Slashdot Mirror
Mitnick Calls for Hacker Stories
ram writes "Famed hacker and master social engineer Kevin Mitnick has been commissioned to write a new book following the success of his first text The Art of Deception. The new book, tentatively titled 'The Art of Intrusion' will tell the stories of real hacks, with the names of attackers obscured to protect them from the authorities and their victims. Mitnick has called on retired hackers to come forward with their stories, offering a $500 (283) prize for the best story that makes it into the book, and a $200 payment for all stories that make the final draft."
He is a famous hacker because he got caught. There are thousands of hackers much better (if that's the right word), so why does he get all the attention?
When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
he will take care to protect the identities of the targets too. I can see no end of trouble when "A Big Co." finds out they were completely rooted and had no idea..
IANAL - lets say for the sake of argument I was an ex-hacker with a story to tell that ended up in print. Even with this much vaunted anonymity I would still be worried about publically confessing my misdeeds. Especially in the UK where hacking offences can be covered with anti-terrorist legislation these days.
I don't read your sig, why do you read mine?
1. Get others to produce the content of your book
2. Publish
3. ???
4. Profit!
IT people and security-concerned people will hopefully learn a lot from this book.
good to see security improving as the time passess....
#
#\ @ ? Colonize Mars
#
How does he intend to confirm the stories are true? If he is trying to keep indentities quiet, he is going to have problems confirming them.
Let's see...I'll give away a few hundred dollars for some stories of hacks, put them in a book and make thousands of dollars from it. I think he's still a damn good social engineer.
1. Perform illicit activity (crime: 'hacking' or 'cracking' for those who prefer that term)
2. Get away with it.
3. Get paid for story publishing.
4. Profit!!!
Seriously though, as I'm sure many of these hackers/crackers will be heralded as (demi-)heroes by many visitors of Slashdot, and I understand that often the sentences for those caught are ridiculous, it should not be forgotten that they -did- commit a crime.
Now, they were 'smart' enough to not get caught for that crime, too. Which means they can gloat about their hack/crack in private of with tight friends or do whatever the heck they want with it already.
But now they're getting paid to talk about those hacks/cracks - and retain their anonimity ?
There's something very wrong with that picture, in my humble opinion.
Personally, I could see this turn of events coming. Having read books such as Cyberpunk and Takedown and watched that doco "Freedom Downtime" I've drawn the conclusion that Kevin appears to be more "misguided" than dangerous and also more "attention seeking" than a model hacker for script kiddies to chase after.
:)
I must admit though, I would be _very_ interested to read this book when it hits the press
...and I'll be happy to give to you some kinda fish story. Yea, there was that time back in '83 where some buddies and I were sitting 'round our dorm room and thought, "Hey, how long's it been since someone's busted into Langley's database?" And so, we all tossed five bucks in a pot for the first to break in and find the SS# of the Director of the CIA...
Really, how are you gonna know that these stories are actually real?
Even if the book includes as many as 100 stories, that's only $20,000. We can be sure that Mitnick will be making a lot more than that, and the publisher will be making much, much more.
Don't most honest, law-abiding people nowadays disapprove of criminals profiting from their crimes? Well it sure seems like Mitnick is profiting from his crimes with this book because the publisher is using his name to sell it.
Kinda cheap and sleazy if you ask me, which you didn't.
was a typical social engineering story.
Some hacker wanted to haxor some local republican servers. But these things turn out well secured, so he needed some physical access to the boxes. So he claimed to be a fundamentalist protestant (well, he didn't put it this way obviously) and asked the local repubs for some help for anti-abortion protests. He convinced the people to paint transparents in the server room. Ownage occured mysteriously. Well, not so mysteriously, 'cos the FBI got him in the end.
To save his honour, it must be said that he indeed turned up at the anti-abortion protest, even throwing some tomatoes.
Well, he was a crazy Nader follower. Quite funny , when you think about it - the hacker helped in the repubs due to the bad press in the end. And even Nader helped Bush by sucking votes away from Gore. These ecos can be very strange some times.
Owner of a Mensa membership card.
It's not just statute of limitations, but rather where they exist and if they exist.
In my younger days I did some mischief along those lines, but considering the number of countries that I traversed in my electronic travels, I'd be a little concerned if any of them raised any flags.
Especially since some of them that "old" folks like me used to traverse have less than pleasant human rights records.
Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
Holy cow, is this serious ?
But, just imagine if J. Reno could come up with the Nuclear War stuff for Mitnick, what a field day J. Ashcroft would have had if he had a chance ... Or maybe Ashcroft is already having a S&M ball. It is all so secretive nowadays.
Lucky Mitnick...
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
An anonymous coward sends him detailed information about how his own computer was hacked and information sent to Tsutomu Shimomura, causing his capture.
Sanity is a majority vote.
Well d00d I got this l33t tool called t3ln3t. I connected to other people computers and got things like "SSH-1.99-OpenSSH_3.7.1p2". The 0th3r kidi33s were like. "D00D!!". I was like w0ah. I am so l33t
Rus
Cheap UK and US VPS
You'd better hope that this troll doesn't know what he's talking about.
Rank Presidents by th
So, if someone breaks the law, and then tells you about it afterwards (but before they're brought to justice) doesn't that make you (in legal terms) an accessory after the fact?
Visit CryptoGnome in his home.
including the missing chapter.
Mitnick's 'Lost Chapter' FoundWhile there are always two sides to a story, from what Kevin says, it sounds like Markoff and Shimomura exploited the situation for all the $$$ they could get.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Setup a Machine and they can hack into it to submit their stories.
;P
This way if they are good enough not to be traced, the chances are good they actually did something real. It also removes most of the possible "script kiddies" submittions
Sanity is a majority vote.
Unfortunantly, he is rather busy at the moment.
I would send him an email and tell him about it, but I don't think he's gonna be answering anything electronic for a little while.
No, this is not a joke. Yes, this is a real friend of mine. And yes, I am probably a rat bastard for posting this on here. However, he did some of this from *home*!
Jesus eppie, I thought you knew better than that!
I guess the reason I am posting this is for all those of you who think that "thrill hacking" for fun, and not doing any real damage, will just get you a slap on the wrist if you are caught. Bet thats what eppie thought.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
We all know Mitnick is in quite a bit of trouble, but the fact that he's a good social engineer still persists. He was traumatized in jail, and most of what he was severely punished for was probably due to non-cooperation, in that "hacker" attitude, with very influential people. Most likely, he got out of such things by giving in and cutting deals.
Before you send in any good stories, be they fact or fiction, think of this: what if FBI / Homeland Security agents are on the case working with Mitnick, reading those letters that will supposedly go into the book and tracing who sent them? They've been known to do similar things to get people to brag before, which is the easiest way to catch people, or at least make it seem that way. With John Ashcroft and Tom Ridge in the government, they will stoop to any low to put hackers, whom they view as terrorists, behind bars.
use Social Engineering to get "hackers" to publicly brag about their illicit activities, in exchange for modest "prizes."
collect reward money AND complete parole obligations.
retire.
I'm an active penetration tester, have been for some years. I can tell you now that from all the testing i've completed (including lots of clients in the financial sector and govt.) I wouldnt even be entertaining the idea of remotely telling anonymous tale stories. The risk is just too great. And for a measily $200?
Give me a break.
When you've proven to a client that millions could potentially be stolen, the last thing you'd want to do is discuss it in a book, anonymously or not.
I think he needs the anonymous hacker contributions as a smokescreen for some of his old unknown hacks.
//Pingo
This guy has probably done more than he is accused for and has got an urge to brag about all his hacks. Doing so might get him into more legal trouble and he needs some anonymous hackers as legal frontends.
--- Linux or FreeBSD, it's like blondes or brunettes. I like both. ---
http://www.underground-book.com/ this style of book has been done before (in australia anyway) and with relative success. The best part about that book was how the author made it available for the public to d/l. an interesting read ...
...he's got a job with the FBI now.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
Running from the authorities using his advanced level of hacking skill, creating new IDs and such as he went, having stolen the data for the intellectual thrill of it, not for financial gain, then improperly held by a vengeful government... That's a classic tale. I don't know if it's a true story, but that was the popular perception at one point.
In the 18th century, there was, in England, an absolute adoration of the highwayman. There were courteous highwaymen like Dick Turpin, whose victims had only this regret: that they could not have met him under other circumstances and been friends. There were brutal highwaymen, like Jack Sheppard, who was noted for his violence and for escaping Newgate with fetters on his limbs. There were gallant highwaymen, like Claude Duval, whose arrest was supposedly mourned by women across the country.
Other countries and that and other times have had the same respect for any bold thief. John Dillinger is the best modern example.
And as for getting caught, the populace believes that if you live bravely enough as a criminal, you WILL eventually get caught. That's really the basis of the admiration. If you could simply escape the government by being strong enough, as in the 1200s, you'd only be feared as a danger to all. It's the assurance of eventual capture that gives living on the edge its glamour. This, in particular, applies to Mitnick where it wouldn't to a mere modern carjacker, because we know the carjackers aren't caught. There are so many muggers and rapist and straight-up burglars who prey on the populace directly and succeed that we can't respect them. We fear them. A bank robber or a hacker can go after the big score, the wealth of the very rich, and leave us entertained participants.
There are, of course, plenty of major criminal hackers who do get away with it, as with any other crime, hackers we never hear about because they stayed safe, played it smart all the way. Some of them may be reading this now. Hi boys... you're assumed to be mean of spirit, not to have aimed high enough to get caught, mere embezzling rats or at most a sort of criminal investment banker. How does that feel?
Eventually the statute of limitations will start to run out on modern hackers who have done some pretty cool things, and we'll start to read the full stories of the ones who did go for the big score and get away with it in the Net age, just as we now revere some of the early phreakers who dared and won. Until then, the successful hacker will remain the province of fiction.
It's also interesting to note that in the 19th century, it was felt that the effect of the poems and plays about thieves had the same deleterious effect that comic books, rock music and video games were later held to have.
This post is reacher for 600 words, though, and beyond this I might as well write a properly-researched article, so I'll leave it here.
... I can take money out of Kevin's bank account any time I like ;-)
Code, Hardware, stuff like that.
hacker (from http://www.kernelthread.com/mac/apme/tools/)
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
evil ??
Hackers would get more money writing for SysAdmin.
I may have posted this link some time ago, but I think it's worth a repost. "Underground" by Suelette Dreyfus is, to me, a very interesting book looking at the hacking/cracking culture of the mid 1980's.
It follows the stories of several hackers/crackers in Australia, Germany, and the United States. To me, it really reads more like an ethnographic anthropological study, than about hacks per se. But I found it very interesting. And best of all, the entire book is available for free:
http://www.underground-book.com/
in a download version.
jeff
I wonder whether Mitnick will have to edit and typeset some of his work on a typewriter, since he can't touch a computer...
That's the model that Scott Adams has been using for about 15 years with Dilbert. He ran out of ideas after the first two years but at that point he was popular enough that people sent him screwy stuff that was happening in cube-farms. Now I admit he is brilliant at putting them in a humorous context, but they're not necessarily all his ideas.
This sig best viewed in a drunken stupor.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
For people like us (slashdotters) these books are mostly tales and overly obvious statements. Interesting and sometimes fun to read. That's about it.
To people NOT like us (read: small/mid company admins and even some larger company admins) alot of this is actually an eye opener. Case in point: Some of you may know that I work for a smaller, privatly owned ISP. Because of this, we cater to a bunch of mid/small businesses. I have suggested his first book for them to read. I have gotten no less than 20 call backs after they read the book with statements like "Wow, I never even thought of that!" and "Thanks for the book tip! Helped me out alot and we have tightned up security with our staff." You're lucky to find a semi-competent admin in companies this small (or an admin at all) let alone one who understand or has even heard of social engineering or any type of specific attack out side of what the main stream media reports.
Keep in mind that alot of admin in these companies have heard DoS and DDoS before, maybe even the names of a few well know worms but they don't even know what they stand for or what they do. They are nothing more than the catch phrase of the week. Books like this are pretty invaluable to them as they are not written from a tech stand point (Hardening Cisco comes to mind) and are eaisly understood and easy to put into practice by someone who is the admin because they know what HDD stands for or were hired on the lowest possible salary.
Don't get me wrong here, these are not the end all be all security books but they are a great boon to the customers that I service.
>Actually your batting average would be 1.000. 1 at bat >divided by 1 hit = 1 Totally offtopic. Bill James would slap you in the head. The original poster referred to "slugging" average, not "batting" average. If you were up once and hit a home run, your SLG would be 4.000 and your BA would be 1.000. Batting Average = H/AB Slugging Percentage/Average (SLG) = (H+2B+2*3B+3*HR)/AB Sports may be anathema to most Slashdotters, but sabermetrics oughta be geeky enough for anybody. [oddly, this is my first post ever...]
People are getting all righteously indignant and aren't seeing the real purpose of this offer. By appearing to anonymously post OTHER'S stories, he will be free to publish HIS OWN stories under some cover. He will be able to use the journalist's right to conceal the names of his sources to protect himself - and yet still tell his stories. I'm sure he will still use a few others, but the only ones that he can know really happened for sure are those HE performed.
Curious George
***General Consultant to the Human Race*** My opinions are free. You get what you pay for.
As I see it Mitnick remains of the same mindset as when he first showed off his cracking skills to a group of peers and was surprised when they turned him in.
Among his various complaints about his treatment by the Feds are that he was held without bail (gee, can you say 'established flight-risk'?), and that they held onto all of his computers (gee, after he declined to provide the encryption keys needed to access them as evidence?).
He's also clear about being bitter toward the author of 'Takedown' (advice, "never get in an argument with someone who buys ink by the barrel and paper by the train-car") and Shimomura(sp?) (Let's see, you break into lots of machines, eventually you come up against someone better'n you and now you complain that they exact some revenge?)
His notoriety seemingly guarantees a certain audience for he and his publisher to profit.
Personally I've got no desire to help this guy along. In the excerpts from his book he has the brass to include himself in the 'hacker' ethic of places like LCS, Berkeley, JPL. Sorry, that image doesn't pass.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
Chicken Soup for the Hacker's Soul.
---
Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
It sounds like this book is going to be about crackers and cracking and not hackers and hacking.
Common usage tends to blur the meaning between the two concepts but I thought here on slashdot at least there was some instance that the two not get confused.
Seriously. There's no way somebody able to handle the task of organizing such a large force would be idiotic enough to give nukes phone lines. Then again, we are talking about the United States government...
"Screw slashdot." -- Linus Torvalds
I haxx0red the GIBSON. Ph33r m3, I AM 31337.
The more you know, the less you understand.
Moderator needs more Simpsons.
Analogies don't equal equalities, they are merely somewhat analogous.
These types af articles always seem to be a little strange. Would the "300 passwords" that he stole be a single password file, that maybe he brute forced the "Packers" password out of?
And what's up with the bit about threatening the President? It's illegal to collect guns and bombs for use in harming the president. It's not illegal to say that you want to harm the president.
More typical wierdness:
He admitted what? How much employee time? At $40/hour, that's 480,000 hours. That's 240 full-time employees at $40/hr for a year. That's not including the audits and "encryptions upgrades".Too much nonsense in there.
There are no trolls. There are no trees out here.
When I was going to school, I worked at Kinko's. I worked at the branch in Thousand Oaks/Westlake California, which happens to be a more upscale community. We used to get all sorts of notable people coming in to get copies. While most of my co-workers were always freaking out when the more mainstream celebrities would come in (Tom Selleck, Hulk Hogan, Heather Locklear, Will Smith, and Martin Lawrence are a few that spring in to mind), I was always more impressed by some of the more obscure personailities that would come in, including my personal favorite Bas Rutten - who, incendentally, is such a nice guy that none of my co-workers would believe me when I told them what he did for a living.
However, the one "customer" that was the most interesting was Kevin Mitnick. For those of you who do not know, Kevin lives in Thousand Oaks. At the time, he lived about a quarter mile from Kinko's. He came in just about every day over a three month span. Myself and one of the graveyard guys were the only ones who even knew who Kevin Mitnick was. He used to come in, with a laptop, and set up over in one of the corners. He would never plug into our network, which was kind of odd, so everyone just assumed that he was coming in just to have a place to do some work.
One night, our cleaning crew discovered an 802.11b wireless internet hub hidden under a table. It was plugged into our network. The next morning, we unplugged it (FWIW, I believe the graveyard guy ended up taking it home). That day, Kevin came in, went to his normal spot, and started up his laptop. He started looking around, real confused, and walked over to where we had found the hub. When he saw that it was gone, he started looking really panicked. He went and picked up his laptop and left, all the time holding a piece of paper up to hide his face from the cameras. That was the last time he ever came in.