Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mitnick Speaks About Hacking

Posted by CmdrTaco on from the stuff-to-read dept.

Rob_Warwick writes "I've just posted a one on one interview with Kevin Mitnick on Applefritter. In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes, and how social engineering can assist in making a technical exploit work. Mitnick speaks about which industries are at highest risk from social enginerering, and what types of workers are generally easier to talk into doing something for you. Kevin also talks about who his heroes were when getting into phreaking and computers, as well as a humbling moment when he was on the recieving end of some social engineering. The HOPE keynotes for both Kevin and The Woz are also available for download."

29 of 221 comments (clear)

  1. only audio??? by kyknos.org · · Score: 3, Insightful

    is the interview available as text somewhere?

    --

    SHE does throw dice.
    1. Re:only audio??? by Anonymous Coward · · Score: 3, Insightful

      The interviewer probably realized that he couldn't understand himself on the recording, so he simply published the MP3.

  2. easy by Anonymous Coward · · Score: 5, Funny

    In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes,

    answer: people with passwords

    and how social engineering can assist in making a technical exploit work.

    answer: get people with passwords to tell you their passwords

    Did anybody time me?

  3. Mitnick stories... by anakin357 · · Score: 5, Interesting

    Is it just me, or do you really don't care about him anymore?

    It's a bad dream that just wont go away, some people are so enamored with Kevin that they feel the need to post every story that includes his name.

    He's a felon.

    One of the first, abeit more publicized and punished geeks, and I really don't care to read stories about him. About the only thing that actually is interesting is that this guy got caught by trying to hack into some other geeks computer, and was traced back to his location.

    Amature. Go social engineer some money out of a bank instead of robbing it with a gun, and THEN I'll be interested.

    I can see it now, bumper stickers that read:

    "Free Kevin v2.0"

    --
    http://www.fsckin.com/
    1. Re:Mitnick stories... by +Addict-09+ · · Score: 4, Insightful

      Finally, a slashdotter who is responsible enough to recognize Mitnick for what he is.

      To all you Anonymous Cowards: No he's not a hero

      Did he suffer a misjustice? Maybe (I'm not a lawyer), but he put himself in that position. Play with fire and someday you'll get burned, it's just that simple.

    2. Re:Mitnick stories... by SpacePunk · · Score: 3, Insightful

      Now there you go shattering the illusion that the 'hacker' wannabe's keep holding on to like an old woman holding on to keeps trying to hold on to here fading looks.

      The sad truth of it all is that he's part of 'computing lore', he'll end up as a footnote in the computing equivilent of Bullfinches, placed there by his lame fanboys.

      --
      Steve's Computer Service, Hobbs, NM
    3. Re:Mitnick stories... by 0racle · · Score: 3, Insightful

      He's only part of 'computer lore' because every wannabe keeps talking about him, hanging on his every word like a bunch of school girls and try to turn him into some sort of hero.

      He's a criminal, a convicted felon plain and simple. Unfortunately till these damn wannabes grow up he's always going to have an audience of idiots waiting to pay for his next book.

      --
      "I use a Mac because I'm just better than you are."
    4. Re:Mitnick stories... by Zeinfeld · · Score: 3, Insightful
      Did he suffer a misjustice? Maybe (I'm not a lawyer), but he put himself in that position. Play with fire and someday you'll get burned, it's just that simple.

      Kevin committed a string of crimes, he went to jail, how is that unjust?

      Its not like Kevin didn't know he was doing something wrong, when he got busted last time it was not his first run in with the law, it was not even his second. He got chance after chance as a juvenile. Now he wants people to believe he has gone straight.

      I don't beleive him, I think he is still using his social engineering skills and the rubes who think he got treated unfairly are only one of his targets.

      Remember, its innocent until proven guilty, Kevin has been proven guilty - repeatedly. If you want to feel bad about people who got treated baddly by the US justice system there are plenty of examples of people who went to jail for much longer for doing far, far less.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  4. How to guarantee replies by Anonymous Coward · · Score: 5, Funny

    to your Slashdot comments:

    * Mis-spell your Subject line.
    * Use the unit milligram (mg) instead of megabyte (MB).

    1. Re:How to guarantee replies by sploo22 · · Score: 5, Funny

      It's not a milligram, it's a milligig - 1/1024 of a gigabyte. :)

      --
      Karma: Segmentation fault (tried to dereference a null post)
  5. The interviewer is on speed? by iCEBaLM · · Score: 3, Insightful

    Why would anyone spend the time to interview Mitnick and then ruin it by making it audio only and then talk like you're mighty mouse on speed so no one can understand a thing you're saying?

    Note to applefritter: take the drugs away from DBub.

  6. Didn't Mitnick go to jail? by John+Seminal · · Score: 3, Interesting

    I thought he went to jail for doing this? I would have thought part of his release deal would have included not speaking about hacking and not associating with hackers. I remember from a political science class being told that most drug dealers who get released do so on the condition they will not associate with anyone known who is also a criminal. One guy who got caught at school using a computer for illegal purposes (and prosecuted) got a reduced sentance to two years probation and part of the deal was he could not use a computer.

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

    1. Re:Didn't Mitnick go to jail? by Anonymous Coward · · Score: 3, Informative

      Mitnick is no longer under the supervision of the courts. while he is a convicted felon, he is not a ward of the state, ergo, he is a free man again with almost full rights(he may not be able to vote or serve on jury duty pursuant to local statutes governing convicted felons), and he may pursue whatever he sees fit to pursue, including breaking other local, state, and federal laws if he feels the need to spend more time in prison.

      once your parole time is up, the courts can no longer tell you what you can and cannot do within the boundaries of the law.

      and thusly, if mr. mitnick sees fit to fleece the public with his l337 5ki11z in, ahem, "hacking", then he is legally entitled to do so as long as people are buying into his hogwash. however, do not underestimate his skills at social engineering. that was how he gained access to the majority of those systems, and it looks like he's getting another good social engineering over on an unsuspecting public's pocket book.

  7. wish i was a l33t haxor... by Anonymous Coward · · Score: 3, Funny

    ... that could social-engineer Kevin into giving me the transcript

  8. Kevin Mitnick uses INTERNET EXPLORER by Anonymous Coward · · Score: 3, Funny

    I'm sorry, maybe prison messes you up, but he should know better.

  9. Biometrics by mfh · · Score: 3, Insightful

    Really when you think about it, Biometrics basically halts any kind of Social Engineering. You can't get around them without chopping off someone's hand and plucking out their eyes, but if you're going to go that far, you're criminal enough that it won't matter if you use Social Engineering or not. Let's face it, pretty soon we'll be heading toward the Biometric model for pretty much everything, and the privacy advocates are going to fight it all the way.

    FUD, apply, lather, rinse, repeat.

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Biometrics by Lehk228 · · Score: 4, Insightful

      "the machine's not letting me in, could you palm the door for me?, thanks"

      --
      Snowden and Manning are heroes.
    2. Re:Biometrics by Anonymous Coward · · Score: 3, Informative

      You can't get around them without chopping off someone's hand and plucking out their eyes

      You've been watching too much Sci-Fi.. The Sci-reality of the situation that they can currently be fooled by fake fingers made from gelatin, or a photo of an eye.

    3. Re:Biometrics by Eivind · · Score: 4, Insightful
      Biometrics alone is, atleast presently, useless. There's simply two orders of magnitude too many false positives and false negatives.

      Aside from that, the implementation is icky. Half a year ago you could read about every single comersially available fingerprint-scanner being defeated by cheap and simple tricks such as for example blowing graphite-dust over them (sticks to the fat-traces from previous finger), and then pressing down on them with a piece of clear tape.

      Also, in many situations they're just not useful, how could biometrics secure the login to your online bank ?

      Authentication is based upon one or more of what you *know* (for example a password), what you *have* (for example smart-card or key) and what you *are* (for example biometrics).

      Good, robust security uses a combination. For example, the combination of posessing a smart-card and knowing a code is used to authenticate to my online bank.

      Even if someone convinced an account-holder to give up the password, that'd still not matter, aslong as they didn't *also* convince the person in question to hand over the smart-card.

  10. Remote by Xner · · Score: 3, Interesting
    And how exactly would remote authentication work? Chop off your finger and send it via fed-ex? Or would it involve converting your biometric information to a digital representation that is vulnerable to all the usual attacks, with the added problem that you can't "change fingers" like you change passwords?

    Biometrics isn't the panacea it's made out to be. Educate your users, it's the only way.

    --
    Pathman, Free (as in GPL) 3D Pac Man
  11. Re:off topic nitpick by riley · · Score: 5, Funny
    It's "heros" not "hero's". Why do people insist on using an apostrophe before an s indicating plurality, no possesion?

    Errr...heroes is the plural, not heros.

  12. tips by MikeHunt69 · · Score: 5, Insightful

    I just heard the first 30sec of the mp3 file, and couldn't continue. It was far too painful - the guy doing the interview should slow the fuck down when speaking. You don't get medals for quantity over quality.

  13. Obligatory "It's Crackers not Hackers" post by hugesmile · · Score: 4, Funny

    Don't you know that the correct way to refer to someone who breaks into security of systems is to make a derogatory comment about his Caucasian ethnicity?

  14. fraud NOT "social engineering" by Anonymous Coward · · Score: 4, Insightful

    What Mitnick does is not "social engineering." Social engineering would be something like trying to convince a population of people to eat more healthily, or stop smoking, or something like that.

    What Mitnick does is fraud. Alternatively, you can call it grift, or con. (As in, Mitnick is a con man.)

    Using the term "social engineering" is playing into the hands of the con men. It's a term they invented to con you in to thinking that what they do is somehow more acceptible than it is.

    Use the term, and you've been conned.

  15. Argh by Cthefuture · · Score: 3, Insightful

    All these interviews and the only thing I've ever wanted to know about the guy is never asked.

    What encryption and/or data protection schemes did he use that the FBI couldn't break?

    --
    The ratio of people to cake is too big
  16. Sorry, Canadian Accent by Rob_Warwick · · Score: 4, Informative

    Sorry about the quality folks, I'll put up a transcript after I get it typed. I've got a train ride back to New Jersey tonight, so I'll throw it up. Also, sorry about the Canadian accent and the quick talking. Getting a few minutes with Kevin Mitnick is not easy at HOPE, and I was trying to get through the material.

  17. Convicted? by Inoshiro · · Score: 3, Informative

    Kevin was held in prison for about 5 years the second time around on bogus charges. It never went to trial, he was merely incarcerated. The white equivalent of Brown Equals Terrorist.

    Tragically, he finally gave up and pleaded no contest to the charges so he could be allowed to leave the prison and return to society. Go watch Freedom Downtime if you want to understand what Kevin was truly up against.

    --
    --
    Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
  18. Is it just me... by MrChuck · · Score: 5, Insightful
    or do others recall that this guy (mitnick) is an asswipe?

    Yes, I had problems with police imprisoning him with little recourse as they did.
    Yes, Tsutomu Shimomura is a yahoo who did a lot of stupid and bad things. The greatest was probably his aweful book written with "journalist" John Markoff (I enquote that because as he was ghost writing with Shimora, he was also writing articles that were supposedly objective yet never mentioned doing a book with one of the particpants of the story).

    [Shimomura was terribly impressed with his (own) computer security abilities, yet ran tools that had long been sources of security holes because it was convenient. ("I am a master of securing houses; all the world leaders come to me. So imagine my shock and outrage when I'd found that someone had lifted up my welcome mat and used the key I keep there to get in. I must hunt down this bastard and have my revenge.").]

    I was appalled that national ISPs would so readily turn over logs and access to their networks and their users information to a vigilant/yahoo.

    But no, I wasn't sorry that Mr Mitnick got his ass busted. He was no kiddie using youth as an excuse for poor judgement. He was a thief who rationalized stealing from people and companies by its electronic abstraction.

    No, I don't think Kevin's "cool". That he is someone who would steal my personal information because the people I had to give it to are idiots about securing it doesn't make it ok to do so. And it's felony when he then uses that information to buy things. I don't want him in the room when I pull out a credit card. I don't want him in a hotel where I use a credit card.

    Should the hotel be smarter? Sure. But the people who decry identity theft cannot also embrace Kevin Mitnick as one to be admired.

    He's an asswipe.

  19. Another interview with Kevin by Sir+Foxx · · Score: 3, Informative

    There is an excellent interview(video and audio) at thebroken.org with Kevin for anyone that cares.

    --
    "I don't which is worse, that everyone has a price, or that the price is always so low"--Hobbes