Slashdot Mirror
Mitnick Calls for Hacker Stories
ram writes "Famed hacker and master social engineer Kevin Mitnick has been commissioned to write a new book following the success of his first text The Art of Deception. The new book, tentatively titled 'The Art of Intrusion' will tell the stories of real hacks, with the names of attackers obscured to protect them from the authorities and their victims. Mitnick has called on retired hackers to come forward with their stories, offering a $500 (283) prize for the best story that makes it into the book, and a $200 payment for all stories that make the final draft."
because he was held without a trial for so long.... and eh, in the mid 90's people in the phreaking/hacking community decided to rally behind him. that part, i don't remember the specifics of. also, he was one of the first publicly discussed (newsmedia, websites) individuals banned from computer or electronic device use. funny sidenote, in highschool several years back, i was testing innoculate's latest patches for the school (without telling the network admin bumblehead), and i ended up being banned from touching all electronics at school nearly indefinitely! they wouldn't even let me troubleshoot a printer or a vcr... fools. it was funny though, and i was the first such case in the school district. go figure.
Personally, I could see this turn of events coming. Having read books such as Cyberpunk and Takedown and watched that doco "Freedom Downtime" I've drawn the conclusion that Kevin appears to be more "misguided" than dangerous and also more "attention seeking" than a model hacker for script kiddies to chase after.
:)
I must admit though, I would be _very_ interested to read this book when it hits the press
was a typical social engineering story.
Some hacker wanted to haxor some local republican servers. But these things turn out well secured, so he needed some physical access to the boxes. So he claimed to be a fundamentalist protestant (well, he didn't put it this way obviously) and asked the local repubs for some help for anti-abortion protests. He convinced the people to paint transparents in the server room. Ownage occured mysteriously. Well, not so mysteriously, 'cos the FBI got him in the end.
To save his honour, it must be said that he indeed turned up at the anti-abortion protest, even throwing some tomatoes.
Well, he was a crazy Nader follower. Quite funny , when you think about it - the hacker helped in the repubs due to the bad press in the end. And even Nader helped Bush by sucking votes away from Gore. These ecos can be very strange some times.
Owner of a Mensa membership card.
It's not just statute of limitations, but rather where they exist and if they exist.
In my younger days I did some mischief along those lines, but considering the number of countries that I traversed in my electronic travels, I'd be a little concerned if any of them raised any flags.
Especially since some of them that "old" folks like me used to traverse have less than pleasant human rights records.
Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
Holy cow, is this serious ?
But, just imagine if J. Reno could come up with the Nuclear War stuff for Mitnick, what a field day J. Ashcroft would have had if he had a chance ... Or maybe Ashcroft is already having a S&M ball. It is all so secretive nowadays.
Lucky Mitnick...
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
You'd better hope that this troll doesn't know what he's talking about.
Rank Presidents by th
So, if someone breaks the law, and then tells you about it afterwards (but before they're brought to justice) doesn't that make you (in legal terms) an accessory after the fact?
Visit CryptoGnome in his home.
including the missing chapter.
Mitnick's 'Lost Chapter' FoundWhile there are always two sides to a story, from what Kevin says, it sounds like Markoff and Shimomura exploited the situation for all the $$$ they could get.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Hell yeah. How do you gain the respect of a bunch of people who are obviously non-conformist social outcasts? You perform "illicit" activity. Who hasn't thought of it? And who hasn't read about it? "Hacker" (more than not a cracker) gets busted, tells his story to the media, and gets paid. Sometimes part of me honestly wishes for that notoriety. There's some sort of twisted appeal about it.
Particularly because of this new homeland security deal, what honestly is the best way to catch a thief? Hire him.
Setup a Machine and they can hack into it to submit their stories.
;P
This way if they are good enough not to be traced, the chances are good they actually did something real. It also removes most of the possible "script kiddies" submittions
Sanity is a majority vote.
And as far as Kevin goes, he's had a hard time so I forgive him for it. But I am not going to give stories so these corporate bastards can figure out how to keep people out. I am totally down with the grey-hat backlash that has started - people who are connected with the hacker scene and then go work for ISS or @stake or wherever, and make money off of it. Selling out is bad enough, worse is people who were with the hacker community, start working for security companies, and maintain contact with the active hacker community on an active and "professional" basis.
I am totally down the grey-hat backlash. I see there being two classes - workers and idle heirs. Idle heirs own the majority shares of corporations, thus they control the corporations, thus they control the means of production. I think they have no right to this, and thus I as a worker hacking into a corporate computer am more justified being on there than even another worker following orders from the heir (e.g. working at the company).
I think the fact that hacking machines is a crime is as much bullshit as the fact that more black men in the US go to prison than go to college. Yes, I DO think I have the right to hack anything I want, even if isn't mine - if you look at say bond ownership in the US, about half is owned by 0.5% of the population, and 90% is owned by the poorest 90% of Americans. I could give a flying fuck about these heirs and what they own. I am for anarchy and anarchism - fuck all authority, workers control the means of production. Parasitism like profits, interest, dividends, rent at an end. Up against the wall motherfuckers, this is a stickup!
There used to be a good web page on the hacker backlash against security BS, but it shut down. Here are some links, maybe the page will pop back up. Or maybe YOU can join the movement.
Speech at H2k2
post to full disclosure
post to indymedia
This is good shit
And here are some links about other topics
Chomsky rules
Learn about anarchism
And there's lots of good books on how the working class is regularly ripped off by the man. Just remember - people like Paul Krugman are good, but light. Check out the more radical analysis as well. Workers of the world unite! No gods, no masters!
Unfortunantly, he is rather busy at the moment.
I would send him an email and tell him about it, but I don't think he's gonna be answering anything electronic for a little while.
No, this is not a joke. Yes, this is a real friend of mine. And yes, I am probably a rat bastard for posting this on here. However, he did some of this from *home*!
Jesus eppie, I thought you knew better than that!
I guess the reason I am posting this is for all those of you who think that "thrill hacking" for fun, and not doing any real damage, will just get you a slap on the wrist if you are caught. Bet thats what eppie thought.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
use Social Engineering to get "hackers" to publicly brag about their illicit activities, in exchange for modest "prizes."
collect reward money AND complete parole obligations.
retire.
I'm an active penetration tester, have been for some years. I can tell you now that from all the testing i've completed (including lots of clients in the financial sector and govt.) I wouldnt even be entertaining the idea of remotely telling anonymous tale stories. The risk is just too great. And for a measily $200?
Give me a break.
When you've proven to a client that millions could potentially be stolen, the last thing you'd want to do is discuss it in a book, anonymously or not.
Running from the authorities using his advanced level of hacking skill, creating new IDs and such as he went, having stolen the data for the intellectual thrill of it, not for financial gain, then improperly held by a vengeful government... That's a classic tale. I don't know if it's a true story, but that was the popular perception at one point.
In the 18th century, there was, in England, an absolute adoration of the highwayman. There were courteous highwaymen like Dick Turpin, whose victims had only this regret: that they could not have met him under other circumstances and been friends. There were brutal highwaymen, like Jack Sheppard, who was noted for his violence and for escaping Newgate with fetters on his limbs. There were gallant highwaymen, like Claude Duval, whose arrest was supposedly mourned by women across the country.
Other countries and that and other times have had the same respect for any bold thief. John Dillinger is the best modern example.
And as for getting caught, the populace believes that if you live bravely enough as a criminal, you WILL eventually get caught. That's really the basis of the admiration. If you could simply escape the government by being strong enough, as in the 1200s, you'd only be feared as a danger to all. It's the assurance of eventual capture that gives living on the edge its glamour. This, in particular, applies to Mitnick where it wouldn't to a mere modern carjacker, because we know the carjackers aren't caught. There are so many muggers and rapist and straight-up burglars who prey on the populace directly and succeed that we can't respect them. We fear them. A bank robber or a hacker can go after the big score, the wealth of the very rich, and leave us entertained participants.
There are, of course, plenty of major criminal hackers who do get away with it, as with any other crime, hackers we never hear about because they stayed safe, played it smart all the way. Some of them may be reading this now. Hi boys... you're assumed to be mean of spirit, not to have aimed high enough to get caught, mere embezzling rats or at most a sort of criminal investment banker. How does that feel?
Eventually the statute of limitations will start to run out on modern hackers who have done some pretty cool things, and we'll start to read the full stories of the ones who did go for the big score and get away with it in the Net age, just as we now revere some of the early phreakers who dared and won. Until then, the successful hacker will remain the province of fiction.
It's also interesting to note that in the 19th century, it was felt that the effect of the poems and plays about thieves had the same deleterious effect that comic books, rock music and video games were later held to have.
This post is reacher for 600 words, though, and beyond this I might as well write a properly-researched article, so I'll leave it here.
Well, many people find graffiti a fascinating branch of art. Sure its done with other people's property, just like hacking, and that's why they are both illegal. But what is admired is not the defacement but rather the skill, the artwork.
Hackers would get more money writing for SysAdmin.
I may have posted this link some time ago, but I think it's worth a repost. "Underground" by Suelette Dreyfus is, to me, a very interesting book looking at the hacking/cracking culture of the mid 1980's.
It follows the stories of several hackers/crackers in Australia, Germany, and the United States. To me, it really reads more like an ethnographic anthropological study, than about hacks per se. But I found it very interesting. And best of all, the entire book is available for free:
http://www.underground-book.com/
in a download version.
jeff
He was arrested, convicted and sentenced in 1989 for doing something that at the time wasn't a crime; kept in solitary confinement for months on end; eventually released and was arrested again in 1992 for supposedly breaking parole conditions (he didn't); imprisoned for years without charge or trial and eventually has to incriminate himself to be released. Meanwhile he has to idly stand by why Shimomura and Markoff slander him repeatedly -- the most vicious slander incidentally being the accusation of the "crime" for which he was originally imprisoned (which Markoff more or less admits to spinning for "good-copy" at the end of "Freedom Downtime").
Who deserves that?
Look this stuff is just crazy.
I used to be very involved in the scene years ago under many names: juuri, syy, ^_, y, y-windoze and on and on. Mitnick was not this legendary figure people are making him out to be. Those who were around then know of others who did much more than him and got away with a fuckload more. Thinking he is using this as smokescreen is giving him some status as legendary.
The truth of the matter is most hackers absolutely paled in comparison to stuff done by the phreaks of the 80s. Even before the rise of the script kids there was very little original stuff going on. One person would figure something out and use it for a few months before trading it to someone else and then it would enter the scene.
You guys need to understand back then yp was everywhere and insecure, nfs was completely exploitable in many ways, telnet daemons were retarded (-fr00t anyone?), hosts abounded with +s in the hosts.equiv, firewalls didn't exist, source routing still worked and on and on. Even back then secured hosts were easily comprimised by finding a single account on a badly secured host, just like today.
It always pains me on slashdot when these articles come up and people fall all over themselves to heap praise on people like Mitnick who were nothing more than petty opportunists with a good sense of trading. Mitnick getting caught also ended a lot of the fun for many of on networks; most people don't recall the extreme lockdown that went into effect on well.com and other community sites of the time.
--- I do not moderate.
Seriously. There's no way somebody able to handle the task of organizing such a large force would be idiotic enough to give nukes phone lines. Then again, we are talking about the United States government...
"Screw slashdot." -- Linus Torvalds
Screw the money bit. Just tell stories here.
Here's one from around 1992. I was in Houston, talking to a friend just outside the city limits. While we were talking, my scanner landed on a cordless phone nearby. It was loud enough for him to hear, and we started hearing digits.
I had a modem that would decode DTMF, so I patched it into the call and told it to start decoding. We continued listening, and sure enough, the chick on the other end made more calls. At some point she called a pager, so we got that number. Then she put in the number to call, which of course was hers. So now we had both of those.
So a minute or two later her phone rings, and it's the guy she paged. They start talking about stuff, and meanwhile my friend has grabbed his second phone line and has started paging this guy. He's plugging in all kinds of wild stuff, and we can hear it going off over the phone. "Damn baby, my pager is blowing up!"
Then he starts in on the actual chick. She has call waiting, so we hear it when she clicks over. She'd say something about going out for some burgers, and he'd ring up and say "don't eat burgers, eat chicken", or something like that.
The best part is that she tried to use *69 (swbell having recently added the CLASS stuff), but it failed since he was on another telco. Those two companies didn't have the interconnects working for that yet, so he was unaffected by any of it.
He didn't harass her for very long, but it was particularly amusing to me at the time. All it took was a scanner and a way to elude the most basic of call return services. Obviously I didn't do any of the calling, since my numbers would have been returnable. I just sat back and listened.
definitely had skills
actually i am a little curious
i remember reading about things he had done (e.g. "mitnick attack" (connection hijacking?) where IIRC you take down a genuine host by basically DoS-ing a legitimate machine and then impersonate that machine, made possible because the TCP increment value was predictable and not random)
it definitely took an understanding of the way TCP etc. worked in order to come up with something like that (i guess it was really him who came up with it and not something he learned elsewhere?)
but then, things have evolved in such a manner that these problems/holes/exploits are no longer possible - you can't hijack an SSH shell this way, for example (who nowadays still uses telnet on the open net?), TCP stacks have been rewritten, etc. - how many of the old-line "skillz" are still applicable nowadays?
have the original hackers (i guess i should call them crackers instead) maintained their "lethality" in the face of progress, or is it always a new generation of people who just "understand" the current state of the tech who develop the knowledge/whatever to break into machines of that era, after which at some point they "lose" it and then no longer are able to follow evolution/development?
It was unjust to have Mitnick held w/out bail/trial for years, that they were charging him for millions of dollars on behalf of companies who did not even report such losses in Annual Reports, asinine how they would not allow him/his lawyers to copy the HD of evidence they had of him (they wanted him to give them the pw to decrypt the info). ETc etc etc. However, Bernie S.'s story was more interesting to me than Mitnick's. He wasn't doing anything to defraud the phone company. He was simply selling something that Radio Shack was *also* selling at the time. Selective prsection if you ask me. Charging him for *potentially* having materials that could be used as explosives? That's crazy. And on top of that, the material they believed to be explosives turned out to be dentist's putty left behind by the previous tenant. Ehh, just read his story if you haven't already. http://www.2600.com/law/bernie.html
When I was going to school, I worked at Kinko's. I worked at the branch in Thousand Oaks/Westlake California, which happens to be a more upscale community. We used to get all sorts of notable people coming in to get copies. While most of my co-workers were always freaking out when the more mainstream celebrities would come in (Tom Selleck, Hulk Hogan, Heather Locklear, Will Smith, and Martin Lawrence are a few that spring in to mind), I was always more impressed by some of the more obscure personailities that would come in, including my personal favorite Bas Rutten - who, incendentally, is such a nice guy that none of my co-workers would believe me when I told them what he did for a living.
However, the one "customer" that was the most interesting was Kevin Mitnick. For those of you who do not know, Kevin lives in Thousand Oaks. At the time, he lived about a quarter mile from Kinko's. He came in just about every day over a three month span. Myself and one of the graveyard guys were the only ones who even knew who Kevin Mitnick was. He used to come in, with a laptop, and set up over in one of the corners. He would never plug into our network, which was kind of odd, so everyone just assumed that he was coming in just to have a place to do some work.
One night, our cleaning crew discovered an 802.11b wireless internet hub hidden under a table. It was plugged into our network. The next morning, we unplugged it (FWIW, I believe the graveyard guy ended up taking it home). That day, Kevin came in, went to his normal spot, and started up his laptop. He started looking around, real confused, and walked over to where we had found the hub. When he saw that it was gone, he started looking really panicked. He went and picked up his laptop and left, all the time holding a piece of paper up to hide his face from the cameras. That was the last time he ever came in.