Slashdot Mirror
Mitnick Helps Bust Bomb Hoaxer
PhrostyMcByte writes "According to The Register/SecurityFocus: 'Ex-hacker Kevin Mitnick is a hero to the small town of River Rouge, Michigan, after using his tech skills to help officials nab the culprit behind a harrowing series of bomb threats.'" According to the piece, Detective Lt. John Keck "began searching the Internet for technical guidance, which led him to Kevin Mitnick, who'd earlier demonstrated a technique for spoofing Caller ID on the specialty cable network TechTV." Mitnick's comment on the bomb hoaxer? "He wasn't really hacking... he was really just being a jerk."
...the hoaxes unnerved some residents of the Detroit suburb, which boasts a population in the high four digits.
"It is kind of funny, I'll admit, but this is not the time for these kinds of games," says Keck.
No, it wasn't kind of funny. It was stupid... Really stupid. It wasted a lot of people's time. The bomb threat is one thing. Diverting police cars, forcing evacuations, searching for false bombs, making someone research how to track telephone calls, and having a writer tell a sensationalized story was a huge waste of time.
This had nothing to do with phone phreaking, hacking, or anything. It was a dumbass kid who made a call from a cell phone and someone doing their job and finding Mitnick (who of course was willing to look like the good-guy) to solve the problem.
For once I don't recommend that you RTFA.
The detective is to be applauded for his creativity in finding the culprit. And let's also have some sympathy for him, 'cause you know this outcome has got him seeing red:
The prankster confessed, and this week pleaded guilty to a single count of making bomb threats. He's not expected to spend any time incarcerated. "They're going to try to come up to some sentence that will put him on track to be more productive," says Keck.
I'll bet five bucks the kid is in the "in crowd". Football season's over, and he's sitting in "gimme an 'A'!" shop class with the other jocks, figuring out what to do after they're done lifting the cheerleaders' skirts. "Hey, I know, let's call in a bomb threat. They'll strip search the geeks while we laugh our a$$ off!"
Here in Texas, 15 year olds who aren't in the "in crowd" get sent to jail for life, and nobody even seems to care. And there are plenty of ridiculous examples of innocuous behavior being punished by schools.
And this kid, a serial terrorist, is going to get off with a suspension -- probably because he's some bigwig's son, or else he's on "the team". What a load of crap.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
To the media, what's the difference? Anyone who commits a crime involving a computer is considered a hacker to them...
for a minute there, i lost myself...
You can make a difference by doing good hackerly things and at the same time denouncing the draconian measures.
OTOH, mitnick did say it wasn't to him that people ought to be grateful but rather to shimomura. to me, that says something about mitnick.
but i agree the keck saying it was "kind of funny" is stupid.
ed
Said by the kid when captured "I would have gotten away with it too, if it weren't for you meddling haxors and your dog!"
I wasn't really robbing the bank. I was just testing the security. Here's my business card.
Now you can pay us to do it all over again thru our security break-in firm.... blah blah.
Kevin was hacking, but he was also being a jerk. The two are not mutually exclusive.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The dead-end led Keck to suspect that the caller was employing some hi-tech means to cover his tracks. *67?
Case in point. Longview, Texas (where a very large portion of the senior class can not read at 8th grade level) is paying over 500,000 to have artificial turf installed on the damn football field.
They might not be able to read, but they have a kickass football stadium.
Wether people like it or not, there will always be someone that will misuse technology and its loopholes.
Isn't it nice that there are some people that KNOW those loopholes and that don't misuse them? How can we defend ourselves against something we don't know?
These kinds of actions bring the focus right to the differences between hacking and cracking most society is led to believe don't exist. Let me add that the good publicity comes in handy :)
I don't think this is an issue of technology as much as it is an issue of teachers needing to pay attention to their damn students.
That's when you log off and unplug your computer from the net, maybe move, get a different ISP, change MAC addresses... etc...
MORTAR COMBAT!
It sounds like the phone companies were not that interested in helping the police out. Instead the police had to ask someone else to help them out. Other wise the police wouldn't have know which information to request on the warrents.
I wounder if the phone companies would have been more helpfull if there actually was a bomb that exploded?
Typical big biz...
Sure, set a jerk to catch a jerk. Jerks who repent often spend their time in attonement.
That doesn't mean we should ignore his having been a jerk, but neither should we hold that against his works of attonement.
KFG
What happened: Officer: I need this TelCo: Searching... Nothing.. Try Again...
instead of what should have happened: Officer: We need to catch this haxor TelCo: Ok, ..., there it is!
Is there a reason there isn't a standardized procedure with the phone company whereby the cops say "there was a bomb threat made at 1pm to this number" and the phone company says "these were the incoming calls and where they came from"?
Seems ridiculous that the cops in Podunk need to know how to request the info specifically.
Before anyone jumps on me about privacy issues and overzealous cops with warrants, in cases where the customer (the school in this case) agrees to have their call records searched, this wouldn't really be an issue.
-PM
500GB of disk, 5TB of transfer, $5.95/mo
River Rouge, MI (AP)- Notorious hacking mastermind Kevin Mitnick has been spotted by Michigan law enforcement teaching people how to circumvent security protocols. His peripheral involvement in a series of bomb threats has been noted by officer Keck and is being investigated.
"...showed me how...hack...phones", said Keck (extraneous text removed for clarity).
Mitnick, known for his evil attacks against such pillars of the community as Sprint and AT&T, may also have been seen eating a puppy. - AP
Having worked with him personally, I can tell you that Kevin **knows** what he did was wrong. He has never made any statements to the contrary. He has complained about the abuses of the Justice system that occured in his case, but he would never use those abuses to justify criminal activity.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Mitnick wasn't rehabilitated.
He has just used his super-powerful skills of social engineering to make people 'think' he has been rehabilitated.
The sad part of this is that the detective couldn't figure out what to ask for, or that SBC refused to cooperate fully. I think it's great that Mitnick gets some positive press and furthers the idea of white hat operations, but the more disturbing thing this story illuminates is how totally inept law enforcement is when it comes to tech issues.
The boy didn't even employ anything creative or hacker-like. He just dialed a number on his phone, and the authorities needed an ex-con hacker to help them with this?
I think stories like this call attention to the fact that there is a *desperate* need for more training of law enforcement people in tech issues.
I doubt it's a matter of the system not being broken. I'd say it's just more likely that Kevin is a decent guy at heart, and that's what allows/allowed him to learn from his unwise choices.
One other thing - breaking the law doesn't exactly make a person a "criminal"; they aren't suddenly some evil hateful person who only does bad things and so on. Defining a person by their actions is easy to do and is considered "reasonable" but usually results in inaccurately classifying someone's whole personality and overlooking other aspects of his or her personality and behaviour.
Taken from here.
To start off with - 15 Ways to beat Caller ID
(0) This doesn't count as a way to beat CID, but there's a general
principle to consider when contemplating ways to beat CID.
Generally, the CID signal your target sees corresponds to the owner
of the dial tone you call him from. If you call direct, you dial
from your own dial tone and your line is identified. If you call a
third party, and by whatever means manage to acquire his dial tone,
and from there dial out, it is the number associated with that
second dial tone that your target sees. Some of the ideas following
this were developed with this basic idea in mind.
(0.5) This also doesn't count, but remember that beating Caller ID as
such is only the first layer of your protection. If your calling is
sufficiently annoying or criminal, there is *always* a paper trail
(ANI data, billing data, trouble reports, *57 traces, etc) leading
back to the phone you first called from. That trail is not always
easy or worthwhile to track you down with. Whether or not the trail
is followed depends entirely upon how pissed off your target is and
how much co-operation he can get from the phone company, law
enforcement, etc.
(1) Use *67. It will cause the called party's Caller ID unit to
display "Private" or "Blocked" or "Unavailable" depending on the
manufacturer. It is probably already available on your line, and if
it isn't, your local phone company will (most likely - please ask
them) set it up for free. This is the simplest method, it's 100
percent legal, and it works. But just remember you will not be
invisible to business customers with real time ANI (like on
corporate toll free lines), or to 911, or to the mechanism that *57
triggers.
(2) Use a pay phone. Not very convenient, costs 25 or 35 cents
depending, but it cannot be traced back to your house in any way,
not even by *57. Not even if the person who you call has Mulder and
Scully hanging over your shoulder trying to get an FBI trace (sic).
Janet Reno himself couldn't subpoena your identity. It's not your
phone, not your problem, AND it will get past "block the blocker"
services. So it's not a totally useless suggestion, even if you
have already thought of it.
(3) Go through an operator. This is a more expensive way of doing it
($1.25-$2.00 per call), you can still be traced, and the person
you're calling WILL be suspicious when the operator first asks for
them, if you have already tried other Caller ID suppression methods
on them.
(4) Use a prepaid calling card. This costs whatever the per-minute
charge on the card is, as they don't recognize local calls. A lot
of private investigators use these. A *57 trace will fail but you
could still be tracked down with an intensive investigation (read:
subpoena the card company). The Caller ID will show the outdial
number of the Card issuer.
(5) Go through a PBX or WATS extender. Getting a dial tone on a PBX is
fairly easy to social engineer, but beyond the scope of this file.
This is a well-known and well-loved way of charging phone calls to
someone else but it can also be used to hide your identity from a
Caller ID box, since the PBX's number is what appears. You can even
appear to be in a different city if the PBX you are using is! This
isn't very legal at all.
(6) I don't have proof of this, but I *think* that a teleconference
(Alliance teleconferencing, etc.) that lets you call out to the
participants will not send your number in Caller ID. In other
words, I am pretty sure the dial tone is not your own.
(7) Speaking of
If you RTFA, it's easy to figure out what how the prankster was blocking his caller ID.
;)
With SprintPCS, you can call your voice mail and one of the options is to place a call. When you place a call using this method, your caller ID information isn't sent. Of course, Sprint still has logs of who you're calling so the only evil deed it's really good for is calling an ex-girlfriend and telling her you think she's fat and no good in bed.
Back in my day, kids that called bomb threats into the school used payphones... And they didn't get caught.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
Cue Websters:
-------
Main Entry: 1funny
Pronunciation: 'f&-nE
Function: adjective
Inflected Form(s): funnier; -est
1 a : affording light mirth and laughter : AMUSING b : seeking or intended to amuse : FACETIOUS
2 : differing from the ordinary in a suspicious, perplexing, quaint, or eccentric way : PECULIAR -- often used as a sentence modifier (funny, things didn't turn out the way we planned)
3 : involving trickery or deception (told his prisoner not to try anything funny)
------
It was funny.