Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mitnick Calls for Hacker Stories

Posted by michael on from the one-that-got-away dept.

ram writes "Famed hacker and master social engineer Kevin Mitnick has been commissioned to write a new book following the success of his first text The Art of Deception. The new book, tentatively titled 'The Art of Intrusion' will tell the stories of real hacks, with the names of attackers obscured to protect them from the authorities and their victims. Mitnick has called on retired hackers to come forward with their stories, offering a $500 (283) prize for the best story that makes it into the book, and a $200 payment for all stories that make the final draft."

23 of 242 comments (clear)

  1. Why is Mitnick so famous? by Pingular · · Score: 3, Insightful

    He is a famous hacker because he got caught. There are thousands of hackers much better (if that's the right word), so why does he get all the attention?

    --

    When anger rises, think of the consequences.
    Confucius (551 BC - 479 BC)
    1. Re:Why is Mitnick so famous? by Crypto+Gnome · · Score: 4, Insightful

      er, the 'attention' (most especially from the media) occured as a direct result of his being caught, or were you not paying attention at the time?

      Hiding under a particularly large rock?

      Or perhaps you were on your way here from (for example) Europa?

      --
      Visit CryptoGnome in his home.
    2. Re:Why is Mitnick so famous? by Anonymous Coward · · Score: 3, Insightful
      Well you didn't say so explicitly, but I've heard, even from the mouth's of some of the best hackers, the notion that the best hackers never get caught, and only bad hackers do get caught. I don't really buy into this logic, I think anyone can get unlucky. I mean, being a good hacker and never getting caught is like getting an ace and a face card in black jack - but you can still have a winning hand without that.

      I also disagree there are thousands of hackers better than Mitnick. There are better hackers than Mitnick, maybe dozens, possibly even hundreds. But not thousands. He was pretty good on DEC Vax/VMS when that was big. He was a great social engineer. And he had UNIX and the Internet down pretty good. I do agree calling him the best ever, or one of the best ever might not be correct, but he definitely had skills, he was up there.

    3. Re:Why is Mitnick so famous? by Jugalator · · Score: 2, Insightful

      There are thousands of hackers much better (if that's the right word), so why does he get all the attention?

      Because they aren't known? :-)

      I guess media has made Mitnick famous and that's why. But I'd be very interested in hearing of another hacker, whose hacks has been fairly well documented.

      --
      Beware: In C++, your friends can see your privates!
    4. Re:Why is Mitnick so famous? by Anonymous Coward · · Score: 4, Insightful

      He is famous because he got caught and, perhaps more importantly, because the authorities either decided to make an "example" of him or were actually deluded by the exaggerated portrayals and feared him.

      Note that reading "The Art of Deception" is very enlightening as to what Kevin's skills and knowledge are really focused on. As someone with more than enough technical knowledge, but very limited social engineering skills (and no particular desire) to actually break into systems (I often find holes and create exploits, but only on my own systems, and I report them to the project or vendor), I can appreciate what his skills are, how they differ from mine, and how totally detached from reality the common perceptions about the danger of technical vs. social hacking skills are.

      I think that the reason Kevin got caught is because he wasn't acting rationally - he wasn't hacking for profit, with the appropriate caution to avoid getting caught, but because he was driven to it. He was probably far more active than cautious hackers. He probably misestimated the level of efforts that would be used to track him, because prior to his case, there weren't many high-profile cases.

      It doesn't necessarily imply anything, good or bad, about his skills. Perhaps about his judgement at the time.

  2. I wonder if by dan+dan+the+dna+man · · Score: 5, Insightful

    he will take care to protect the identities of the targets too. I can see no end of trouble when "A Big Co." finds out they were completely rooted and had no idea..

    IANAL - lets say for the sake of argument I was an ex-hacker with a story to tell that ended up in print. Even with this much vaunted anonymity I would still be worried about publically confessing my misdeeds. Especially in the UK where hacking offences can be covered with anti-terrorist legislation these days.

    --
    I don't read your sig, why do you read mine?
  3. Wait a second... by JamesD_UK · · Score: 5, Insightful
    Sounds like a cheap and easy way to write a book if you ask me.

    1. Get others to produce the content of your book
    2. Publish
    3. ???
    4. Profit!

    1. Re:Wait a second... by Crypto+Gnome · · Score: 3, Insightful

      Books in one sense are very much like music.

      Anyone can write a book, can even get it published.

      However, of the thousands (hundreds of? or is it millions?) of books published every year, FAR too many of them SUCK for one reason or another.

      Having published one, and being comissioned for another based on the strength of the first, this is likely (though not guaranteed) to Not Suck.

      Even so, profit is by no means guaranteed.

      --
      Visit CryptoGnome in his home.
    2. Re:Wait a second... by dipipanone · · Score: 4, Insightful

      What, you think Mitnick actually *wrote* his first book himself?

      Perhaps he did, but given how modern publishing works, I'd be very surprised if that were true. These works are most likely ghostwritten attempts to cash in on his outlaw celebrity status (as told to A. Hack) and the follow-up is another attempt to capitalize on the Mitnick brand(tm) and its status in the burgeoning script kiddie market.

      You don't really think an editor commissioned this book because its likely to be a valuable contribution to culture, do you?

    3. Re:Wait a second... by gustgr · · Score: 2, Insightful

      How can he totally trust on the histories he will receive ? Asking the history sender for details ? Do you guys think that a very imaginative mind can came up with a 'fantasy' history and got it published and no one (including Mitnik) note that it is fake ? Details and checking with the press publications doesn't asure that the content really happened. I would like to know how reliable are the histories.

    4. Re:Wait a second... by ReallyQuietGuy · · Score: 3, Insightful

      it's not just "cheap" in this sense. think about it. miserable $200 if your contribution gets into that book? what kind of book advance would you think he got?

      $500 for the BEST story that gets in? you have got to be kidding.

      how many stories will he be able to include in the book? 10? 20? 30? so for an outlay of, say, $6000 or so he will be able to tack on to the cover a blurb about how the book is chock ful of real, exciting, etc. etc. stories "From the Dark Underside Of The Internet!!!!"

      is that worth more or less than $6000 in terms of sales?

  4. Confirmation by Tango42 · · Score: 5, Insightful

    How does he intend to confirm the stories are true? If he is trying to keep indentities quiet, he is going to have problems confirming them.

    1. Re:Confirmation by bruthasj · · Score: 2, Insightful

      Easy. Just look up all the cracking activities that have occurred in the last five years via google or the library (newspaper articles). Then seek after the stories in a more specific way. Find out who did it. Interview them. Cover up their names and place their extremely detailed intrusion technique.

      The confirmation can be had by the sys admin saying, "Yep! That corresponds to the logs we had!" If someone really wanted to get that nitpicky.

      I'd even recommend that Kevin meet these people in a completely anonymous fashion so the authorities couldn't leverage him to get after his interviewees.

  5. '3' filled in for Crime; it does pay by Animaether · · Score: 3, Insightful

    1. Perform illicit activity (crime: 'hacking' or 'cracking' for those who prefer that term)
    2. Get away with it.
    3. Get paid for story publishing.
    4. Profit!!!

    Seriously though, as I'm sure many of these hackers/crackers will be heralded as (demi-)heroes by many visitors of Slashdot, and I understand that often the sentences for those caught are ridiculous, it should not be forgotten that they -did- commit a crime.

    Now, they were 'smart' enough to not get caught for that crime, too. Which means they can gloat about their hack/crack in private of with tight friends or do whatever the heck they want with it already.

    But now they're getting paid to talk about those hacks/cracks - and retain their anonimity ?

    There's something very wrong with that picture, in my humble opinion.

    1. Re:'3' filled in for Crime; it does pay by nathanh · · Score: 3, Insightful
      Seriously though, as I'm sure many of these hackers/crackers will be heralded as (demi-)heroes by many visitors of Slashdot

      Why would you think that? Whenever there's a Mitnick story on Slashdot the overwhelming majority of posts say "he got what he deserved" and "hackers are good, crackers are bad". I very rarely see anybody defend what Mitnick did; in fact, I don't think I've ever seen anybody defend what Mitnick did.

      If anything, I would say the "Slashdot meme" is strongly opposed to criminal acts with computers.

  6. Sure, offer me $200... by Pollux · · Score: 5, Insightful

    ...and I'll be happy to give to you some kinda fish story. Yea, there was that time back in '83 where some buddies and I were sitting 'round our dorm room and thought, "Hey, how long's it been since someone's busted into Langley's database?" And so, we all tossed five bucks in a pot for the first to break in and find the SS# of the Director of the CIA...

    Really, how are you gonna know that these stories are actually real?

  7. Cheap content by Andy+Smith · · Score: 2, Insightful

    Even if the book includes as many as 100 stories, that's only $20,000. We can be sure that Mitnick will be making a lot more than that, and the publisher will be making much, much more.

    Don't most honest, law-abiding people nowadays disapprove of criminals profiting from their crimes? Well it sure seems like Mitnick is profiting from his crimes with this book because the publisher is using his name to sell it.

    Kinda cheap and sleazy if you ask me, which you didn't.

  8. Mitnick is social engineering you! by SexyKellyOsbourne · · Score: 4, Insightful

    We all know Mitnick is in quite a bit of trouble, but the fact that he's a good social engineer still persists. He was traumatized in jail, and most of what he was severely punished for was probably due to non-cooperation, in that "hacker" attitude, with very influential people. Most likely, he got out of such things by giving in and cutting deals.

    Before you send in any good stories, be they fact or fiction, think of this: what if FBI / Homeland Security agents are on the case working with Mitnick, reading those letters that will supposedly go into the book and tracing who sent them? They've been known to do similar things to get people to brag before, which is the easiest way to catch people, or at least make it seem that way. With John Ashcroft and Tom Ridge in the government, they will stoop to any low to put hackers, whom they view as terrorists, behind bars.

  9. He is just covering his tracks !! by Pingo · · Score: 4, Insightful

    I think he needs the anonymous hacker contributions as a smokescreen for some of his old unknown hacks.

    This guy has probably done more than he is accused for and has got an urge to brag about all his hacks. Doing so might get him into more legal trouble and he needs some anonymous hackers as legal frontends. //Pingo

    --
    --- Linux or FreeBSD, it's like blondes or brunettes. I like both. ---
  10. Why these books are good by tarnin · · Score: 4, Insightful

    For people like us (slashdotters) these books are mostly tales and overly obvious statements. Interesting and sometimes fun to read. That's about it.

    To people NOT like us (read: small/mid company admins and even some larger company admins) alot of this is actually an eye opener. Case in point: Some of you may know that I work for a smaller, privatly owned ISP. Because of this, we cater to a bunch of mid/small businesses. I have suggested his first book for them to read. I have gotten no less than 20 call backs after they read the book with statements like "Wow, I never even thought of that!" and "Thanks for the book tip! Helped me out alot and we have tightned up security with our staff." You're lucky to find a semi-competent admin in companies this small (or an admin at all) let alone one who understand or has even heard of social engineering or any type of specific attack out side of what the main stream media reports.

    Keep in mind that alot of admin in these companies have heard DoS and DDoS before, maybe even the names of a few well know worms but they don't even know what they stand for or what they do. They are nothing more than the catch phrase of the week. Books like this are pretty invaluable to them as they are not written from a tech stand point (Hardening Cisco comes to mind) and are eaisly understood and easy to put into practice by someone who is the admin because they know what HDD stands for or were hired on the lowest possible salary.

    Don't get me wrong here, these are not the end all be all security books but they are a great boon to the customers that I service.

  11. This is cover for reporting HIS OWN exploits... by Curious__George · · Score: 4, Insightful

    People are getting all righteously indignant and aren't seeing the real purpose of this offer. By appearing to anonymously post OTHER'S stories, he will be free to publish HIS OWN stories under some cover. He will be able to use the journalist's right to conceal the names of his sources to protect himself - and yet still tell his stories. I'm sure he will still use a few others, but the only ones that he can know really happened for sure are those HE performed.

    Curious George

    --
    ***General Consultant to the Human Race*** My opinions are free. You get what you pay for.
  12. Ho hum by fw3 · · Score: 3, Insightful
    As somebody suggested above, the likely actual motivation for this is probably Mitnick's restriction from profiting on describing his own criminal activities.

    As I see it Mitnick remains of the same mindset as when he first showed off his cracking skills to a group of peers and was surprised when they turned him in.

    Among his various complaints about his treatment by the Feds are that he was held without bail (gee, can you say 'established flight-risk'?), and that they held onto all of his computers (gee, after he declined to provide the encryption keys needed to access them as evidence?).

    He's also clear about being bitter toward the author of 'Takedown' (advice, "never get in an argument with someone who buys ink by the barrel and paper by the train-car") and Shimomura(sp?) (Let's see, you break into lots of machines, eventually you come up against someone better'n you and now you complain that they exact some revenge?)

    His notoriety seemingly guarantees a certain audience for he and his publisher to profit.

    Personally I've got no desire to help this guy along. In the excerpts from his book he has the brass to include himself in the 'hacker' ethic of places like LCS, Berkeley, JPL. Sorry, that image doesn't pass.

    --
    Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
    bsds are of course just BSD
  13. Re:I got some to contribute. by Glass+of+Water · · Score: 2, Insightful
    That's a very wierd article. First, the "Master Password" was a word from the dictionary??? Second, why would someone download tons of credit card data, and spend all that time doing it, and leave such an obvious trail, and not seek to profit from it? The article suggests that the prosecuting attorney believed that he did nothing further illegal with the info.

    These types af articles always seem to be a little strange. Would the "300 passwords" that he stole be a single password file, that maybe he brute forced the "Packers" password out of?

    And what's up with the bit about threatening the President? It's illegal to collect guns and bombs for use in harming the president. It's not illegal to say that you want to harm the president.

    More typical wierdness:

    Baas, 25, of Milford, admitted his hacking and theft of their customer information cost Acxiom -- of Little Rock, Ark., -- about $6 million. The tab included $2.4 million in Acxiom employee time and $1.3 million for security audits and encryptions upgrades for the company's computer system.
    He admitted what? How much employee time? At $40/hour, that's 480,000 hours. That's 240 full-time employees at $40/hr for a year. That's not including the audits and "encryptions upgrades".

    Too much nonsense in there.

    --
    There are no trolls. There are no trees out here.