Slashdot Mirror
Mitnick Helps Bust Bomb Hoaxer
PhrostyMcByte writes "According to The Register/SecurityFocus: 'Ex-hacker Kevin Mitnick is a hero to the small town of River Rouge, Michigan, after using his tech skills to help officials nab the culprit behind a harrowing series of bomb threats.'" According to the piece, Detective Lt. John Keck "began searching the Internet for technical guidance, which led him to Kevin Mitnick, who'd earlier demonstrated a technique for spoofing Caller ID on the specialty cable network TechTV." Mitnick's comment on the bomb hoaxer? "He wasn't really hacking... he was really just being a jerk."
"He wasn't really hacking... he was really just being a jerk."
Wait... can't the exact same thing be said about Kevin Mitnick?
I have discovered a truly marvelous
...the hoaxes unnerved some residents of the Detroit suburb, which boasts a population in the high four digits.
"It is kind of funny, I'll admit, but this is not the time for these kinds of games," says Keck.
No, it wasn't kind of funny. It was stupid... Really stupid. It wasted a lot of people's time. The bomb threat is one thing. Diverting police cars, forcing evacuations, searching for false bombs, making someone research how to track telephone calls, and having a writer tell a sensationalized story was a huge waste of time.
This had nothing to do with phone phreaking, hacking, or anything. It was a dumbass kid who made a call from a cell phone and someone doing their job and finding Mitnick (who of course was willing to look like the good-guy) to solve the problem.
For once I don't recommend that you RTFA.
Sorry, had to be said.
The detective is to be applauded for his creativity in finding the culprit. And let's also have some sympathy for him, 'cause you know this outcome has got him seeing red:
The prankster confessed, and this week pleaded guilty to a single count of making bomb threats. He's not expected to spend any time incarcerated. "They're going to try to come up to some sentence that will put him on track to be more productive," says Keck.
I'll bet five bucks the kid is in the "in crowd". Football season's over, and he's sitting in "gimme an 'A'!" shop class with the other jocks, figuring out what to do after they're done lifting the cheerleaders' skirts. "Hey, I know, let's call in a bomb threat. They'll strip search the geeks while we laugh our a$$ off!"
Here in Texas, 15 year olds who aren't in the "in crowd" get sent to jail for life, and nobody even seems to care. And there are plenty of ridiculous examples of innocuous behavior being punished by schools.
And this kid, a serial terrorist, is going to get off with a suspension -- probably because he's some bigwig's son, or else he's on "the team". What a load of crap.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
I guess some criminals _can_ be rehabilitated. Nice to see our system isn't _totally_ broken.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
To the media, what's the difference? Anyone who commits a crime involving a computer is considered a hacker to them...
for a minute there, i lost myself...
You can make a difference by doing good hackerly things and at the same time denouncing the draconian measures.
OTOH, mitnick did say it wasn't to him that people ought to be grateful but rather to shimomura. to me, that says something about mitnick.
but i agree the keck saying it was "kind of funny" is stupid.
ed
Said by the kid when captured "I would have gotten away with it too, if it weren't for you meddling haxors and your dog!"
All he did was advise the cops to use the same tracking techniques that got him caught. Not exactly brain surgery.
The dead-end led Keck to suspect that the caller was employing some hi-tech means to cover his tracks. *67?
To the media, what's the difference? Anyone who commits a crime involving a computer is considered a hacker to them...
hacker
n 1: someone who plays golf poorly 2: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers 3: one who works hard at boring tasks
Straight from Dictionary.com
Evolution or ID?
Case in point. Longview, Texas (where a very large portion of the senior class can not read at 8th grade level) is paying over 500,000 to have artificial turf installed on the damn football field.
They might not be able to read, but they have a kickass football stadium.
Hardly, however it is nice to see that he's using what skills he has (which aren't exactly steller) for good rather than just getting himself in trouble.
My hats off to him and I hope he keeps it up.
Wether people like it or not, there will always be someone that will misuse technology and its loopholes.
Isn't it nice that there are some people that KNOW those loopholes and that don't misuse them? How can we defend ourselves against something we don't know?
These kinds of actions bring the focus right to the differences between hacking and cracking most society is led to believe don't exist. Let me add that the good publicity comes in handy :)
I don't think this is an issue of technology as much as it is an issue of teachers needing to pay attention to their damn students.
reminds me of that movie "pay it forward" applied to criminal justice.
That's when you log off and unplug your computer from the net, maybe move, get a different ISP, change MAC addresses... etc...
MORTAR COMBAT!
It sounds like the phone companies were not that interested in helping the police out. Instead the police had to ask someone else to help them out. Other wise the police wouldn't have know which information to request on the warrents.
I wounder if the phone companies would have been more helpfull if there actually was a bomb that exploded?
Typical big biz...
What I do not understand was why they just did not watch one of the many cop shows on TV to find out how to call the phone company to get a trace placed on the call?
I make my face look like this and concerned words come out.
What happened: Officer: I need this TelCo: Searching... Nothing.. Try Again...
instead of what should have happened: Officer: We need to catch this haxor TelCo: Ok, ..., there it is!
Is there a reason there isn't a standardized procedure with the phone company whereby the cops say "there was a bomb threat made at 1pm to this number" and the phone company says "these were the incoming calls and where they came from"?
Seems ridiculous that the cops in Podunk need to know how to request the info specifically.
Before anyone jumps on me about privacy issues and overzealous cops with warrants, in cases where the customer (the school in this case) agrees to have their call records searched, this wouldn't really be an issue.
-PM
500GB of disk, 5TB of transfer, $5.95/mo
Kevin once demonstrated this caller id spoofing technique to me personally while I was working with him on his KFI 640AM radio talk show "The Dark Side of the INternet".
Believe me, it is extremely creepy to look at your ringing cell phone and see that you are calling yourself!
Kevin, bud...Great work!
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
River Rouge, MI (AP)- Notorious hacking mastermind Kevin Mitnick has been spotted by Michigan law enforcement teaching people how to circumvent security protocols. His peripheral involvement in a series of bomb threats has been noted by officer Keck and is being investigated.
"...showed me how...hack...phones", said Keck (extraneous text removed for clarity).
Mitnick, known for his evil attacks against such pillars of the community as Sprint and AT&T, may also have been seen eating a puppy. - AP
"Armed with Mitnick's advice, Keck went back to SBC and demanded a "terminating number search" for any calls made to the high school's lines on the dates of the bomb threats."
So really all Kevin did was point out how unhelpful SBC is to law enforcement? SBC could help but wasn't asked in the right way. How is our government expected to tackle matters of national security when the major communications companies are unwilling to help unless you say the "magic words."
So it's almost too good to be true to see Mitnick in a scenario where he's the hero who saves the innocent villagers but shows no animosity towards the perpetrator, just a good helping of world-weary contempt for somebody who thinks he's an anti-hero (hacker) but isn't. He also, in the same epic tradition, shows respect for the abilities of the man who brought him down in the first place.
Having worked with him personally, I can tell you that Kevin **knows** what he did was wrong. He has never made any statements to the contrary. He has complained about the abuses of the Justice system that occured in his case, but he would never use those abuses to justify criminal activity.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Mitnick wasn't rehabilitated.
He has just used his super-powerful skills of social engineering to make people 'think' he has been rehabilitated.
What did Mitnick do exactly? He told the police what to ask for from the phone company?
I would think if the police went to the phone company and asked them "we need to find out where these calls are coming from", the phone company would know what needs to be done to find out.
I hope everything Mitnick knows is also known by someone at the phone company. It seems the cooperation of the phone company would preclude the necessity of involving an "expert" like Mitnick.
The sad part of this is that the detective couldn't figure out what to ask for, or that SBC refused to cooperate fully. I think it's great that Mitnick gets some positive press and furthers the idea of white hat operations, but the more disturbing thing this story illuminates is how totally inept law enforcement is when it comes to tech issues.
The boy didn't even employ anything creative or hacker-like. He just dialed a number on his phone, and the authorities needed an ex-con hacker to help them with this?
I think stories like this call attention to the fact that there is a *desperate* need for more training of law enforcement people in tech issues.
I thought it clear that Keck didn't mean it was humerous. He meant that Keck thought it ironic, almost silly, that classmates and/or his teacher didn't see him or turn him in.
tasks(723) drafts(105) languages(484) examples(29106)
Agreed, what was done to Mitnick was wrong. But that does not justify the actions of the prank caller. I applaud Mitnick for making that distinction.
And psychopaths like this always think they're being bullied. That's because they're fucking paranoid and crazy. It's certainly not that kids are inherently paranoid and crazy. Yes, we need to pay more attention to children, but not because they're a threat.
Ugh. I hope that's just the cop mentality speaking. I hope most people don't actually think like that "Keck" guy.
There are no trails. There are no trees out here.
First the detective tries this: "When the detective served a search warrant on SBC Ameritech for the source of the calls, the phone company came up dry."
Then after he talks to Mitnick and gives a more specific request: "This time, SBC tracked the calls as far as cell phone carrier Sprint PCS, and identified the specific trunks on which the calls entered the local phone network."
Why does SBC need the help of an ex-hacker to come up with the right terminology to search its own system for evidence of crime? Do phone companies treat law enforcement with the same dull contempt that they do their regular customers?
I can just imagine: "Thank you for calling SBC Ameritech's search warrant compliance department. Please listen carefully to the following options, as they have recently changed. Press 1 if you are tracking an obscene phone caller. Press 2 if you are tracking a bomber. beep Thank you. Please press 1 if the bomber is threatening a commercial address. Press 2 if the bomber is threatening a residential address. beep...."
Now, the definition of "uncle" is "parent's brother" so Kevin would, in fact, be his own uncle. Along those same lines, the kid (other than possibly having flippers) would be his own cousin. I think.
If you had his babies, you would be the mother of Kevin's children, as well as his... um, mother-in-law? That's not quite right, since they're not married, but that's the general idea.
Kevin's father, then, would be the grandfather of kevin's child as well as the (step-?)father.
Ow, my brain hurts now.
I would've used the Trace-Buster-Buster-Buster-Buster-Buster.
And see the /. reaction change tone...
In Soviet Washington the swamp drains you.
What I find particularly disturbing is why the TelCo people weren't more involved. I mean:
..., there it is!
What happened: Officer: I need this TelCo: Searching... Nothing.. Try Again...
Instead of what should have happened: Officer: We need to catch this haxor TelCo: Ok,
I, on the other hand, am glad that the telephone company is not being randomly helpful, but insisting that the police go through proper channels before handing out call trace information.
Perhaps they could have told him what to ask for. But I prefer that they err on the side of citizen privacy and let the police learn to do their job through their own methods (as this officer did), rather than spending their resources (and raising customer bills) leading every nosy cop through the procedure by hand, thus encouraging its constant use for ever smaller issues and possibly giving them incorrect legal advice in the process.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Taken from here.
To start off with - 15 Ways to beat Caller ID
(0) This doesn't count as a way to beat CID, but there's a general
principle to consider when contemplating ways to beat CID.
Generally, the CID signal your target sees corresponds to the owner
of the dial tone you call him from. If you call direct, you dial
from your own dial tone and your line is identified. If you call a
third party, and by whatever means manage to acquire his dial tone,
and from there dial out, it is the number associated with that
second dial tone that your target sees. Some of the ideas following
this were developed with this basic idea in mind.
(0.5) This also doesn't count, but remember that beating Caller ID as
such is only the first layer of your protection. If your calling is
sufficiently annoying or criminal, there is *always* a paper trail
(ANI data, billing data, trouble reports, *57 traces, etc) leading
back to the phone you first called from. That trail is not always
easy or worthwhile to track you down with. Whether or not the trail
is followed depends entirely upon how pissed off your target is and
how much co-operation he can get from the phone company, law
enforcement, etc.
(1) Use *67. It will cause the called party's Caller ID unit to
display "Private" or "Blocked" or "Unavailable" depending on the
manufacturer. It is probably already available on your line, and if
it isn't, your local phone company will (most likely - please ask
them) set it up for free. This is the simplest method, it's 100
percent legal, and it works. But just remember you will not be
invisible to business customers with real time ANI (like on
corporate toll free lines), or to 911, or to the mechanism that *57
triggers.
(2) Use a pay phone. Not very convenient, costs 25 or 35 cents
depending, but it cannot be traced back to your house in any way,
not even by *57. Not even if the person who you call has Mulder and
Scully hanging over your shoulder trying to get an FBI trace (sic).
Janet Reno himself couldn't subpoena your identity. It's not your
phone, not your problem, AND it will get past "block the blocker"
services. So it's not a totally useless suggestion, even if you
have already thought of it.
(3) Go through an operator. This is a more expensive way of doing it
($1.25-$2.00 per call), you can still be traced, and the person
you're calling WILL be suspicious when the operator first asks for
them, if you have already tried other Caller ID suppression methods
on them.
(4) Use a prepaid calling card. This costs whatever the per-minute
charge on the card is, as they don't recognize local calls. A lot
of private investigators use these. A *57 trace will fail but you
could still be tracked down with an intensive investigation (read:
subpoena the card company). The Caller ID will show the outdial
number of the Card issuer.
(5) Go through a PBX or WATS extender. Getting a dial tone on a PBX is
fairly easy to social engineer, but beyond the scope of this file.
This is a well-known and well-loved way of charging phone calls to
someone else but it can also be used to hide your identity from a
Caller ID box, since the PBX's number is what appears. You can even
appear to be in a different city if the PBX you are using is! This
isn't very legal at all.
(6) I don't have proof of this, but I *think* that a teleconference
(Alliance teleconferencing, etc.) that lets you call out to the
participants will not send your number in Caller ID. In other
words, I am pretty sure the dial tone is not your own.
(7) Speaking of
If you RTFA, it's easy to figure out what how the prankster was blocking his caller ID.
;)
With SprintPCS, you can call your voice mail and one of the options is to place a call. When you place a call using this method, your caller ID information isn't sent. Of course, Sprint still has logs of who you're calling so the only evil deed it's really good for is calling an ex-girlfriend and telling her you think she's fat and no good in bed.
Back in my day, kids that called bomb threats into the school used payphones... And they didn't get caught.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
And you guys locked him up for years! Imagine what he could have done for you if his sentence was to contract for the FBI or the NSA!
WURD!!
They didn't have the telephony-fu to ask the phone company for what they needed. The phone company, in the manner of bureaucratic twits everywhere, answered the question that was asked, not the one that needed asking.
Now, that is probably good in a subpoena situation. But if a properly identified law enforcement officer was tracking a bomb threat, I'd tell them what they needed to ask for, wait while they got the corrected subpoena, and provide the info. That is, if I worked for the phone company.
I probably shouldn't get involved until such time as I am.
If this had been more serious than a prank,
Indeed.... CALEA It's been around long enough that no police force should be unaware of the proper means for requesting call records. If you want CDRs, you don't call Bob down at the CO. (who isn't likely to know how to trace an active call much less fetch the records for calls from last week.)
Actually, rape has the exact same rate of flase reporting as any other violent crime, according to the FBI. And, when combined with the huge numbers of people who do not report rapes that do happen, you are dead wrong. The vast majority of rape allegations are true.
Furthermore, the situations you described with your frat could very well have been rapes. In most, if not all, states, intoxicated individuals can't give consent to have sex, and thus having sex with them is rape. The fact that the DAs didn't end up bringing charges means next to nothing. The level of proof that is needed to get a conviction in a rape case is enormous; a survivor usually has to have some kind of physical evidence. Many times, this will be washed away by the time she decides to go to the police, leaving only the opposing statements of the rapist and his victem.
Regardless of all that, please remeber that one of the most damaging things that you can do to a survivor of rape or sexual assault who discloses to you is to not believe them. Our culture already puts tons of shame and guilt them, so it's a huge deal to come out and admit to being a survivor. They are, in the vast majority of the time, telling the truth. And even if they're not, that's for the police to decide. You should just be supportive. Or just shut up and say nothing.
you'd think that these sorts of losses would show up on annual reports though
I was told in one instance a big very well known bank lost several hundred million dollars in a single fraud - what must be one of the biggest bank robberies ever - and it never appeared in their annual report or anywhere else. The big banks really want to be see as safe - huge sums of money just disappearing into thin air doesn't look good!
Speaking from related experience, this is true. Interrupting lunch is a very bad idea.
On the first day of grade 1 way back in the day, my class and I were standing in line to go into the mostly full cafeteria. The kid next to me said "Hey, pull that" and pointed at the fire alarm. "What is it?" I asked. "It's cool" he replied, or something to that effect. After a bit of coaxing, I did indeed pull the fire alarm. For the rest of the year, I was not known as the kid who got everyone out of the evil exam, but the one who pulled the alarm DURING LUNCH on the first day of school. The principal didn't believe that I didn't know what it was, which was in fact the case. My eyes were opened to many important realities of life through that little experience.
And now I'm doomed to wander the earth and repeat the story to all who will listen.
Now about this albatross around my neck...
Banks can write those losses anywhere. They do a ton of investing, and when an investment tanks, they lose money. So they just write it up as money lost in a bad investment, and its there, but you have to know what to look for to find it.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Cue Websters:
-------
Main Entry: 1funny
Pronunciation: 'f&-nE
Function: adjective
Inflected Form(s): funnier; -est
1 a : affording light mirth and laughter : AMUSING b : seeking or intended to amuse : FACETIOUS
2 : differing from the ordinary in a suspicious, perplexing, quaint, or eccentric way : PECULIAR -- often used as a sentence modifier (funny, things didn't turn out the way we planned)
3 : involving trickery or deception (told his prisoner not to try anything funny)
------
It was funny.
This article gets even more interesting. Notice who wrote this article!!!
According to his book, much of Kevin's skills lie in Social Engineering, a.k.a. convincing people to tell you exactly what your looking for. He makes a bit point of saying that it's much easier to convince people to tell you their password than to crack into their computer.