficult at ALL to assume that the value was quite significant. Big companies worth many billions of dollars keep stuff on their computers that really do have multi-million dollar values to those companies.

Actually, in some cases the values are quite clear. For example, one particular item of software he downloaded was available free to educational institutions, and $100 to anyone else. But that didn't stop the plaintiffs from claiming hundreds of millions of dollars in damages. Well, at least that was their claim in the courtroom. They made no such claim to the SEC or their shareholders. As far as I know, none of the "victim" companies reported a single lost penny as a result of Mr. Mitnick's actions. But the moment they stepped into the courtroom, suddenly it was all sob stories about the hundreds of millions in damages he had caused. I wonder if any of those guys went on to work for Enron.... ;)

That's a GREAT argument for harsher treatment of murderers IMO than for more lenient treatment of multiple offense fraud artist fugitives.

Agreed to an extent. Many violent criminals these days are treated far more leniently than they should. But, Mr. Mitnick got the shaft, big time. If he had received a 2-year sentence, you wouldn't hear a single voice speaking out on his behalf. In fact, based on things I've heard him say in the past, I don't think even he would speak out. He would say that he got what he deserved, and I think few would argue with that. He was a petty criminal, but was treated like he was the biggest threat to society at the time.

Did you sleep more easily while Mitnick was in jail, knowing that he was off the streets? Do you lose sleep now knowing that he's back out there? I doubt it. They went way overboard on his case.

Re:No Offense meant, but..

[overunderunderdone]

on a non-networked computer? WHat could he do???

What a defeatist attitude for a hacker. Come on, part of the hacker ethic is to do more than anyone could imagine with the most meagre resources. A few minutes reflection and I'm sure you could come up with a few ideas. Make a few not very far fetched assumptions #1 Assume the encrypted data is the most sensitive/incriminating/useful data that he had - secrets he drudged up in his hacking exploits, passwords maybe programs such as virii, trojan horses etc... #2 Assume he has sympathetic hacker friends out there willing engage in attacks for him. A phone call to a friend with some user names & passwords could lead to interesting results - a tap on the prosecutors phone would allow Kevin to really "assist his own defense." Something by the way WELL within the capablities of someone with information found on the UNencrypted portion of kevins hard drive. A trojan horse in a file he provides to his lawyers who open it at their location WITH net access is a little more difficult but all the more appealing because of the challenge. Blackmailing some executive that doesn't want his wife/shareholders/coworkers/competitors to know something Kevin has found during one of his exploits could be a windfall for his legal defense fund. Use some imagination.

Yes, that's paranoid, but then again this is a guy that had thoroughly compromised the systems he attacked. His control over the phone system was total, he knew when he was tapped and allegedly tapped the phones of investigators & generally screwed around with the phone service of people that pissed him off. He read the emails of the DEC security team that was tracking his exploits. He made the (credible coming from him) claim that he had screwed up the credit records of the FBI agents trailing him. And he not only refused to give prosecutors access to the files (understandable) but he also refused to tell the court *anything* about the encrypted information. I suppose if I thought his hacking was cute harmless pranks I wouldn't care but I wouldn't trust him without very stringent oversight. Which was the final result (and still the cause of great bitching and moaning)

The case against granting him bail was obvious and overwhelming on it's face.

Then spend 15 minutes to hold the hearing, deny him bail, and that's that.

I've already agreed that this would have been the best way to deal with the situation. BUT I can't get all worked up over it in this case. It would have been an empty formality given his history and Kevin has nobody but himself to blame for that history. That the judge made a summary judgement just based on the immediately obvious merits of the situation was perhaps unfair but a hearing wouldn't have changed the result nor was it's denial as grave a breach of his civil liberties as his breathless hyperbole of Kevins star-struck admirers would suggest.

Re:No Offense meant, but..

[justzisguy]

Strangely enough, the ban on his Internet usage was found unconstitutional, but coincidentally takes effect on the same day the ban is lifted.

What do you say?

[PhysicsGenius]

I've heard that you've expressed regret over the actions that landed you in jail and I think I even heard you say that you think you were in the wrong. So how do you respond to the hundreds of wannabes who hacked sites "in your honor" and wore "Free Kevin" shirts at the risk of repelling girls? Do you owe them anything, even a little guidance towards the straight and narrow?

Re:What do you say?

hummmmmm...........
Those "wannabes" don't really need a shirt to repell girl, they have a natural ability.

Thoughts

[ScannerBoy]

At any point did you consider leaving the computer world behind to search out other means of makeing a living such as teaching, history, construction...?

Or is is the old, I just gotta do this feeling?

Re:Thoughts

[Ninja+Programmer]

Kevin is embarking on a project to leverage his social engineering skills. Look here:

http://www.defensivethinking.com/

He's going to be spending some time explaining his methods -- as opposed to using them.

Life Without the Internet

In Cuckoo's Egg, Cliff Stoll siad that in some cases life is better without the internet. Did you find any advantages to life without it?

Re:Life Without the Internet

[NixterAg]

I don't have any mod points but I'd like to add my two cents in on this question. What kind of answer exactly do you expect? He has no frame of reference (he's never been on the Internet as we know it) so how can he make a decent comparison?

I think the question, in general, is a good one, but I don't think Mr. Mitnick will be able to give an insightful answer.

Re:Life Without the Internet

[Ninja+Programmer]

He answered the question on the radio show Off The Hook (see the 10/16/02 show.)

Although he cannot use the internet himself, he is allowed to observe other people who are using it, and talk about the webpage as they view it. Technically he has not been allowed to direct the persone browsing the web, but they sort of work around that via a series of "yes-no" questions.

Re:Life Without the Internet

[jlazzaro74]

Similarly, I was wondering if you found any *real* downsides to not being online. Aside from entertainment value and consulting wages, is there anything you found truly crippling about the experience? Could mankind survive in a disconnected world? Do we need to provide internet access for the less fortunate with taxpayer money because it's a basic necessity like a phone?

What's Different?

[theGreater]

I wonder what the largest single difference between going in and coming out will be for KM. What kind of access to infotech did he have while inside? Was he at least able to keep abreast of current trends?

-theGreater Ponderer.

Re:What's Different?

[RevDobbs]

I wonder what the largest single difference between going in and coming out will be for KM.

After a whole lot of unathorized "going in", everthing will be "coming out" with a lot less effort.

Your finest moment in court

[cluge]

What would you say was your finest moment in court? While you seem to have been pretty much beat up by the court system I'm quite sure you must have had a shining moment or 2, either as a defendant, or perhaps an expert witness?

Re:Your finest moment in court

[b0r1s]

And along the same lines, what are some of the more enjoyable things you've accomplished outside of court.

When you had your weekend radio show on KFI in Los Angeles, you had many stories that brought about changes in your tone, such as experiments with "drive thru"s involving intercepting and overriding the employees such that you could speak directly with the customer from a distance away. While many would argue (and I would certainly agree) that this isn't a technical marvel, it is pretty damn funny.

So, my question is: everyone knows the big things you've done that you've been punished for, what about the little things you've done that you look back on and smile about?

Yes?

[egoff]

How do you think that your sentence has changed you, and the way you view your society?

Do you feel...

[Shads]

... that current laws against technology abuse are adaquete and what kind of changes do you feel should be made if not?

Skill sets?

[inteller]

How have you been able to maintain current skill sets while you were in the clink and after you got out? Is there any one skill set (programming, etc) that you plan to get current on?

Re:Skill sets?

[shfted!]

Programming is largely like riding a bicycle. Once you understand the logic constructs, you rarely tend to forget them. Especially if you are a hacker genius.

However, learning to program in a particular language can take a day or two to learn the new syntax, but the basic programming memes are usually the same (OOP, for-loops, etc.).

Learning how to program in general is different than learning how to program in a particular language.

Re:Skill sets?

[_ph1ux_]

further - what skill would you say you have increased or bettered while you were away - and what skill(s) would you say have atrophied the most?

(these skill having to do with computers - even though you have not had access to computers during this time)

Re:Skill sets?

[Kevin+Stevens]

IIRC, mitnick did not program. His skill was entirely in social engineering, and phone technology (which I presume meant he had a good amount of electronics knowledge). Buffer overflows and computer exploits as we know them today were not his thing. While he may have understood how OS's like Unix work, on a very detailed level, he did not code in C/C++.

How do you find it?

[riflemann]

So now that you've been back online for what's probably a few days by the time you read this:

What do you think of todays internet?

Re:How do you find it?

[mstyne]

He loves ... San Dimas!!

Re:How do you find it?

[TGK]

Welcome back. Things have changed a lot in the last 8 years. People with your kind of skills are becoming rarer while the number of people that commit on line "crimes" has increased.

The hot issue for many of us concerns the idea of Fair Use, copyright, and copyright enforcment. Government regulations have been changed and are changing in favor of the same kinds of large corporations that claimed huge damages against you during your less than ideal experiance with the Judidical System.

My question is this. What are your thoughts on the continued expansion of corporate copyright enforcement rights, including the legalization of some of the techniques you were convicted of using?

Do you trust corporate america to weild the tools you've used and helped pioneer and what if any regulation do you consider both accecptable and feasable?

Re:How do you find it?

[GigsVT]

as if he has been deaf, dumb, and blind for all this time.

But he sure plays a mean pinball.

Which OS?

[DocStoner]

Are you using WindowsXP, MacOS 10.2, (insert Distribution here)Linux, or your old personal favorite... Sun?
Hmmm, maybe you will try them all? You are a sneaky one.

So...

...where's the best place to get some sweet WaR3Z, d00d???//

Honestly, though. Do you think your return to the internet should be a 'celebration'? You -did- break the law, why should we be happy you are back on the saddle again?

Scapegoat Sweepstakes?

[Bonker]

Kevin, you've said and many of us feel that you had the book thrown at you to try to deterr other wouldbe hackers and crackers from plying their craft.

How many of the charges brought against you were unfair? What do you feel would have been a fair set of charges to levy against you?

Re:Scapegoat Sweepstakes?

[Ooblek]

...and do you think the charges were unfair even though you're a multiple repeat offender?

Do you hold ill will towards the friend you had in the early days that you bullied into giving you mainframe access at his work? I read in the book Hackers that you not only bullied him into letting you into his workplace after-hours, but you would make him drive you around and buy you Fatburgers. How much of this account is true?

The more things change...

[sterno]

Looking abck at the last 8 years that has left you unable to use the Internet, do you feel that this deprevation has had any positive benefits on you? Did you have to find other hobbies that you now enjoy to while away the hours you used to spend hacking?

Re:The more things change...

[jez_f]

Has it been 8 years, man that makes me feel old
Q:

• A
• lot has changed online in the last 8 years, do you think that you will have any difficulty geting back into online culture, or do you intend to keep a healthy distance from it?

The slammer

[UVABlows]

Is the pen as bad as it is made out to be? Did you ever run in to trouble or not get along with the other inmates? Is there any advice that you can offer to any slashdotters that have to serve some time that you wish you had known?

Welcome back.

Re:The slammer

[AxelTorvalds]

Yeah, did you ever lie about your crimes to the inmates to gain respect with them? I understand inmates generally don't like pedophiles and that "the system" punishes them pretty harshly. How do they like super elite hackers? You ever claim you killed a man?

Re:The slammer

[SlamMan]

Best he could claim is that he rooted somebody's system and killed "man"

Your wrongs...

[jamienk]

2600 and others (even you) often say that it is true that you did some things that were wrong, but nothing anywhere near as bad as what you were accused of and nothing warranting the treatmeant you got. But from a self-critical point of view: what was it that you did that was "wrong" and what punishment would have been fair?

Good fiction?

[oasisbob]

There have been many books writen trying to detail the escapades of early computer hackers, usually portraying them as pranking youth involved in gang like wars for power and street prestige.

Knowing what you do from all your escapades, do you enjoy reading fiction that is generally classified as "cyber punk"?

Free Kevin!

[cioxx]

Question: Do you feel, not being able to use the internet and generally spending so much time incarcerated, set you back on your knowledge? Case in point, 5-6 years ago Linux was still in its infancy. Do you ever get amazed how much OSS community has accomplished in such a short period of time?

Re:Free Kevin!

[wheany]

Is that free-as-in-beer or free-as-in-speech?

Was Your Penalty Fair and Will It Deter?

[mikehihz]

Seeing that you have taken some responsibility for your actions, do you think your penalty was fair and will a penalty like you received, fair or not, deter others from following in your footsteps?

Future vs Past

[PovRayMan]

I'm curious to know, do you believe your whole case would have been held differently had the crimes been committed in the year 2000 under newer laws rather than the ones of your time?

How do you see yourself?

[Astrogen]

There has been alot of press, and over the years you have been a hero, and a Martyr to thousands of geeks and hackers, in addition to phone phreaks and anti establishment movements.

In what light and or combination of these types do you see yourself now, is that different from how you were 20 years ago, and do you see yourself as a champion of these things in the future or do you intend to just mix back into society and get a "normal" life back (after your book of course)?

The speed of change

[zwoelfk]

Although social engineering has changed very little since before your unfortunate experience (perhaps only slightly in awareness of the value of the information), the state-of-the-art in hacking (in the more technical, not criminal sense) and even general-purpose programming has changed significantly. Do you feel as though you are at a disadvantage compared to those who have made every attempt (though truly impossible) to keep up? If so, what's your strategy for regaining your edge?

As a side note, if you're interested in game programming, let me know!! :)

Trepidation

[Zepalesque]

Do you feel any trepidation about returning to the online world at this point? With such a lengthy absence there have been numerous technological and paradigm changes. Do you feel you've been able to keep up to date (more or less) with current trends or is there a sense of "catch up" that you feel?

Prison Life

[SloppyElvis]

This is really a barrage of questions. What did the other prisoners think when they learned the nature of your detainment? Did you tell them you were in for armed robbery to toughen your rep? How would you rate Hollywood's penchant for prison portrayal, accurate, or way off the mark? Also, were you able to follow developments in computing through books; were you granted such a right?

still possible

[adamruck]

given the state of technology today, and some of the recent new laws passed, do you think that the path that you took would still be possible today?

clueful authorities?

[jeffy124]

Several months ago we had a warez guy in (Chris Tresco) for a /. interview, and I'd like to ask the same question I did he:

>How clueful are they?
>In your opinion, how did the each party (prosecution, your lawyer, and most
>important - the judge) look when it came to their understanding of
>technology? Did they know every nook and cranny, or seem lost in a maze of
>confusion? Do you think an understanding of the issues in question was a
>significant factor in court proceedings?

I know you spoke of this briefly in that lost chapter of your book, in that the companies who said they were victimized significantly overstated their losses (and admitted to it), and the judge went beyond prosecution's suggestion for punishment. But I'm curious to know how competent you think the feds are in these types of legal matters.

For better or worse...

[crashnbur]

For better or worse, what is the most important thing that you have learned that applies to us all?

Hacker Icon

[SuperguyA1]

Given that you have been quoted as saying your 'hacking' was wrong to do. How do you feel about being perhaps the most notable icon of the hacking community?

Philosophical changes

[OneStepFromElysium]

Have your recent law-related experiences (for lack of a more elegant term) brought about any major philosophical changes in your life ? By this, I mean not necessarily computer related changes, but in all aspects of your perception of the world.

Did you know you'd get caught?

[Motherfucking+Shit]

My question, in a nutshell: Did you know that you were going to get caught?

I guess what I'm most curious about is whether you knew the risks and took them anyway, or whether you thought you were covering your tracks and that the risks were minimal. It would be interesting to know if you knew you'd eventually get busted or whether you thought you were relatively "safe" from discovery.

Compared to when you were arrested

[Slashdotess]

Compared to when you were arrested, do you think hacking has become

• easier (with bigger, more complex and prone-to-error systems, etc)
• or harder with more people realizing how important computer security is?

question

[BlackArrow]

Do you think you made a deffinitive impact on security policies today, or do you think that most companies still have a lot to learn about security?

The Most Important Question of All

[cioxx]

What are your thoughts about TCPA Initiative / Palladium? Do you see it as a destructive force in the computing industry?

Seeing..

[Maeryk]

As how you have spent 8 years involved in a situation that seems by all accounts to have been an overblown kangaroo court, do you feel the government needs a specific branch specifically to deal with "cybercrime", and if so, how would you see it laid out, ideally, and why?

Maeryk

Re:Seeing..

[/dev/trash]

Ahhh, I see. So those that do get punished should not be punished because some others are not???? Shouldn't we be demanding that the others be punished, not demanding ( back in the day) that the US "Free Kevin?"

Was signing away your rights vs early trial

[bungo]

Kevin,

I enjoyed your bio, it's a pitty it was cut from your book.

Can you tell me why it was better to stay in prison and sign away your rights, than to go to trial early with a less prepared lawyer?

Weren't you just keeping yourself in prison longer that you should have been?

Do you really think that you would have got an even worse treatment if you went to trial earlier?

Question about Trust

[Neck_of_the_Woods]

I realize that you may have put your cracking days behind you but can you really address the question of trust in the computer security industry.

How has your move into the security industry been recieved by the establishment, and how have you been dealing with the obvious question of you being trusted in the very area you manipulated.

Poor guy

[OblongPlatypus]

...he agrees that a Slashdot interview is a fine way to help celebrate his return to the Internet

I guess he'd know better if he'd actually read any Slashdot interviews lately.

How have things changed?

[gmplague]

You have a unique perspective on the world of technology, and especially the world of information security. As someone who has been removed from the world for quite some time, what has changed the most about the world (esp. with respect to technology and security) since the time you were first incarcerated? What were the biggest culture shocks to you when you were released from prison? Were you able to keep current on the world of technology while in prison? If so, how was what you read in prison different from what you actually saw?

Social Engineering

[JeanBaptiste]

I know that many of your exploits were due to social engineering as well as exploiting known holes in hardware/software. You write heavily about s.e. in your book as well.

Do you think that social engineering still plays as big a part now as it did in your heyday? Moreso maybe?

So how has it all changed?

[aerojad]

Back when you were on last, Hotmail was an independent company, no one knew what the GO network was, NetNanny was just an idea, .coms could go no where but up, p2p was underground, everything was free, and no one had pened the term 'cyber terrorism'.

How is the 'net different now from the last time and are you going to miss it?

Do you think this will affect your job potential?

[aridhol]

You've been prohibited from using computers for some time. This has, obviously, prevented you from gaining experience with new technologies. Couple this with the fact that your name is fairly well-known, how difficult do you think it will be for you to find employment in the computer industry? Will you be trying to do so, or will you try to stay away from technology? And, if you feel it will be difficult for technology reasons, how long do you think it will take you to catch up?

Yes, I know it's only supposed to be one question per post, but I think these are pretty well related.

Re-Educating yourself for today's tech world.

[Kaypro]

What has been the biggest stumbling block or surprise, if any, in attempting to re-educate yourself into today's tech world.

Now can we settle it once and for all?

[Corporate+Troll]

Is it "cracker" or "hacker"?

Published Stories vs. Reality

[Dirk+Pitt]

I've read a number of editorial writers that have stated that the outright menacing portrayal of you in writings such as Hafner's Cyberpunk is twisted fiction at best. To the thousands of people who've derived opinions of you based on these works, what would you say in response?

What's it like?

[Pii]

Slashdot has no shortage of technological "Rock Stars" (Linus, ESR, RMS, Bruce Perins, etc), but most of them didn't attain their fame as a result of being prosecuted to the fullest extent allowable by law...

You are a notable exception. What's it like being a rock star, and how great is it that you'll now be able to fully capitalize on your fame in the financial sense? Would you be in as promising a position today had you not run afoul of the law?

Why are we helping him build his business?

[anomaly]

Kevin is famous for breaking into systems. In point of fact, he broke the law breaking into systems.

When I was 13 I thought that cracking into systems was "kool." Now that I am an adult, I see that once a system has been compromised - even if it's just so that a smart kid can look around - it costs a fortune to be sure that a) the holes are closed, and b) the kid didn't do any damage.

He broke the law. Should we help him "make up for lost time" by helping him profit on his life experiences? I don't think so.

Let me give an example. Let's say that I am pro legalization of prostitution. (I'm not)

Before the legislators became "enlightened" on this issue (while it is still illegal) someone is convicted of being a pimp - should I make that person a poster-boy? Should I work to build a "how to be a pimp" consulting business, or promote a "pimping for dummies" book?

Kevin broke the law, and did his time. Can't he just get a straight job like the rest of us and move on? Why must he be a hero? Why must /. get behind him?

I don't get it. Let it go. Kevin, please get a regular job and live like an ordinary citizen.

Respectfully,
Anomaly

Out of the Loop

[dev_sda]

Kevin, you've been seperated from computers by law, yet now you are running a consulting business. This would suggest that you have some level of expertise with computer technologies that did not exist or existed in fairly immature version of their current incarnations.

How did you/do you stay current on technologies without actual experience, and was it difficult without having an opportunity to put theory into practice?

Security Precautions

[DohDamit]

What security precautions are you going to use to prevent bad people from hacking into your company's systems?

Big question

[GMontag]

What is the password to my PayPal account? I forgot it a while back.

Thanks in advance!

Re:Big question

[Tackhead]

> What is the password to my PayPal account? I forgot it a while back.

ROFLMAO.

A half-serious question: "If the statute of limitations has expired, and/or your lawyers think you're safe from double jeopardy... What was the passphrase to all those files the DoJ couldn't (or wouldn't admit to being able to) decrypt after all these years?"

Modern day Robin Hood?

[stratjakt]

You seem to be held in rather high regard by the nerd community, much like Robin Hood. And just like Robin Hood, there's more myth than truth behind it.

Robin Hood stories are full of daring adventure, inhuman skill with a bow, and the addage of 'robbing the rich to give to the poor'. However, history tells us that if in fact he existed, he was another common thief who mugged women and kept the proceeds for himself.

In much the same way, there are tales of you sitting up all night, technically brilliant, controlling the machines from the inside in. But the truth tells us you sat on the phone like any other con man tricking people into revealing their passwords. And like Robin Hood, you kept the proceeds for yourself. Whether or not you did anything with them is irrelevant.

So why should anyone care who you are, what you think, or give you any more breaks than the next ex-con?

Re:Do you think this will affect your job potentia

[aridhol]

Ack...missed the part where you're starting your own consulting company.

However, the questions still stand, albeit slightly modified. How difficult do you think it will be to find clients willing to accept your work, given your infamy? And, how long do you feel it will take you to catch up to the point where you can compete with other companies that are out there?

Tales from the other side

[bpfinn]

Kevin,

Have you considered writing about your pursuit by system admins and law enforcement types? I read about you in a few "hacker" books. The only title I can remember now is "Takedown" by Tsutomu Shimomoura. I would find it interesting to read about how much you knew about his pursuit of you. Do the terms of your release even allow to do this? (Slashdot readers, don't buy Takedown. It's a travesty of a book. Tsutomu comes across as extremely annoying, and spends half the book describing where they went to lunch. I was cheering for Kevin by the end.)

Social Engineering

[dr_dank]

I read your book and attended H2K2 last summer (I look forward to seeing you speak at the next one). I meant to ask this question to the Social Engineering panel:

Do you have any stories about Social Engineering gone awry? That is, a situation where the mark saw right through your ruse and you just couldn't pull it off.

Welcome back Kevin

[T-Kir]

There was a very interesting (and well balanced) program about you I saw in England a while ago, and in it it mentioned that you were put into solitary confinement (AFAIK) for 6 months, and weren't allowed to use (let alone go near) a telephone under the misaligned fear that you could "blow up the country with one call".

My question is: How does it make you feel when there are such ignorant and misinformed people who are in a position of authority (i.e. judges, police, government) and are there any ways in which you can use your experience to change these attitudes/problems for the good?

The Fugitive Game

[Lukano]

Kevin,

I was first introduced to your story by reading "The Fugitive Game" written my Jonathan Littman, and I wanted to ask you how close Mr. Littman came to showing your side of the events. The impression I got from the book was that it was rather egocentrically oriented around the author, and put him in a light of being a hero while you were put in a somewhat-villian like set. What are your thoughts in the way you were portrayed in this book, and how close to the truth does it fall?

Did rehabilitation work?

[squarooticus]

Having read numerous accounts of your activities, both favorable and not, my impression is that your punishment was well deserved.

My question is therefore, "Did you learn that it is wrong to intentionally destroy others' work for your own amusement? If so, what part of the punishment was most effective? And, if not, what additional punishment might have changed your mind?"

This is a serious question. I'm not just trolling.

Do u have a keygen for Wind0zes xp?

[teamhasnoi]

From what I have read, it seems that you did more with social engineering than you did with actual hacking. What would you say your greatest strength is with regards to using hardware/software? Your greatest weakness?

How Do You Plan on Getting Up to Speed?

[bloxnet]

If have read a bit about you, so I know that you were no slouch back in the days prior to your incarceration and release...but if you have actually stuck with the limits of your probation how are you planning to jump into consulting again?

Don't get me wrong, but you can only advise people on social engineering and easy passwords for so long...what kind of knowledge did you already have on PKI, VPNs, Firewalls, IDSes? There seems to be so much that has changed that just a cursory understanding of the principles behind these technologies does not seem sufficient to serve as a consultant (or at least one I would pay for)

Since so much has changed radically in the last few years, how have you kept up or do you plan to keep up at the moment? I can't see just reading a book on the latest OS specs and administrative tasks and being able to consult on them without hands on experience, and in your case you have quite a few years of language, os, security, and other operational technology advances to get up to speed with, etc.

So basically....what's you game plan to get back to a modern day equivalent of the proficiency you had several years ago?

Now..

[grub]

Now that you're out of jail, may I take the "Free Kevin" bumpersticker off my car?

Time Flies

[jjwahl]

Time flies and the pace of change is ever increasing in this industry. Certainly the landscape of the computer world has changed dramatically since you were last able to lay your hands on a keyboard.
Yours is a unique perspective - almost like a kid that has had full run of the candy store and was taken outside and forced to watch (face pressed to the glass). Now you're allowed back in to a drastically changed candy landscape. (Pardon the candy analogy, but I'm fond of sugary things).

In your opinion, what technology has changed the greatest since you were actively involved in the scene?

What will be your primary technology focus when you get back online - in terms of getting back up to speed?

Do you feel intimidated at the prospect of catching up on so many things? Are there areas that you will simply ignore out of necessity but would like to learn more about if you had the time?

Do you have any desire to hack just for the joy of hacking/discovery or have you been turned off of that in light of the consequences?

Thank you for your answers and welcome back!

public opinion

[k2enemy]

you have done an amazing job at garnering support and sympathy from the public, but how will we ever know if you deserve it? the only person that knows your true motives is you. with your social engineering skills and drive to see how far you can push things, wouldn't changing an entire public's opinion be the ultimate social hack?

Addiction

[SUB7IME]

Commonly, high-risk activities are found to be addictive. Would you say that you were addicted to 'hacking' and social engineering? If so, did your lengthy sentence give you enough time to get over that addiction, or do you still feel the pangs of desire?

crime or condition

[Raiford]

Your history as a reapeat offender has led some to label you as having an computer crime addiction that led you to your last sentence. How do you respond to such a characterization and do you feel that if an addiction was/is present that you will take measures to recover from it so to speak ?

What kind of computer will you be using?

[cdporter00]

Apple? x86? Linux? Windows?

Unauthorized?

[_ph1ux_]

While you were incarcerated - were there any attempts at unauthorized access to your ports? How did you manage to secure these ports from would be DoS attacks? Did you have to do a lot of social engineering to keep them safe?

F*ck all these questions

[DailyGrind]

How are you going to get even?

or if I was a lawyer:
"Imagine a person in your situation. How would they get even?"

What we're all dying to know ;-)

[Cinematique]

So, Kev... how do you feel about the 1995 movie

• Hackers

, which I was written with some interestingly similar parallels to your own life...

Re:What are the ten worst Windows vulnerabilities?

[TheAwfulTruth]

Since this is slashdot and since Open Source and Linux are more our concern here, shouldn't the question be:

"What are the ten worst Linux vulnerabilities to hacking, how would you attack such systems, and what has to be done with Linux to prevent such vulnerabilities?"

Surely you don't actually believe that Linux is unhackable? Wouldn't finding out what Linux's weakest areas are and fixing them before Linux becomes widspread enough on "Dumb User" hardware that it becomes the next great hacking target?

Las Vegas and the PBX

[pcraven]

I read a story where you were an expert witness for a trial in Las Vegas over redirected telephone calls. The defense called in to question if you really had hacked into the phone system. On a break, you ran to some old 'storage' locker and retrieved a printout of accounts and passwords or something.

What was the story behind your part that trial? (And how much stuff do you have in storage?)

Do you still have skills?

[billmaly]

Despite your legendary status as a cult hero within the geek community, we all know that to remain viable, we must all remain up to date on latest/greatest trends, tools, skills, terminology, etc. Let's be honest, we gain skill and knowledge re: computers by using/interfacing/reading about them. After your long absence from the computer world, how viable do you imagine yourself being? Admittedly, your name alone will open a lot of doors, but if your skills don't keep the door open, you may find yourself back outside. How have you kept current, and how do you plan to get yourself back up to speed with changes that have occured since you were forced offline?

a question for Kevin

[linuxislandsucks]

whiel your computer skills could be put to very usefull legal computer uses in the next deaced or so I am sure you meet with peole who are leary given your past convictions..

What have you learned about selling yourself in this environment to overcome the objectections about your criminal convictions that might be of use to other slashdotters?

Side Note: some of us slashdotters have minor run ins with law in our past that coudl obviously if they are using computer kislls within the law make use of what you have learned in this area, Kevin..

Something I've wondered...

[Saint+Mitchell]

I remember a not so long ago slashdot article talking about one of the laptops the feds seized had encrypted data they couldnt' access. What was the key size? I'd feel warm and cozy if you said 512 or smaller, since most of us now use 1024.

What were you thinking?

[caferace]

Kevin,

During your escapades which eventually landed you in hot water, you used the EFF account at The WELL to hide the files you stole from T. Shimomura. I'm still trying to figure out why the heck you did that. A simple "last" would have shown you that that was an active account, and you could have guessed that the user was probably technically savvy enough to notice the sudden spike in disk usage. Was that just an act of hacker hubris, or were you just not paying attention? Ultimately, it's what led to your downfall (FBI monitoring your keystrokes, live tracing of IP's) so I am well and truly curious.

-jim

Are you proud of what you did back then?

[Artifex]

Would you want kids growing up to want to emulate you? (I don't mean in software)

What do you say to kids who think you're cool?

If the law were different many years ago...

[jeffy124]

You've mentioned in many capacities (your book, interviews on TV) that the law changed during your "big run," outlawing your activities. Yet, you continued to do what you did, and you were aware of the newer laws. If the law had outlawed what you were up to before you started, would you have gone through with what you've done?

The scene

[MadFarmAnimalz]

It's been a few years since you were exposed to the IT scene in general and the security scene in particular.

You are now in a sense our Rip van Winkle in this regard, and I'd like to know what your initial impressions are about the status quo regarding attitudes towards security (now and then), and changes you've perceived in levels of implemented security (gained, of course, from reading, not practising:-) ), etc.

Describe our world for us as seen by someone who only knew it 8 years ago. Has the baby matured into something to be proud of?

Technological Rip Van Winkle

[tstoneman]

Essentially, you have been in limbo in terms of technology for the past 8 years, having missed the biggest revolution of computing since it's inception (ie. the Internet).

I've been a hardcore programmer for the past 10 years, and even I find it difficult to keep up with all these new technologies, terms, etc, and I spend around 3 hours a night after work just dedicated to investigating new technologies.

Where you able to keep up with technology during your incarceration and probation period by just reading books, or were you even allowed to read books? How soon do you think it will take you to re-absorb enough knowledge and, more importantly, experience to make yourself useful in today's world?

Catching Up

[The+Ape+With+No+Name]

I am preparing to leave the tech world for a while to pursue my dream of a PhD in a decidedly non-tech field, cultural geography. Sure, you can use a computer to do this sort of work, but it doesn't involve BGP flapping and hacking 200 lines of perl. One of the caveats I have received from tech friends is that moving away from the tech field, even temporarily, will kill me when I come back, if I come back. Personally, I don't think so as I will still being using the internet, blah, blah, blah. I just won't have a pager screaming all night and I won't be grepping log files for errors.

My question is this: How do you feel that your incarceration has hurt you with regard to all the new-fangled stuff that has cropped up over the last 10 or so years? Even more interesting to me is: do you think that being removed from the tech world enhances your perspective on matters or hurts it or both?

Re:Can't earn money?

[Angry+White+Guy]

You should upgrade to the latest version of Linux ported to fountain pens. I reccomend using Bic pens, as they come in 12 packs and are really easy to cluster.

Making that a question

[GuyMannDude]

Mr. Mitnick:

There are some people who feel that it is unfair for you to use your reputation as an infamous cracker to sell books and build your new consulting business. They argue that you are being given a level of free publicity and exposure that other law-abiding citizens simply would not receive. How would you respond to these accusations? Do they concern you at all? Deep in your heart do you feel that it's unfair you are getting all this extra-special treatment but are willing to accept it anyhow because you need whatever help you can get? Do you feel that it's acceptable to accept some unusual help building your business because you were subject to equally unusual/extreme punishment?

Moderators: this is not a troll. I think this is a legitimate question that many people here would like answered.

GMD

How much has changed?

[fishbert42]

The evolution of the online world is an apparently gradual process to most of us who get on the internet many times each day. You have had a unique experience in that you stepped out of that world for a number of years before being allowed to step back in. We all know that technology improves a great deal in as little as a few months, so the differences between the online world you left and that which you are re-joining must be large (in degree and in number).

Which of these differences are the most significant, and have any of these changes been a step backward?

Civil Disobedience-

[willis]

re: prostitution example -

If you believe in legalisation, then do promote that guy -- he was doing the right thing (and perhaps breaking the law, the two aren't always the same).
Although the circumstances/topics are different, the logic is akin to Ghandi, Martin Luther King Jr., and many other people who try to do what is right.

Henry David Thoreau talks about this type of stuff in Civil Disobedience (quoted below)

Unjust laws exist: shall we be content to obey them, or shall we endeavor to amend them, and obey them until we have succeeded, or shall we transgress them at once? Men, generally, under such a government as this, think that they ought to wait until they have persuaded the majority to alter them. They think that, if they should resist, the remedy would be worse than the evil. But it is the fault of the government itself that the remedy is worse than the evil. It makes it worse. Why is it not more apt to anticipate and provide for reform? Why does it not cherish its wise minority? Why does it cry and resist before it is hurt? Why does it not encourage its citizens to put out its faults, and do better than it would have them? Why does it always crucify Christ and excommunicate Copernicus and Luther, and pronounce Washington and Franklin rebels?

One would think, that a deliberate and practical denial of its authority was the only offense never contemplated by its government; else, why has it not assigned its definite, its suitable and proportionate, penalty? If a man who has no property refuses but once to earn nine shillings for the State, he is put in prison for a period unlimited by any law that I know, and determined only by the discretion of those who put him there; but if he should steal ninety times nine shillings from the State, he is soon permitted to go at large again.

If the injustice is part of the necessary friction of the machine of government, let it go, let it go: perchance it will wear smooth--certainly the machine will wear out. If the injustice has a spring, or a pulley, or a rope, or a crank, exclusively for itself, then perhaps you may consider whether the remedy will not be worse than the evil; but if it is of such a nature that it requires you to be the agent of injustice to another, then I say, break the law. Let your life be a counter-friction to stop the machine. What I have to do is to see, at any rate, that I do not lend myself to the wrong which I condemn.

Why did you trash our community operated system?

[Jim+Buzbee]

I'm a long time user of nyx.net. In 1994 you made a mess of the system that many people relied on to access the Internet. This system was and is, free Internet access for everyone. Your actions caused unpaid voluteers a lot of time and effort and shut down many people's only access to the Internet at a time when there were no other options. See :

http://www.nyx.net/history.html

Re:Can't earn money?

[nochops]

Good at? You've got to be kidding!

I suppose the Rosenberg's were good spys and Dahmer was a good serial killer too huh?

In Mitnick's "line of work" as it were, being good means NOT getting caught.

I honestly don't see why so many people like us lift Mitnick up to some hero-like status. He was dumb. He wasn't a good hacker, and what he did hack he handled really stupidly. And that's what got him caught, plain and simple. He's now going to make a living on his name.

Re:Life Without the Internet - similar...

[pVoid]

I've seen many intelligent people get enraptured in computers, and eventually come off of the high. I am one of those people too, and despite the fact that I've made a career out of it, I've had days where I cought glimpses of another life in which I would only have the crudest computer access, and manage to be happy.

Did spending an extensive period of time away from computers make you realize that you might just move away one day? or are you still fascinated like the first geek was?

Why are we wasting all this time on a criminal?

[nazgul@somewhere.com]

Sure, he's served his time. That doesn't mean he suddenly needs to be treated like a hero now that he's out. I know somebody who recently got out of prison after being convicted of pedophillia. He's done his time, but he's still screwed because nobody trusts him. But does that mean we should parade him around as a hero too?

power

[Kallahar]

During your pre-trial detainment, you were put into solitary confinement. The government was afraid that you could start a nuclear war with a mere telephone call. Do you think that was within your skills at the time or were they just afraid of their own fears?

Travis

Re:power

[Ninja+Programmer]

Of course he couldn't start WW II by whistling into a telephone ... for crying out loud! Please don't send this question to Mitnick, it will only confirm to him the utter ignorance of /.

What do you have to offer

[mrtroy]

At the risk of destroying all of my karma and having a swarm of 2600 guys wearing free kevin shirts coming after my bandwidth I dare to ask the question which I think we are all thinking

What do you have to offer the security world after being in the clinker for so long. I do not doubt your oldschool skills in any sense, however tthe field of security and networking which you plan on consulting for has changed dramatically in the past few years.

What do you have to offer still? Despite your fame and being unargueably the cybercrime scapegoat, what skills do you possess that will benefit the security world in 2003? Have you had your relatives print 0-day exploits as well as your email? Do you have knowledge of current OS's and the security flaws they possess?

This is not a cheapshot at your abilities, however a simple question of how in the fast changing world of technology you have been able to maintain skills while not being able to touch a computer? By Moore's law you are way behind!

My rights to my intellectual property

[Theovon]

If memory serves, one of the things you got into trouble for was that you broke into computer systems owned by certain big corporations and downloaded proprietary code and/or documents. I've heard your justification for this which is that since you didn't remove anything from their systems, and you didn't sell it for profit, then you didn't really harm them.

An analogous situation would be where you had a Xerox machine and your own paper in a backback, and you entered into the file rooms of a company where you copied files, and then put them back where you got them. You didn't actually remove anything, and you didn't sell the documents, but you have copies of something that they didn't want you to have.

In that case, it would be considered breaking an entering and/or espionage, and few people would question that you did something unethical.

I am an advocate of open source software and disclosure of scientific information which may enhance innovation. But my personal view is that there are certain bits of information about myself that I don't want other people to have. My salary is one such thing. There are open-source software projects I work on in secret before I consider them releasable, which I work on in secret, and I would not appreciate them being released prematurely. The basic idea is that people have personal information and personal inventions which they own and which they have the right to control completely.

This also applies to a corporation. If IBM pays money to engineers to develop an application, then they own it, and they have the right to control it 100%. That also means they have the right to prevent others from looking at it, even if some of those lookers wouldn't do anything harmful with it.

In addition, there's this basic idea of being nice and respecting people's rights. I can peek into my neighbors' house and watch them having sex without them knowing it, but out of respect for their wish to not be observed when doing that, I don't try to look.

Given these two intimately related ideas that people own their inventions that they should have complete control over, and that they have the right to not disclose them, regardless of whether or not you intend to use it for anything, how do you justify hacking into computer systems which do not belong to you and making copies of information which the owners do not wish you to have?

How is not not harm when you violate someone's personal privacy, even that of a corporation?

I was at the ass-end of one of your break-ins...

[Hubert+Q.+Gruntley]

I was the one that discovered your presence on our network at Security Pacific.

Later one, one of the staff had a phone conversation with you. You only spoke with DTMF beeps, but the gist of the conversation was our asking you why you broke in...

and your answer was, apparently, to get the source code for the Supervisor Series, which BTW is now publicly available at DECUS.

So, I have two questions for you:
1. Was that really the reason for the break in?
2. Did you know that you had managed to get to the production machines, doing back-end securities processing? If so, what stopped you from doing more damage?

BTW... for what it's worth: I feel you deserved the jail time, you didn't deserve the unconstitutional railroading you got.

What do you most want to get your hands on?

[nomadicGeek]

A lot has changed over the last 8 years. While you haven't been able to use computers or the Internet, I'm sure that you have been able to keep up with books and other reading.

I'm sure that there is something new that you just can't wait to get your hands on. What is it and why?

Your Slashdot Account

[ice+cream+koan]

Dear Kevin,

It is great to have you back on slashdot. Unfortunately, since you have been away, your account has been locked. If you would please reply to this post with your username and password, I would be happy to fix your account for you.

Sincerely,

CmdrTaco

Was the movie "Takedown" accurate?

[mrkitty]

I have seen the movie Takedown about your story. I was curious was that movie accurate? In the movie you seem to be poking fun at the security guy (who's name I can't spell) and harrising him. Was this really what happened or hollywood drama added to sell the movie?

Good luck with your consulting buisness Kevin.

- zeno@cgisecurity.com

Court-assigned notebook

[Tofino]

You were given a notebook PC, with no net connection of course, by the court to work on during your Net-exile. What was on this PC? What OS was it running? And were you able to install any new software on it, or have software installed for you? The follow-up question, of course, is "and how many nethack characters did you ascend?" :)

Killing Time

[voudras]

I'm not sure if you went to a prison or jail. Its possible you ended up in whats commonly known as a "white collar prison", which might make my question lame, but...

I'm curious about how your time was spent during your years behind bars. Did you take to reading to pass the time? Pick up crafts or lift weights?

I'm also curious about relationships you might have made. I think we are all familiar with the common inmates profile - some career criminals, some violent, some drug related - in *general*, poor and uneducated americans. I don't know what sort of background/upbringing you had, but i wonder if you had trouble making connections to people within the system, and in the connections you made - did you find it difficult to explain exactly why you were there? Did you get any respect for your talents in the computer field?

War Games?

[GojiraDeMonstah]

To what extent do you think the movie War Games encouraged hacker culture amongst those of us in the 30s-ish age group? (Personally, the l33t h@x0rz I know all cite the grade-changing scene as at least ONE of their inspirations...)

The Real Story

[RobTerrell]

OK, Kevin, so what's the real story? I know what I read in Wired, in exceprts from Takedown, and in endless 2600 articles. But give me the straight scoop: what's your side of the story, why you ended up in jail?

You've practically been granted sainthood by 2600. They started a movement that culminated in every geek in America pulling for you. But your fifteen minutes are up. Only us geeks are listening. Give us the straight scoop.

I was in Raleigh the day you got busted, and I vaguely remember the litany of offenses they named on WRAL when they showed your perp walk. You broke the law, right? You stole credit card numbers? You stole files from Shimomura's computer? (Which, yes, seems a bit less serious when I get fucking SPAM with files from random clueless people's computers, but that's a finer point and the law is notoriously bad about fine points.)

Clearly you've got skills, and I'm really looking forward to reading your book. But a movement based on your going to jail? Were you really, honestly, truly unjustly persecuted? Or, on reflection, did you crimes against society genuinely require some time in the pokey?

When given lemons make lemonade

[nhavar]

I don't think that Mitnick has ever suggested that he didn't deserve to be punished or that he didn't break the law in some way. The issue is with the way he was handled by the justice system and those companies. Both wanting to make an example out of him, the handling was disproportionate to the crime.

Mitnick has knowledge and skills that will make him a productive part of society. The area he's promoting himself in is a legitimate legal business so why shouldn't we get behind him and support him. This would constitute a "regular job" - unless you mean flipping burgers or selling clothes at the gap, or maybe insurance salesperson. There are plenty of former criminals in areas of expertise that relate directly to their original crimes. Their knowledge is often very helpful in stopping future crimes and in showing how people can reform and rebuild their lives after having made mistakes.

Mitnick served out the punishment given by the state and now he should be allowed to live his life unencumbered by that "criminal" title. This includes seeking ANY gainful employment he can find.

I feel that society does have an obligation to help people who we've allowed to be mistreated.

The problem with the justice system today is:

1. They bend a little too much to the corporate will.

2. Punishment is never really centered around "correction" even though people are remanded to the "Department of Corrections".

3. There's no procedure for quick and fair correction of mistakes (i.e. false imprisonment, misshandling, etc.) Most compensation has to be gained via lawsuit. False judgements can stay with a person for life, damaging not only their mental health but their future job prospects and personal relationships.

4. Too much stock is put into conviction rates and not enough in to quality of prosecution and/or honesty in prosecution.

5. Justices allow stretching the word and spirit of the law in order to help prosecutions of people not exactly covered under existing laws. I.E. Some people get prosecuted under RICO when their crime has nothing to do with it.

6. Prosecutors withholding charges in order to pursue additional charges should they lose in the first round - an attempt to circumvent double jeopardy rules. (i.e. I murder someone during a robbery - the evidence is fairly thin, so I'm prosecuted for Murder (alone). When I'm acquitted the prosecution charges on attempted robbery, weapons charges or one of the many other charges that they can dig out that might have stronger evidence. The possibility of prosecution might loom for years, along with the stigma of "suspect".)

7. The ability to punish/pursue a suspect through (ab)use of the media. ("person of interest"). Placing pressure on a subject via media "leaks" or press releases that lead the public to believe certain things about a person. While not exactly lies we all know that it's the prosecution using the media to manipulate the public against a SUSPECTED criminal. (defense and prosecution should be barred (ethics) from using the media as a tool against the other side.) Remember INNOCENT UNTIL PROVEN GUILTY.

Re:Offtopic, but ontopic regarding your message

[RabidOverYou]

Yes, but after you figure out that it doesn't work in the stock market, you realize that by rewriting a few functions, it will work on the roulette wheel. Then it's off to Vegas, and easy livin'.

Hackers = Terrorists??..

[Render_Man]

It's been agreed upon by yourself and others that what you did was wrong but the punishment did not fit the crime.

With more and more people getting caught up in the 'hacker = terrorist' retoric of late, especially those in high places, changing minds is more important than ever. I shudder to think of what would happen if your activities had occured a few years later (that whole 'whistle launch codes into a phone' thing...).

What do you think is the most important thing that the hacker community should do to make sure that cases like yours don't occur again, and that cases involving computer crime are treated fairly and not trumped up to terrorism?

Social Engineering

[wackysootroom]

In order to be an effective social engineer, you have to become a different person in order to successfully complete an objective. What kind of person did you have to become in order to survive physically, mentally, and emotionally in prison? How did you deal emotionally with solitary? Were you able to use your skills to get along better with other inmates and the guards?

Effectiveness of the corrections system.

[matman]

Would you say that the corrections system was successful in your case? Has jail time curbed your desire to compromise other people's machines? Has it taught you right from wrong? If yes, how was that acheived? If no, how could the system have better, "helped" you (helped society)?

Thanks,
Mathew Johnston

Hacker

[the_Bionic_lemming]

The media has portrayed you as a master Hacker. Do you consider yourself a hacker? Is there a difference between social engineering and hacking? I ask becuase you indicated in an interview posted on 2600 that you were "admittedly light" in programming skills. What are your thoughts on this?

So you want to be a hacker?

[krin]

Reformed or not, what advice would you give to the budding nerd youth that want to follow in your (and others) footsteps and become a hacker?

You are being watched

[jolshefsky]

I assume there are people who are watching your actions now ... even this interview and its responses. Who do you know is watching you and who do you suspect is watching? As someone experiencing government surveillance first hand, just how bad is it?

Advice

[emkman]

Show some inmates with lots of power how to make free phone calls, and perform some favors for them. When you get out, they will take you into an elite crime syndicate as their technology head. Then wait for a secret box that decrypts everything to come along, and hire your former best friend to steal it for you.
Simple as that

Priorities

[iamacat]

Actually, I think Kevin's time is better first spent on a law change so that hacking is never punished in the same way as violent crimes. And that writting programs to use things you legally bought - like a DVD player for Linux or a program to print your ebooks - is legal. Excesses of the government is a much bigger concern than small infractions of individuals.

Anyone here who wouldn't be in trouble if every one of their computer and copyright related "offenses" came to light can throw the first stone. Ever downloaded an unlicensed MP3 plugin for Redhat 8? Ever renamed irc to emacs to violate a school policy on computer use?

Re:Priorities

[iamacat]

Wow. I vigorously demand that I AM NOT given any chance to access medical, nuclear or air traffic control computers. The last thing I want is a global extinction event because I posted a link to one of those critical servers on slashdot.

Seriously, it's people who set up critical system in such a way that their functionality can be influenced from a network designed for research and entertainment that should be charged with manslaughter. If a script kiddie tried to split IRC network and people died because of that, s\he should be just given grief counseling and not charged with anything.

On the other hand, people who purposely break car or air traffic control should of course be responsible. But someone maintaining a critical computer should first make sure that it can not be shut down accidentaly and provide ample warnings to potential tresspassers on why it should be left alone. It wouldn't do to have an obvious, conviniently located self-destruct switch. Or forward any packets from the Internet without strong encryption, if that.

Hmm... I don't remember all the facts. Is there any evidence that Kevin purposly tried to cause serious harm? Or that he even broke into any systems that did critical real-time control? I thought he was just addicted to getting control of a system, stashing away source code and so on. If you get down to basics of human motivation, real hacking is just another kind of science. Like Indiana Jones style of archeology. Risky, annoying, controversial but ultimately an unavoidable consequence of human curiosity.

P2P and digital Rights

[Mozilla_Kid]

While you where away, p2p networks have become a very popular form of file sharing on the internet. Unfortunatley many people wish to put this to an end. What is your opinion of p2p networks and rights that should be associated with using them. Also what is your opinion of DRM (digital Rights Management) and the RIAA ?

Re:It just isn't the same.

[yiantsbro]

No, but they have done a pretty damn good job of making it disappear into thin air ;)

Hacktivism

[Opiuman]

Namely, what are you views on activist use of hacking/cracking to promote political views?

Catch me if you can?

[atlantis_tin]

Have you watched the new movie 'Catch Me If You Can'?

Handratty plays a very important role in getting Abiganle to work for the FBI while serving his sentence. Did you have anyone like Handratty around you or was the environment too hostile?

You look good

[Ralph+Wiggam]

When I saw the picture next to the CNN story about you getting back online, I thought they had made a mistake. The guy in the nice suit with little glasses couldn't be the geeky Kevin I remember. My question is: Do you have a fashion or image consultant?

And a little hint for someone that hasn't gotten email in a while, Staci doesn't really want you to test her new webcam for her.

Good luck.

-B

Re:Offtopic, but ontopic regarding your message

[RabidOverYou]

> education

Clearly underfunded in your state.

What did you miss the most?

[Bilbo]

Even being the Net.Junkie that I am, I have to admit, there are times when I like to get away from the Internet and being online all the time... for perhaps a week or so. But as soon as I get back from camping in the woods, one of the first things I do is log on to check my email. :-/

I'm sure that, with all the things you were forced to give up being away from any contact with computers for as long as you were, there were plenty of things you quickly got used to being without, and things you probably even forgot existed. However, I'm sure there were some things you really missed.

Of all the things you had to do without, what one thing about computers and the Internet did you miss the most?

NORAD

[Rary]

Q: How did you get into those NORAD computers, and how accurate was War Games?

(NOTE: yes, the above was just a joke, please put down your flamethrowers)

But seriously, now that all this is more or less over, how do you feel about John Markoff? Do you hold a grudge, or have you moved on? How about Tsutomu Shimomura?

How close was Takedown?

[fiber_halo]

I assume you've read the book Takedown. My question is, how close to reality was the story?

Is there anything specific that stands out as complete and utter BS?

Are you free to tell us what you really think?

[tchdab1]

Kevin,
How free are you to tell us what you really think about things, and how much is your freedom of speech being moderated by the terms of your parole? For example, if you felt that (this is purely hypothetical), in response to IP issues you believed in taking actions that might be interpreted as criminal, would there be reprecussions for you if you stated them here?

How have you stayed intouch with tech these years?

[eyefish]

I was wondering, even though you were not allowed near a machine or the Internet, how did you keep up to date with the latest developments on tech-related issues?

This I'm sure will be the first question that will come to mind when anyone considers paying for your services as a security expert. i.e.: how can you help a company when you have been "out of the loop" all these years? I figure that since most security concerns are usually on the social engineering side that this will not be a big deal, but when it comes to other more technical aspects, how will you be able to help them?

No he's been waiting for

[BoomerSooner]

hot teen nympho's, an MBA in 2 weeks and penis enlargement offers.

I bet his email account is full! 100,000 spams just waiting for him to return...

Re:No he's been waiting for

[rastachops]

Maybe the interview will go like this:

http://www.geekculture.com/joyoftech/joyarchives/4 32.html

How do you view yourself and your own skills

[l1gunman]

Lots has been made of your exploits, your crime, your punishment, your supposed skills, etc. Mostly by people who've read of you but don't really know you. You've been described as anything from a petty thief to a "computer genius". (I think of Bill Gates whenevr I hear that one!)

So... you tell us... How do you rate your own computer engineering skills? It's obvious what you think of your social engineering skills (and rightly so). But... how do you rate your own technical skills in such areas as logical thinking, programming ability, problem solving ability, creative solutions to complex technical problems, understanding of current protocols, methods, etc.

Coolest Hacks you've ever done

[Drestin]

OK, check with your lawyers but as I'm sure you know the statue of limitations for computer crimes (not otherwise associated with violent crimes) is 4 years in most every state. So, with that in mind; can you tell us some of the coolest hacks you've ever done? Most especially; any so well done that they have gone undiscovered (and unprosecutable now)?

"Social engineering" your way into a date?

[identity0]

Are social engineering principles useful in getting a date?

God knows, if there's anything the Slashdot crowd can use, it's *this*...

The most important question of all

[Bill,+Shooter+of+Bul]

What... is the air-speed velocity of an unladen swallow?

Wish you were here

[f1a8oy]

What would you be doing now if you had never gotten caught? describe what you think your trajectory would have been and when you would have had to make a change to avoid getting arrested.

Hacking and legitimacy

[jonny-mt]

It's clear that you will have a unique position in the field of security having been a former hacker, and I imagine you will do quite well for yourself financially. However, the price you have paid is readily apparent. Do you consider this to be a fair trade? With so many security positions available to former hackers such as yourself, could hacking be considered a 'good career move'?

Mideast Affairs

[flyneye]

Having done a bit in israels army a while back,what is your take on recent events there?

Ethics

[bukys]

Now you have had a long time to think about ethics in general and the system-cracker ethic in particular. You expended quite a bit of creativity breaking into systems AND covering your tracks (deleting log files, etc).

• What would you like to say now about your new perspective (if any) on the ethics of asserting that "justing exploring" is not damaging, and the ethics of damaging whatever audit trail exists?
• How would you describe yourself -- repentant, chastened, defiant, what?
• And, finally, how constrained are your remarks -- are there legal consequences (due to probation or parole) if you say "the wrong thing" -- or are you as free as the rest of us to shoot your mouth off? (Obviously there are market consequences to any remarks you may make, as you sell your services and books.)

Writing Free Software

[the+gaffer]

I think that you have said that you were not driven by money and that you enjoyed the challenge. There's another activity that is financially unrewarding and challenging: writing free software. Have you ever thought of using your skills in this direction? It's got one further advantage, too: they don't put you in prison for it (yet)!

Computing and the future of civil liberties

[Lours]

Hi and welcome back to freedom,

I have read on your site about the quite expeditive way your "pre-trial period" was handled by justice and how justice in its "moral" sense did not fulfill its job and how some of your essential rights were clearly denied to you.

After the 11/9 events, the new US national security directives, big corporations more and more trying to gain control over their users, what does your expertise in computer security and probably deep knowledge of obscure corporate and state practises (open wiretaps for example) incline you to think about the future of civil liberties in the US and as a whole (if you think you know anything worth telling about Europe for example) ?

And do you think you would accept to talk about in public if asked to do so by associations or political parties wishing to communicate on the subject ?

Have you thought of leaving the country ?

[rainer_d]

Kevin, what I've asked myself: after all those years in jail - haven't you thought of leaving the country ?

Just calling it quits an moving somewhere else ?

I've only loosely followed your case (and the related civil liberties problems in the USA) since I first heard of it in c.a. 1997, but judging from todays "status quo", I can say that it hasn't improved at all.

Walkmans

[satterth]

Why do you think the prison people (guards and inmates) thought you could mod an ordinary walkman into a transmitter?

What other crazy stuff did they think you could do while you were there?

Hacking vs. "Legitimate" Computer Work

[Betelgeuse]

Do you think that you would still be hacking today if you didn't get caught? Do you view it as a good thing or a bad thing that you got caught and had to spend time in jail?

Catch me if you can....

[dogfart]

Have you seen the movie "Catch Me If You Can"? If so, do you see any similarities between the main character of that movie and your own life? And what are the differences between the two stories (aside from the obvious of the era and the fact you did not actually steal $$$)?

Re:Who exactly says he "trashed"?

[Jim+Buzbee]

I actually took the time to read history.html, seems it wasn't that bad afterall. Especially since he did it "by accident".

If my recollection is correct after all these years, I think he did stupid stuff like "echo 'password entry' > /etc/passwd" instead of using ">>" to add an account. So he ended up trashing the password file, taking the system down until someone could restore the backup from tape. In addition, I think there were a number of other vandal type attacks that were thought to be from him, but could not be confirmed. The general consensus at the time was that he was just an classic "script kiddie". Anyone could get a free account to do whatever they wanted, but it wasn't enough for him. He had to take down a community resource just to prove he could.

Re:Have you been waiting all these years just to s

[Simkin1]

... I was curious, after all these years... what do you think of the net? Did it go the way you expected? Did it turn into what you hoped? Are you (dis)satisfied with the results? Any intentions to make your own post-prison marks on the future of the net? Intentions to contribute? Are you a re-habilitated 'citizen' or a disgruntled scapegoat? ... little side note... we've got this little problem with North Korea; any chance you could use your 'craft' to turn their nuclear program into the worlds most expensive pinball simulator? Welcome back

How did you write the book?

[geders]

How did you write the book without a computer? Hand written then transcribed, typewriter, or were electronic typewriters allowed?

Once a hacker

[James+Littiebrant]

Once a hacker always a hacker so... when will you begin hacking again?

Your current OS

[stock]

What i have seen you ran your laptops on win3.11 and win95. Are you today running win XP or do you prefer e.g. linux?
Do you now feel like a Count of Monte Cristo who just left prison?

What Really Happened

[Tuxinatorium]

The government had access to all the records that Mitnick could have used for his defense, but they arbitrarily withheld the records indefinitely. Each six months Mitnick was given the choice of going to trial with an unprepared defense and some crappy government lawyer with no access to the records necessary to prove his innoccence, or to sign a waiver allowing the government to delay the trial for another 6 months while he stayed in jail. In other words, they were just trying to fuck with him untile he broke, gave in, and pleaded guilty. They never had any intention of giving him a fair trial. It was a total mockery of the legal system and a travesty of justice.

a little generous with the mod points

[xmnemonic]

86 +5 posts (at this time)! Mod up questions that not only sound insightful but are also interesting (and I don't mean that purely in the moderation sense). For example, it might be important if we know how he feels about his own actions- but does anybody really care?

You missed the Internet boom and bust

[billstewart]

The whole internet boom-and-bust thing happened while you were Off Net, and the economy's worked it's way back down to about what it was before you got caught.
What's it been like watching it from the outside? Do you have any perspectives that are different from what people experienced going through it?

Did you crack my server?

[Necron69]

The time, April 1994. The place - Colorado Supernet (think *.csn.org) in Boulder, Colorado. I was a green as hell newbie sysadmin on my second job out of college. One day, federal marshals show up with search warrants and lawyers from a large, American electronics manufacturer. They are looking for stolen PROM code for cell phones, and they think it is on our machines (it was). It turns out someone did some "human engineering" on a gullible IT person somewhere and downloaded the code without having to crack anything. This person then backtracked through a long list of hacked accounts across the Internet to cover their tracks.

The search process shut SuperNet down for almost three days. We couldn't answer the phones, check email, or even touch our servers. It seemed certain that this was the last straw in a long list of problems, and that the company would fold. In a panic, I quit that job two weeks later. That was a bad decision, as it turns out, but one I still hold the mysterious cracker responsible for. That person changed my life, and not for the better.

So, was it you?

- Necron69

Abuses of the Total Information Awareness system

[virtigex]

The US goverment is proposing to perform blanket surveilance of the population with the proposed Total Information Awareness system. Presumably, such a system would present a huge tempataion to those who wish to access people's electronic information, since it represents a one-stop shop.

If such a system gets built, how likely do you think that it will get compromised, how quickly will this happen and what techniques do you think would be used?

What was on your xmas list ? for the kids ?

[Dave21212]

It must have been hell reading reviews and watching other people (your girlfriend) play with all the new computer technology out there...

What new technology was on your wish list this year, and what new or old tools/tech would you put on the list for the kids today who want to become as masterful with systems as you once were ?

Back in the saddle or.....?

[Darth_brooks]

Do you feel like you'll be given an unhindered chance to be 'free', Or do you think that the vague state of some US technology laws would be used against you if the opportunity presents itself?

Follow up to that question; are you more or less likely to work on a project that could be construed as a (for example) DMCA violation because of your past?

Your true story (and Markoff)

[AgentCooper]

Any plans to write a book about your early experiences becoming a hacker, your exploits and what it was like to be living on the run from the feds? Or is "The Fugitive Game" to be considered your authorized story?

Frankly this personal, social, exploration story is the book I think many of us would like to see, though of course I bought "Art of Deception."

On that note, did you ever receive any compensation from John Markoff or from any of the print/film versions of "Takedown"?