Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mitnick Calls for Hacker Stories

Posted by michael on from the one-that-got-away dept.

ram writes "Famed hacker and master social engineer Kevin Mitnick has been commissioned to write a new book following the success of his first text The Art of Deception. The new book, tentatively titled 'The Art of Intrusion' will tell the stories of real hacks, with the names of attackers obscured to protect them from the authorities and their victims. Mitnick has called on retired hackers to come forward with their stories, offering a $500 (283) prize for the best story that makes it into the book, and a $200 payment for all stories that make the final draft."

28 of 242 comments (clear)

  1. I wonder if by dan+dan+the+dna+man · · Score: 5, Insightful

    he will take care to protect the identities of the targets too. I can see no end of trouble when "A Big Co." finds out they were completely rooted and had no idea..

    IANAL - lets say for the sake of argument I was an ex-hacker with a story to tell that ended up in print. Even with this much vaunted anonymity I would still be worried about publically confessing my misdeeds. Especially in the UK where hacking offences can be covered with anti-terrorist legislation these days.

    --
    I don't read your sig, why do you read mine?
  2. Re:Why is Mitnick so famous? by Crypto+Gnome · · Score: 4, Insightful

    er, the 'attention' (most especially from the media) occured as a direct result of his being caught, or were you not paying attention at the time?

    Hiding under a particularly large rock?

    Or perhaps you were on your way here from (for example) Europa?

    --
    Visit CryptoGnome in his home.
  3. Wait a second... by JamesD_UK · · Score: 5, Insightful
    Sounds like a cheap and easy way to write a book if you ask me.

    1. Get others to produce the content of your book
    2. Publish
    3. ???
    4. Profit!

    1. Re:Wait a second... by dipipanone · · Score: 4, Insightful

      What, you think Mitnick actually *wrote* his first book himself?

      Perhaps he did, but given how modern publishing works, I'd be very surprised if that were true. These works are most likely ghostwritten attempts to cash in on his outlaw celebrity status (as told to A. Hack) and the follow-up is another attempt to capitalize on the Mitnick brand(tm) and its status in the burgeoning script kiddie market.

      You don't really think an editor commissioned this book because its likely to be a valuable contribution to culture, do you?

    2. Re:Wait a second... by jsailor · · Score: 4, Informative

      AGREED. I published a book and paid out a much greater sum to contributors than what Mr. Mitnick is offering. Especially for the components that will make is book interesting to a wider audience. The key with publishing is to attract as large as an audience as possible - which the anecdotal stories will certainly help to do because they give the masses an insight into the hidden world.

      In general, royalties for U.S. sales are 5-10% of the sale price of the book from the publisher - usually 50-55% off of the cover price. Foreign sales often yield a fixed price per unit sold. Really geeky books have an audience of 5,000-10,000 readers. Mass market geek books 2-10 times that. The anecdotes will push this book well beyond that. I rant, but do the math and you'll see that $200 and $500 is very exploitive.

  4. one thing for sure... by Janek+Kozicki · · Score: 4, Funny

    IT people and security-concerned people will hopefully learn a lot from this book.

    good to see security improving as the time passess....

    --
    #
    #\ @ ? Colonize Mars
    #
  5. Confirmation by Tango42 · · Score: 5, Insightful

    How does he intend to confirm the stories are true? If he is trying to keep indentities quiet, he is going to have problems confirming them.

  6. nice gig by Anonymous Coward · · Score: 5, Funny

    Let's see...I'll give away a few hundred dollars for some stories of hacks, put them in a book and make thousands of dollars from it. I think he's still a damn good social engineer.

  7. Re:Why is Mitnick so famous? by modpod · · Score: 5, Interesting

    because he was held without a trial for so long.... and eh, in the mid 90's people in the phreaking/hacking community decided to rally behind him. that part, i don't remember the specifics of. also, he was one of the first publicly discussed (newsmedia, websites) individuals banned from computer or electronic device use. funny sidenote, in highschool several years back, i was testing innoculate's latest patches for the school (without telling the network admin bumblehead), and i ended up being banned from touching all electronics at school nearly indefinitely! they wouldn't even let me troubleshoot a printer or a vcr... fools. it was funny though, and i was the first such case in the school district. go figure.

  8. Interesting... by puddpunk · · Score: 5, Interesting

    Personally, I could see this turn of events coming. Having read books such as Cyberpunk and Takedown and watched that doco "Freedom Downtime" I've drawn the conclusion that Kevin appears to be more "misguided" than dangerous and also more "attention seeking" than a model hacker for script kiddies to chase after.

    I must admit though, I would be _very_ interested to read this book when it hits the press :)

  9. Sure, offer me $200... by Pollux · · Score: 5, Insightful

    ...and I'll be happy to give to you some kinda fish story. Yea, there was that time back in '83 where some buddies and I were sitting 'round our dorm room and thought, "Hey, how long's it been since someone's busted into Langley's database?" And so, we all tossed five bucks in a pot for the first to break in and find the SS# of the Director of the CIA...

    Really, how are you gonna know that these stories are actually real?

  10. And to his surprise .... by bain · · Score: 4, Funny

    An anonymous coward sends him detailed information about how his own computer was hacked and information sent to Tsutomu Shimomura, causing his capture.

    --
    Sanity is a majority vote.
  11. I've got a story by rf0 · · Score: 5, Funny

    Well d00d I got this l33t tool called t3ln3t. I connected to other people computers and got things like "SSH-1.99-OpenSSH_3.7.1p2". The 0th3r kidi33s were like. "D00D!!". I was like w0ah. I am so l33t

    Rus

    --
    Cheap UK and US VPS
  12. Crazy Legal Question by Crypto+Gnome · · Score: 4, Interesting

    So, if someone breaks the law, and then tells you about it afterwards (but before they're brought to justice) doesn't that make you (in legal terms) an accessory after the fact?

    --
    Visit CryptoGnome in his home.
  13. Let them hack their way into the book by bain · · Score: 5, Interesting

    Setup a Machine and they can hack into it to submit their stories.

    This way if they are good enough not to be traced, the chances are good they actually did something real. It also removes most of the possible "script kiddies" submittions ;P

    --
    Sanity is a majority vote.
  14. Re:I got some to contribute. by ShadowBlasko · · Score: 5, Interesting
    While I do not personally have any to contribute, I have a friend who most likely could.

    Unfortunantly, he is rather busy at the moment.

    I would send him an email and tell him about it, but I don't think he's gonna be answering anything electronic for a little while.

    No, this is not a joke. Yes, this is a real friend of mine. And yes, I am probably a rat bastard for posting this on here. However, he did some of this from *home*!

    Jesus eppie, I thought you knew better than that!

    I guess the reason I am posting this is for all those of you who think that "thrill hacking" for fun, and not doing any real damage, will just get you a slap on the wrist if you are caught. Bet thats what eppie thought.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
  15. Mitnick is social engineering you! by SexyKellyOsbourne · · Score: 4, Insightful

    We all know Mitnick is in quite a bit of trouble, but the fact that he's a good social engineer still persists. He was traumatized in jail, and most of what he was severely punished for was probably due to non-cooperation, in that "hacker" attitude, with very influential people. Most likely, he got out of such things by giving in and cutting deals.

    Before you send in any good stories, be they fact or fiction, think of this: what if FBI / Homeland Security agents are on the case working with Mitnick, reading those letters that will supposedly go into the book and tracing who sent them? They've been known to do similar things to get people to brag before, which is the easiest way to catch people, or at least make it seem that way. With John Ashcroft and Tom Ridge in the government, they will stoop to any low to put hackers, whom they view as terrorists, behind bars.

  16. im a paid hacker by Anonymous Coward · · Score: 4, Interesting

    I'm an active penetration tester, have been for some years. I can tell you now that from all the testing i've completed (including lots of clients in the financial sector and govt.) I wouldnt even be entertaining the idea of remotely telling anonymous tale stories. The risk is just too great. And for a measily $200?

    Give me a break.

    When you've proven to a client that millions could potentially be stolen, the last thing you'd want to do is discuss it in a book, anonymously or not.

  17. He is just covering his tracks !! by Pingo · · Score: 4, Insightful

    I think he needs the anonymous hacker contributions as a smokescreen for some of his old unknown hacks.

    This guy has probably done more than he is accused for and has got an urge to brag about all his hacks. Doing so might get him into more legal trouble and he needs some anonymous hackers as legal frontends. //Pingo

    --
    --- Linux or FreeBSD, it's like blondes or brunettes. I like both. ---
    1. Re:He is just covering his tracks !! by juuri · · Score: 4, Interesting

      Look this stuff is just crazy.

      I used to be very involved in the scene years ago under many names: juuri, syy, ^_, y, y-windoze and on and on. Mitnick was not this legendary figure people are making him out to be. Those who were around then know of others who did much more than him and got away with a fuckload more. Thinking he is using this as smokescreen is giving him some status as legendary.

      The truth of the matter is most hackers absolutely paled in comparison to stuff done by the phreaks of the 80s. Even before the rise of the script kids there was very little original stuff going on. One person would figure something out and use it for a few months before trading it to someone else and then it would enter the scene.

      You guys need to understand back then yp was everywhere and insecure, nfs was completely exploitable in many ways, telnet daemons were retarded (-fr00t anyone?), hosts abounded with +s in the hosts.equiv, firewalls didn't exist, source routing still worked and on and on. Even back then secured hosts were easily comprimised by finding a single account on a badly secured host, just like today.

      It always pains me on slashdot when these articles come up and people fall all over themselves to heap praise on people like Mitnick who were nothing more than petty opportunists with a good sense of trading. Mitnick getting caught also ended a lot of the fun for many of on networks; most people don't recall the extreme lockdown that went into effect on well.com and other community sites of the time.

      --
      --- I do not moderate.
  18. it's worked before by proradium · · Score: 4, Informative

    http://www.underground-book.com/ this style of book has been done before (in australia anyway) and with relative success. The best part about that book was how the author made it available for the public to d/l. an interesting read ...

  19. Re:'3' filled in for Crime; it does pay by Stephen+Samuel · · Score: 5, Informative
    My nephew recorded an MP3 (his digital voice recorder encodes to MP3 format) of himself singing me Happy Birthday, I downloaded it.
    Please tell me which law I broke, exactly?

    Copyright. The copyright on Happy Birthday is not expired. and it won't for another couple of decades (unless copyright laws change again).

    --
    Free Software: Like love, it grows best when given away.
  20. Bold highwaymen by AllenChristopher · · Score: 4, Interesting
    There have been a couple of ideas put forward in response to your question... my feeling is that Mitnick isn't famous because he was caught, but because he dared to go for the big score, and because he ran.

    Running from the authorities using his advanced level of hacking skill, creating new IDs and such as he went, having stolen the data for the intellectual thrill of it, not for financial gain, then improperly held by a vengeful government... That's a classic tale. I don't know if it's a true story, but that was the popular perception at one point.

    In the 18th century, there was, in England, an absolute adoration of the highwayman. There were courteous highwaymen like Dick Turpin, whose victims had only this regret: that they could not have met him under other circumstances and been friends. There were brutal highwaymen, like Jack Sheppard, who was noted for his violence and for escaping Newgate with fetters on his limbs. There were gallant highwaymen, like Claude Duval, whose arrest was supposedly mourned by women across the country.

    Other countries and that and other times have had the same respect for any bold thief. John Dillinger is the best modern example.

    And as for getting caught, the populace believes that if you live bravely enough as a criminal, you WILL eventually get caught. That's really the basis of the admiration. If you could simply escape the government by being strong enough, as in the 1200s, you'd only be feared as a danger to all. It's the assurance of eventual capture that gives living on the edge its glamour. This, in particular, applies to Mitnick where it wouldn't to a mere modern carjacker, because we know the carjackers aren't caught. There are so many muggers and rapist and straight-up burglars who prey on the populace directly and succeed that we can't respect them. We fear them. A bank robber or a hacker can go after the big score, the wealth of the very rich, and leave us entertained participants.

    There are, of course, plenty of major criminal hackers who do get away with it, as with any other crime, hackers we never hear about because they stayed safe, played it smart all the way. Some of them may be reading this now. Hi boys... you're assumed to be mean of spirit, not to have aimed high enough to get caught, mere embezzling rats or at most a sort of criminal investment banker. How does that feel?

    Eventually the statute of limitations will start to run out on modern hackers who have done some pretty cool things, and we'll start to read the full stories of the ones who did go for the big score and get away with it in the Net age, just as we now revere some of the early phreakers who dared and won. Until then, the successful hacker will remain the province of fiction.

    It's also interesting to note that in the 19th century, it was felt that the effect of the poems and plays about thieves had the same deleterious effect that comic books, rock music and video games were later held to have.

    This post is reacher for 600 words, though, and beyond this I might as well write a properly-researched article, so I'll leave it here.

  21. One of my favorite books about hackers by dr_canak · · Score: 4, Interesting

    I may have posted this link some time ago, but I think it's worth a repost. "Underground" by Suelette Dreyfus is, to me, a very interesting book looking at the hacking/cracking culture of the mid 1980's.

    It follows the stories of several hackers/crackers in Australia, Germany, and the United States. To me, it really reads more like an ethnographic anthropological study, than about hacks per se. But I found it very interesting. And best of all, the entire book is available for free:

    http://www.underground-book.com/

    in a download version.

    jeff

  22. Re:Why is Mitnick so famous? by Anonymous Coward · · Score: 4, Insightful

    He is famous because he got caught and, perhaps more importantly, because the authorities either decided to make an "example" of him or were actually deluded by the exaggerated portrayals and feared him.

    Note that reading "The Art of Deception" is very enlightening as to what Kevin's skills and knowledge are really focused on. As someone with more than enough technical knowledge, but very limited social engineering skills (and no particular desire) to actually break into systems (I often find holes and create exploits, but only on my own systems, and I report them to the project or vendor), I can appreciate what his skills are, how they differ from mine, and how totally detached from reality the common perceptions about the danger of technical vs. social hacking skills are.

    I think that the reason Kevin got caught is because he wasn't acting rationally - he wasn't hacking for profit, with the appropriate caution to avoid getting caught, but because he was driven to it. He was probably far more active than cautious hackers. He probably misestimated the level of efforts that would be used to track him, because prior to his case, there weren't many high-profile cases.

    It doesn't necessarily imply anything, good or bad, about his skills. Perhaps about his judgement at the time.

  23. Why these books are good by tarnin · · Score: 4, Insightful

    For people like us (slashdotters) these books are mostly tales and overly obvious statements. Interesting and sometimes fun to read. That's about it.

    To people NOT like us (read: small/mid company admins and even some larger company admins) alot of this is actually an eye opener. Case in point: Some of you may know that I work for a smaller, privatly owned ISP. Because of this, we cater to a bunch of mid/small businesses. I have suggested his first book for them to read. I have gotten no less than 20 call backs after they read the book with statements like "Wow, I never even thought of that!" and "Thanks for the book tip! Helped me out alot and we have tightned up security with our staff." You're lucky to find a semi-competent admin in companies this small (or an admin at all) let alone one who understand or has even heard of social engineering or any type of specific attack out side of what the main stream media reports.

    Keep in mind that alot of admin in these companies have heard DoS and DDoS before, maybe even the names of a few well know worms but they don't even know what they stand for or what they do. They are nothing more than the catch phrase of the week. Books like this are pretty invaluable to them as they are not written from a tech stand point (Hardening Cisco comes to mind) and are eaisly understood and easy to put into practice by someone who is the admin because they know what HDD stands for or were hired on the lowest possible salary.

    Don't get me wrong here, these are not the end all be all security books but they are a great boon to the customers that I service.

  24. This is cover for reporting HIS OWN exploits... by Curious__George · · Score: 4, Insightful

    People are getting all righteously indignant and aren't seeing the real purpose of this offer. By appearing to anonymously post OTHER'S stories, he will be free to publish HIS OWN stories under some cover. He will be able to use the journalist's right to conceal the names of his sources to protect himself - and yet still tell his stories. I'm sure he will still use a few others, but the only ones that he can know really happened for sure are those HE performed.

    Curious George

    --
    ***General Consultant to the Human Race*** My opinions are free. You get what you pay for.
  25. Re:Nuclear War with a Telephone ... Holy Cow. by ChaoticLimbs · · Score: 4, Interesting

    Actually, I learned how to dial the telephone by whistling and vocalizing two different notes at the same time. I used to amaze my friends by dialing for pizza using only my voice and whistle. It's a wierd kind of whistle but with loads of practice and careful listening to and copying a standard touch tone telephone, I think anyone could do it.
    Never underestimate the power of a geek with no social life.
    And that's the ONLY thing I will admit to. Note non-anonymous post.