Slashdot Mirror
Mitnick Speaks About Hacking
Rob_Warwick writes "I've just posted a one on one interview with Kevin Mitnick on Applefritter. In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes, and how social engineering can assist in making a technical exploit work. Mitnick speaks about which industries are at highest risk from social enginerering, and what types of workers are generally easier to talk into doing something for you. Kevin also talks about who his heroes were when getting into phreaking and computers, as well as a humbling moment when he was on the recieving end of some social engineering. The HOPE keynotes for both Kevin and The Woz are also available for download."
Now that Mitnick's no longer in prison, it's nice to be able to comment about "free (as in beer) Mitnick." Any opportunity to hear his insights into social engineering is a welcome one, especially for those of us that have to take network security into account for our livelihood. :)
How many times did he plug his upcoming book?
is the interview available as text somewhere?
SHE does throw dice.
post a 2.2mg mp3 file as an interview post it to slashdot and wait. How about a transcript?
His hero's what? And who was his hero anyway?
Sorry, I simply cannot understand what the interviewer is trying to say in that MP3. A speech impediment, flaming homosexuality (as expected on applefritter.com - come one, the interviewer must be trying to sound "gay"), and a crappy recording all help to spoil the experience.
Kevin is loud and clear, even though I'm not a native English speaker, nor live in an English speaking country.
In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes,
answer: people with passwords
and how social engineering can assist in making a technical exploit work.
answer: get people with passwords to tell you their passwords
Did anybody time me?
Ugh, listening to the mp3 is like having your teeth pulled. Is there a transcript somewhere of the interview? And that lisp. The interviewer must have one huge retainer in his mouth. Sorry, I don't meant to flame but a transcript would be much better than listening to an mp3.
not sure if this crappy because of the 16 kbps quality or the fact that the interviewer sounds like mushmouth from the Fat Albert cartoon after doing a gram of cocaine.
Is it just me, or do you really don't care about him anymore?
It's a bad dream that just wont go away, some people are so enamored with Kevin that they feel the need to post every story that includes his name.
He's a felon.
One of the first, abeit more publicized and punished geeks, and I really don't care to read stories about him. About the only thing that actually is interesting is that this guy got caught by trying to hack into some other geeks computer, and was traced back to his location.
Amature. Go social engineer some money out of a bank instead of robbing it with a gun, and THEN I'll be interested.
I can see it now, bumper stickers that read:
"Free Kevin v2.0"
http://www.fsckin.com/
to your Slashdot comments:
* Mis-spell your Subject line.
* Use the unit milligram (mg) instead of megabyte (MB).
I bet the interviewer has chicks hanging off him!
The guy conducting the interview is seriously hyper. Is there a transcript?
can anyone understand what the interviewer is actually saying? stop mumbling!
apostrophe's are great for plural's
Indeed. "Mitnick talks about hacking"? What the flaming blue fuck does Mitnick know about hacking?
I'll go overdose on 1500MB of heroin now.
Why would anyone spend the time to interview Mitnick and then ruin it by making it audio only and then talk like you're mighty mouse on speed so no one can understand a thing you're saying?
Note to applefritter: take the drugs away from DBub.
I thought he went to jail for doing this? I would have thought part of his release deal would have included not speaking about hacking and not associating with hackers. I remember from a political science class being told that most drug dealers who get released do so on the condition they will not associate with anyone known who is also a criminal. One guy who got caught at school using a computer for illegal purposes (and prosecuted) got a reduced sentance to two years probation and part of the deal was he could not use a computer.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
He sounds like a duck on cocaine. It isn't entirely his fault, as the recording quality is so bad (unless he's responsible for that as well).
... that could social-engineer Kevin into giving me the transcript
I'm sorry, maybe prison messes you up, but he should know better.
Really when you think about it, Biometrics basically halts any kind of Social Engineering. You can't get around them without chopping off someone's hand and plucking out their eyes, but if you're going to go that far, you're criminal enough that it won't matter if you use Social Engineering or not. Let's face it, pretty soon we'll be heading toward the Biometric model for pretty much everything, and the privacy advocates are going to fight it all the way.
FUD, apply, lather, rinse, repeat.
The dangers of knowledge trigger emotional distress in human beings.
ed2k://|file|kevin_interview.mp3|2235977|4ab0a4100 a68ceaa8c115cee39ef70e1|/t :QWHRORSA5R6KWRXV7UWUBKRH42SXSDPE.GCJXHNWWKEU2MYTH MOCVNABFQZFYPTWSKUST4IA&dn=kevin_interview.mp3
magnet:?xt=urn:bitprin
Remove spaces in the link.
A use for P2P, finally... although I ususally dislike sharing crappy MP3s, we'll see how this works.
Biometrics isn't the panacea it's made out to be. Educate your users, it's the only way.
Pathman, Free (as in GPL) 3D Pac Man
wait until the post id is gonna have 666 somewhere in it
...perhaps you are one of the slashdot trollers he spoke of who is 'jealous'
does the interviewer have a speech impediment?
I think the original newsstory poster meant "heroes".
Ok, English _is_ broken, but if a guy is named Warwick I suppose it's his duty to know the basics...
It's "heros" not "hero's". Why do people insist on using an apostrophe before an s indicating plurality, no possesion?
./'d ;[
He did help 'write the book', so to speak.. So he's a classic and does deserve some respect.
So he's was a felon.. big deal. He's also served his time. ( nes an ex-felon now.. having paid his 'debt' )
( it was also an unjust and mostly fabricated charge that he was convicted on as well.. )
And if you dont care to read stories about him, why are you commenting on here? That means you are STILL reading them.. its your choice, free speech also means you have to read it...
---- Booth was a patriot ----
This guy doing the interview should have slowed down and taken his retainer out.
Talking of which, isn't IE a great cracker tool? All those lovely security holes built in, just waiting to compromise someone's machine. All we need to do now is convince lots of important people to install it on their PCs and the world is ours!
Ohhhh.... hang on, I just realised something...
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
While an interview with Kevin Mitnick could contain some very interesting information, this interviewer's either a very intelligent five year old or an idiot of an adult. His mighty mouse speaking style is a perfect match for his mouse sized brain.
It wasn't only a waste of Mitnick's time, but also the time of everyone who spends 18 minutes to listen to it. Believe me, if you're even semi-concious, you already know everything disclosed in the interview.
Blah....
And be certain, that whenever I can damage people who use it - I do. Account cancellations via "lost password" forms, filling in shitty details in user profiles, etc.
I just heard the first 30sec of the mp3 file, and couldn't continue. It was far too painful - the guy doing the interview should slow the fuck down when speaking. You don't get medals for quantity over quality.
Did you hear the interviewer ask Mitnik if the Motorola exploit had to do with VAX code? How graceful of Mitnik not to slap him down. Maybe only us dinosaurs noticed it (or care). sigh
What? Me? Sig?
Not trolling; I'm serious. A friend of mine told me that he lost a lot of respect for Mitnick when he found out that he (Mitnick) is just a Windows user lately.
Honey, I shrunk the Cygwin
Thanks for posting The Woz and Mitnick, but where is Jello?
He WAS in prison for a long time, takes a while to catch up if you're outta the loop completely for a while.. and I doubt he wanted to get heavily into computers after being reamed in jail because of them for years...
Don't you know that the correct way to refer to someone who breaks into security of systems is to make a derogatory comment about his Caucasian ethnicity?
I've said it before, I'll say it again. The stuff they call 'social engineering' is NOT social engineering. It is Confidence Art, or conning, or grifting.
If it's in you sig, it's in your post.
The biggest and most widely available talkshow at night is called Coast to Coast AM (formerly ArtBells program). Dispite the many other dubiuos guests on the program, Keven is regarded as a "regular" on the air. Expect to hear from him every now and then.
Note: I've submitted to Slash.Dot many times about the availabilty of the interview with him. However, the editors managed to not give a damn. Oh well, at least I tried.
Life is not for the lazy.
Social engineering is what governments and megacorporations do. And religions, now I think of it.
oh, man. spit my coke out on that one!
The interviewer's voice is so awful. It sounds like the nerds from the Simpsons. I thought it was a joke at first.
Social engineering has been around for a long, long time. The only difference is that until recently everyone just called it 'conning'. I don't know if geek hackers prefer to think of themselves as 'social engineers' because it's easier on their conscience than thinking of themselves as con men, or if it's just a result of the natural geek affinity for overly technical jargon. Either way, it's a bit silly.
What Mitnick does is not "social engineering." Social engineering would be something like trying to convince a population of people to eat more healthily, or stop smoking, or something like that.
What Mitnick does is fraud. Alternatively, you can call it grift, or con. (As in, Mitnick is a con man.)
Using the term "social engineering" is playing into the hands of the con men. It's a term they invented to con you in to thinking that what they do is somehow more acceptible than it is.
Use the term, and you've been conned.
All these interviews and the only thing I've ever wanted to know about the guy is never asked.
What encryption and/or data protection schemes did he use that the FBI couldn't break?
The ratio of people to cake is too big
Then tell us, what DID HE DO?
Sorry about the quality folks, I'll put up a transcript after I get it typed. I've got a train ride back to New Jersey tonight, so I'll throw it up. Also, sorry about the Canadian accent and the quick talking. Getting a few minutes with Kevin Mitnick is not easy at HOPE, and I was trying to get through the material.
Don't click the link, it's a fake.
Oh it's an MP3 only?
How lame! You say 'I just posted'?!??
You're incredibly lame!
Mitnik dosen't deserve my respect. He is a wannabe. He is a shallow criminal celebrity with as much relevance as Hackers the movie.
I heard he wrote this great malloc implementation...
Kevin was held in prison for about 5 years the second time around on bogus charges. It never went to trial, he was merely incarcerated. The white equivalent of Brown Equals Terrorist.
Tragically, he finally gave up and pleaded no contest to the charges so he could be allowed to leave the prison and return to society. Go watch Freedom Downtime if you want to understand what Kevin was truly up against.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
You've got to have some respect for his combination of technical prowess and social engineering skills. It is a somewhat rare combination. Most computer geeks are introverts.
I was in awe when he hacked netcom. I actually benefited indirectly from his action. Netcom lost my billing info and I got two years of dial-up CSLIP for free.
Yes, I had problems with police imprisoning him with little recourse as they did.
Yes, Tsutomu Shimomura is a yahoo who did a lot of stupid and bad things. The greatest was probably his aweful book written with "journalist" John Markoff (I enquote that because as he was ghost writing with Shimora, he was also writing articles that were supposedly objective yet never mentioned doing a book with one of the particpants of the story).
[Shimomura was terribly impressed with his (own) computer security abilities, yet ran tools that had long been sources of security holes because it was convenient. ("I am a master of securing houses; all the world leaders come to me. So imagine my shock and outrage when I'd found that someone had lifted up my welcome mat and used the key I keep there to get in. I must hunt down this bastard and have my revenge.").]
I was appalled that national ISPs would so readily turn over logs and access to their networks and their users information to a vigilant/yahoo.
But no, I wasn't sorry that Mr Mitnick got his ass busted. He was no kiddie using youth as an excuse for poor judgement. He was a thief who rationalized stealing from people and companies by its electronic abstraction.
No, I don't think Kevin's "cool". That he is someone who would steal my personal information because the people I had to give it to are idiots about securing it doesn't make it ok to do so. And it's felony when he then uses that information to buy things. I don't want him in the room when I pull out a credit card. I don't want him in a hotel where I use a credit card.
Should the hotel be smarter? Sure. But the people who decry identity theft cannot also embrace Kevin Mitnick as one to be admired.
He's an asswipe.
There is an excellent interview(video and audio) at thebroken.org with Kevin for anyone that cares.
"I don't which is worse, that everyone has a price, or that the price is always so low"--Hobbes
Mitnick: ...and, since you are tricking a human being into doing some sort of action, albeit installing a piece of software, that is social engineering.
Interviewer:
Uhkay great! Ahm. Lussheejushtash shwoppropetushaluvel butyoutoldothershourshes that there'shreallynoway to... acshuallycompletely shtop shoshialengineering... attackshfrombeing... ah, completelyeffective? Whatcancompanydotominimizhetherishkofshoshial... engineeringattackshuroo ashpendingashmuchof? Not makingmoremoney shecuringagainshtthoshe?
Mitnick:
Well, I believe a-...
Interviewer:
Doyouignorethosheawholelot? Er...
Mitnick:
No, you don't ignore it...
IANAH (I am not a hacker). In a business setting in particular, I disagree with his assertion that that there needs to be a general awareness of how con artists and hackers operate. Most people have enough to worry about just doing their own job, and any concerted effort to educate the masses will probably be in vain.
I think a more effective approach would be to hire people who are more security minded if they are going to be entrusted with critical data, and to set greater limitations on regular users. In my experience, most companies fail to do either, though many are starting to get a clue.
Much like Mr. Mitnick said in the interview, I agree that we should take the easiest way. Perhaps I misunderstood him, but I seriously doubt a borglike awareness of these cons and hacks is the easiest approach to improving security.
I'm Canadian and I didn't understand half of what you said. Try sloooowing down next time; you're not from Newfoundland, b'y.
...and where is Oliver North these days? He lied to Congress. He was convicted. He served his time as the fall guy. And he's STILL adored by many.
So, you're saying if I socially engineer the password to the database where the biometric data is stored and I use the password to swap the records on a known rapist and my victim, that this will fail because????
At the end of the day, biometric data may or may not be unforgeable, but it's the relationship to other data that is important. And that's hackable.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Social engineering is concocting the "gay marriage" issue to distract from general incompetence, lies regarding WMD, a predisposition for a war we didn't need, distracting our military from the diligent pursuit of Osama, etc. You want to talk social engineering, talk to Karl Rove.
the growth in cynicism and rebellion has not been without cause
At least this time there won't be any snide "RTFA" posts. They'd have to be "LTTFMP3" posts instead!
You must think in Russian.
I'm usually not one to bitch and whine about the misuse of the term 'hacker', but using the same term to describe people doing innovative things with computers and then calling Mitnick one is just absurd. This guy had to beg lusers on irc to teach him basic unix commands -- and how to run rootkits. Give me a break. The guy doesn't even know a single programming language inside and out.
Basically he's a good liar. That's all. Shall we begin calling Bill Clinton a hacker?
"Orthodoxy means not thinking--not needing to think. Orthodoxy is unconsciousness." --Eric Blair
Do not mod me up. This has been a test of the emergency bookmarking system. This is only a test.
-Adam
Flamebait? LOL! Normally I pay no attention to the moderating, but this is seriously silly. Go ahead, show me any factual errors in my posts. Good job, mods, you're worth every cent of your salaries!
---
SCO is weenies
Gator is Spyware
Microsoft is thugs
Very insightful point!
It never really occurred to me but you make a lot of sense. There's a new-age "boldness" to social engineering in the 21st century where you just have to re-affirm you're "right" enough times to break down the will (or objectivity) of the person you're dealing with.
With people becoming increasingly personally insecure, an aggressive stance can compensate for accuracy and integrity. Self-confidence has always been a foundation of social engineering, but as evidenced in the major media, aggression is an added component that makes people acquiesce. People are so hell-bent on avoiding conflict these days, this can make the difference between success and failure. This probably explains a lot of the fallacies that the public believes in light of the truth: those that promote the objectives come off stronger and more powerful than their opponents.. not necessarily right, but more aggressive, and as a result they "win" the argument.
Historically ScoEng scenarios have traditionally been based on inside knowledge of the mark or the industry. Not any more. You want a free pizza? You're better off calling the pizzeria as an irate customer, therefore putting them on the defensive. Want to socially-engineer information out of someone? Contact them and be confrontational.. they're much less likely to question your motives as they try to evade the conflict.
This seems to be the modus operandi in the media: Present a viewpoint. If anyone challenges it, instead of attacking the issue, attack them! Very effective nowadays.
n/t
Is it just me, or do you really don't care about him anymore?
It's a bad dream that just wont go away, some people are so enamored with Kevin that they feel the need to post every story that includes his name.
He's a felon.
I'm not denying the legitimacy of your point, but it's hardly an argument worthy of justifying the lack of value Mitnick holds, represents or deserves within this community.
Our history is full of technical "bad guys" from Christopher Columbus to Robin Hood, that are respected in one form or another even though their acts may have been in defiance of historical or current standards of law. Everyone, whether they admit it or not, has a soft spot in their heart for the concept of a "rebel" who doesn't willingly conform to established rules. After all, the United States was founded by such rebels.
Mitnick did some dumb shit. I'm sure even he would admit that. But anybody would have a hard time proving that his actions really hurt people, much less caused the damages that the authorities claimed. Some feel Mitnick may have merely been one of the first public figures to be recognized for pulling the curtain exposing the true vulnerability of the Wizard of Oz. That being said, it's hard to be that sypathetic to him when he was a repeat offender. That is just dumb. By today's standards some might argue he'd be lucky to last as a script kiddie with such questionable judgement despite the talent. But IMO, that's beside the point of the real issue, which is whether or not his life or wisdom is worth respecting.
I think the main flaw of your rebuttal is that it implies that paying attention to Mitnick in some way serves to condone his dishonorable past activities. Many such as myself would strongly disagree. If anything, IMO, Mitnick's presence serves as a reminder and a deterrant in this respect.
Some might say the attention paid to Kevin and his incarceration is less an homage to him as it is payment on an insurance policy against more henious future injustices, and an attempt to make more people aware that not all hackers are the evil criminals some paint them as. Some also believe that Kevin's history underlines the ideal that it's not so much WHAT you do, but WHO you do it to, that can get you in the most trouble.
Mitnick is more a symbol to the community than an individual. He garners more respect than more talented, more insideous black or white hat hackers because despite his questionable judgement and history, he seems to epitomize the most idealistic part of the core of a true hacker, which is analogous to that which might drive a guy to traverse into hostile territory to climb the most challenging mountain.
Like it or not, Mitnick has the distinction of being one of martyrs/heros/rebels of the tech community. Whether he deserves it or not is secondary to ideal he represents at this point. The only thing that can screw this up are closed-minded judgemental people, or his acts embarassing the community which he represents. He seems to be holding his own these days.
IMO, I feel, to discount him as a "felon" and therefore not worth listening to is foolish and ignorant. What trials and tribulations have you gone through in your quest for knowledge, data and access? What risks have you taken? Do you have as much wisdom and experience to share because you boldly pirated Photoshop via Kazaa? Are you qualified to pass judgement on this guy's value to others merely because you weren't foolish enough to tear the tag off your mattress? Do all the heros of your life worth listening to have an impeccable record of pure lawfulness?
This guy has made a lot of mistakes. But he's an icon. He's generally respected now. Cut him some slack. He's not advocating criminal activities. He's serving a useful purpose in the community by "outing" a lot of issues. Yes, he's capitalizing on his infamous notoriety, but who wouldn't? It seems like a smart choice that's the result of making the best out of a bunch of bad situations.
With that being said, Kevin if you're reading this, do me a favor and don't do any more hacking of big corporate/government computers and make me look like an idiot ok? kPforward, tnx : )
The damage he caused was looking at the source code to Solaris, which was later open sourced by Sun anyways.
The charges were bullshit charges.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
How about "Y'all lil leet script kiddies"?
Insulting every person who reads your post by over-generalising is definately flamebait.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
I don't think it has anything to do with having a Canadian accent. I am a native speaker of English as well and I found you to be barely intelligible. It was so bad I couldn't even sit through the whole interview! It sounds like you have a retainer in your mouth unfortunately. If a retainer is not the issue may I suggest elocution lessons, or at least join a public speaking club to get some practice. I am sure you are a smart guy, but no one is going to think so if you can't even articulate simple words. It's a shame you didn't save yourself the public embarrassment by asking your friends first. A transcript would have been far more appropriate.
...why you left out the part that says: "in an organized militia".
Normally I don't respond to sarcasm, but this time I will.
the reason I sent you to my journal was that this discussion was OT, and does not belong where it was taking place.
It was also much too long for here, and my journal was created to avoid typing the same things again and again.
Secondly, its not MY viewpoint that matters here, its the founding fathers. If you take the time to understand their meaning and intent ( i.e. my suggestion to learn history ), you wont be asking such stupid questions in the future.
---- Booth was a patriot ----
I don't have the transcript handy, but he spoke of using PGP, being asked for his passphrase to access his private key, and telling them to get bent. As the US has no analogue to the UK's RIP act which compels people to hand over encryption keys or face jail time, he (rightfully) invoked his fiftn amenement powers.
Assuming you use a strong passphrase, PGP is fantastically secure. Make sure there's no hardware/software keystroke loggers though, or you may end up like Nicky Scarfo.
The truth about Scientology, Xenu, and you: Operation Clambake
I remember reading Takedown, and Cyberpunk, and numerous other books. I have sought out and watched the movie Takedown. I remember reading about the worlds most evil hacker, suspected of being able to call NORAD and launch a nuclear assault, obsessed with Jody Foster, and of course I am sure he beats puppies too. . . (read the the bottom of my post)
,read a little more on the subject. No, Kevin Mitnick is not a saint, none of us are. Yes, he did some bad stuff when he was a kid, he was rewared for it (in school). After his first bust he spent 8 months in solitary for 23 hours a day, do you think that after that experience he might want to run and never be caulght again. I know I would and I am very conservitive, a Rebublican if you will.
Than I did some more research, wached the documentary Freedom Downtime
Now I do not think I will ever share the same sociatal or political views of 2600 Magazine (google "2600 HOPE" if you realy need to); however, I went to HOPE this weekend. The very approchable Kevin Mitnick was there, and, took his time to speak with anyone who approached him, including myself. During his Keynote address, which I belive you can downbload from this site, he talks frankly (not braggingly) about what what he did, the results, the personal costs, and yes, yes, yes, he told the audience to "NOT, make the [mistakes] he made". No sir, Kevin Mitnick is not evil, nor a saint, he even likes puppies. I would habe no problem handing Kevin my Credit Card to go get gas and know that he would come back with it. I would not trust John Markov or Tsutomu Shimomura, because they lie. Markov has publicly admitid to telling mis-truths. Tsutomu overly inflated hs story, and even allowed Mirimax to use his name and re-tell his story full more lies. Hell, the movie has them meeting 2 times, one where T.S. gets beaten up because of Kevin, whay bull shit.
Mr Chuck, I do not blame you for being misinformed, I pitty you. If you ever get the chance to speak to Kevin do so, he is very kind and approchable. Just do not call him an asswipe as that would be rude and just plain wrong.
SK
ummm wrong plase to poast last message. the long one was for this string
Technically, by the logic of the United States, no, I'm not an adult. Nor am I a five year old. I really am sorry that I spoke way too fast, it's something I normally remember to work on, but I was more concerned with trying to come up with questions that don't revolve around "How do you feel about Markoff" (sp on name?) or anything else that's commonly asked. I'm working on the transcript now by the way. Just got back home after another 4000 km drive, so I've actually got a spare moment now. What would you have asked him?