Slashdot Mirror
Ask Kevin Mitnick
The hacker with perhaps the most famous first name around, Kevin Mitnick, has gone from computer hacking of the sort that gets one on the FBI's Most Wanted list (and into years of solitary confinement) to respected security consultant and author, helping people minimize the sort of security holes he once exploited for fun. His new book is called Ghost in the Wires: My Adventures as the World's Most Wanted Hacker; it's his first since the expiration of an agreement that he could not profit from books written about his criminal activity. Kevin's agreed to answer your questions; we'll pass the best ones on to him, and print his answers when they're ready. Note: Kevin also answered Slashdot questions most of a decade ago; that's a good place to start. Please observe the Slashdot interview guidelines: ask as many questions as you want, but please keep them to one per comment.
What and how much has changed nowadays? In other words, how would a (hacker) Kevin Mitnick getting started in 2011 hack and exploit?
How can I get First Post on Slashdot?
Do you own a Guy Fawkes mask, or have an opinion of Anonymous' activities?
You have gone from hacker/cracker to security consultant via quite a difficult route. If you just wanted the money, there would have been far easier ways.
Today, the most well-known kiddies tend to do something high profile but requiring little technical brilliance and move quickly to "legitimate" jobs. The majority of "security consultants" don't really have much technical knowledge at all, being more public relations/ass-covering types.
With this in mind, what advice do you have to people who like to study security for its own sake? Should they keep quiet about what they do, developing an academic career so they can research to their heart's content without commercial pressures?
Or does everyone clever sell out in the end?
How do you think would have happened in a scenario where you managed to escape the FBI and the hackers that helped them?
Mitnick made his way by stealing the personal identification of *dead infants*. He's a sociopath.
Think about that the next time the Mitnick circlejerk comes to town. Mitnick is NOT a role model. He's a bottom-feeder who got caught.
Considering that you were starting a consulting business 10 years ago, how has that come along? I would assume that many companies might be a bit reticent about hiring a company that was founded by a convicted criminal.
Is it possible to be completely anonymous from home? I.e. launch an attack from home and get away with it?
ics
What would you recommend to organizations to curtail the sort of social engineering break-ins for gaining unauthorized entry?
That's not what I meant.
Will the authorities ever understand, that curiosity must not be a crime?
Kevin Mitnick was recently on Colbert Report to promote his book. Here is the link if anyone's interested.
How on Earth did Kevin and Lewis make-up? How could Kevin forgive Lewis all that?...
1) Taking his wife and
2) [wearing a wire/leading him into a trap] to get arrested?
W.T.F.... how???
Should you find a security vulnerability (either in an open source project, a commercial product, or a company's hosted systems), what procedure would you consider "responsible disclosure" to the parties who are considered owners of the product? I recognize that each of the three cases listed above could vary significantly.
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
What cybersecurity threats do you see as the most dangerous to the Internet now?
Was it worth it? Is there an upside to your experiences the last ten years?
What's your favorite Linux distro and why?
The minor political movement surrounding your incarceration would likely not happen today. Hacking has become a state-sponsored activity, with China attacking Google and America/Israel attacking Iran.
Do you think your life would be a lot different if you were born 10 years later?
Would you agree that mostly there exists a tradeoff between security and convenience? If so, how much security (or convenience) do you think is worth sacrificing for the other?
Do you lead by example, as in encourage hackers to do what you did, so that they can end-up as famous and well-paid security consultants? Or are you more of a "do as I say not as I do" type of role models? Thanks.
Bow before me, for I am root.
surgical experiments performed by ordained 'doctors'. unrepentant (now a major motion picture) to this day. it's all in there, & according to the native elders, it's happening again all over the wwworld.
disarm. tell the truth. the only mathematically & spiritually correct options.
Is it really possible to hide your online activity, keeping in mind that the enemy has the most advanced tools and computers to filter the traffic, and pinpoint your exact physical location?
When you were hacking and breaking into systems, how did you decide which ones to break into? Was it because of the difficulty/ease of doing it with different security setups? Or was it because of the actual people/corporations/entities behind the servers and what they stood for?
What are your opinions on the actions of groups like Lulzsec & Anon? Do you feel that they will, in the end, expand freedom on the net or just help government tighten the noose on internet restrictions?
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.
So let me ask this: How does it feel to be a 'respected' member of the security community now, after having frightened and hurt so many people back then? How does it feel to have the hacker community regard you as a hero when you've done some of the most amoral and harmful acts in modern computing history? I guess what I'm really asking is, how well do you sleep at night? Honestly.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
What has been the most common security issue that you have come across that has helped you get into more systems? Poor passwords, gullible people, or something else?
What is your computer setup? I mean hardware, OS, software you use to work.
What do you think the biggest opportunities for software businesses will be in the next five to ten years?
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Has the gal from the Social Security Administration claimed her kiss? if so, was she hot?
How would you proceed if someone broke into your company and managed to download your company's most sensitive information, and what (if anything) would you tell your clients if, for example, their sensitive info got leaked?
Are you going to fight to get back your ham radio license or is that all water under the bridge now?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Kevin, do you suspect any collusion on the part of cybersecurity companies such as Kapersky Labs or Avast! and virus creators? If there were not so many exploits in the wild, would there be a billion-dollar anti-virus industry?
Flexible bare-metal recovery for Linux/UNIX
What is the primary purpose of hacking? Has this purpose remained constant over the decades, or has it changed from your rise as a hacker up to today?
Being in prison, that is, where it's not at all gay to engage in otherwise extremely gay behaviour. Like rimming, sucking, topping, and, of course, being bottom.
Do you think in this day in age it is possible to compleatly drop off the grid and still retain regular contact with the outside world?
TFA Asserts that "Mitnick has agreed that any profits he makes on films or books that are based on his criminal activity will be assigned to the victims of his crimes for a period of seven years following his release from prison." The summary asserts that this is the reason you chose to wait before arranging for the publishing of a personal autobiography.
Given you had the opportunity to publish a copyrighted work and sell it for a profit prior to the release of your "official autobiography" under the pretense that the profits would be sent to the victims of your crimes (a number of which included theft of trade secrets and violation of copyright), why have you chosen to wait until the end of the agreement so that you could personally profit from this? And in a related question (unless you have answered it in the first), do you believe all of your crimes were vitcimless, some were, or perhaps none were?
Do you have to fight someone in jail or become somebody's bitch plus what did you do, Mr. Mitnick?
Thank you
Do you feel that the violent, threatening tactics of the police agencies and United States government against non-violent hackers is correct or justifiable and do you think they have improved since your experiences with them ?
Hi Kevin, nice to be please to meet you haha,
If infinite Kevins exist on probability axis, it is possible that you are free Kevin and still in jail being buttsexed in parallel buttsex reality configuration. Therefore if you were to encounter alterno-Kevin from some other plane on 5th or 6th dimension, what steps would you take in order to socially engineer him into giving you access to phone company supermegacomputer?
With all the advancements in bioengineering, do you think that at some time "biohackers" will emerge that will divert animal or human genomes to do what they want? Do you think that "social engineering" will one day be helpful in making someone share his/her genetic material so it can be hacked?
Having experienced "justice" of a rather harsh sort (IMO, & possibly yours, too :) ) given that what you did was relatively inconsequential despite the claims otherwise, do you now do any work towards helping keep the sort of experience you had from happening again to other hackers (note: *not* 'crackers')?
Looking forward to reading your book.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
In what area of technology did you find had the most holes for your exploitation? Was it mostly bad programming? Bad hardware? Bad protocols? Cheap companies (i.e. the security flaws were known but not addressed)?
Did you meet and hang out with other hackers in prison? I mean others who served time for computer related crimes similar to your own? Or did you make friends with any sort of people? Even non-nerds?
Kevin - do you find its better to roast chicken at a higher temperature for a shorter time? Or for a lower temperature for a longer time?
In what ways do you think Hacking (old known vulnerabilities, in out of date test systems) could be used to teach proper security in the University setting. (or even high school to promote CS,etc) -MAW
Not only is the government/sbdy spying through sw like LotusNotes (with dedicated NSA access) but other vectors of attack seem plausible too: BIOS is closed, we buy closed sourced hw with a lot of onboard memory, god knows what's the status with AES implementations in modern CPUs etc. As a consultant, what are your thoughts to companies wanting to protect themselves from government economical / tech espionage?
At last year's Defcon, you crashed the EFF Summit party, having waited until they were backed up at the door and very busy to force your way through the door and into the party. Shortly thereafter you were escorted out and you stuck around the front of the party where they had not the privileged to force you to vacate the area. Afterwards you engaged many involved in the charity event on twitter where you claimed to have been "in" the party for over two hours, were called out and subsequently harassed those that did so. Initially you seemed to just block those that had negative things to say about you, but it quickly turned into you calling some at work and harassing them.
My question for you; As a felon, do you sometimes worry that playing games with other hackers will get you into trouble?
Nothing more, what he did was worth (at most) one year in minimum security and a ruinous fine! The fact that the posturing, corrupt little villains in law enforcement chose to exploit this for their own personal aggrandizement just highlights the failings of the (so called) "Justice" system!
I killed da wabbit -Elmer Fudd
What would you suggest to the government about coming internets wars? Should all the internets go through the NSA supercomputers to profile ppl/organizations or should we encrypt all the communication streams and continue the anarchy of the internets?
In your last interview you mentioned that one of your primary goals was to change your much-maligned image as the most notorious hacker in the world into something more reputable. Have you succeeded? How has the journey been?
If so, I've been thinking about buying a guitar and wanted to know whats your preferred Make and wood finish.
Hey, you seem eager to answer every question, I thought you might enjoy a break from the norm.
Lets just say that it would help boost my spirits when I'm running from the law, and I would get to know something about you on a personal level, that would then make me interested in reading your books more.
Oh my, Look at the time. Excetera. Excetera.
-Freax.
just give him a call yourself. he has already been dox'd multiple times and several of his machines (including his health) have been exploited.
What is your /. UID? Must be like 1337 or something.
hacked your way into a girl's panties?
A good friend of mine insists that your past behavior was due to a lack of certain ethical / moral regions in your psyche, in comparison, I think its more like a different orientation of ethical / moral beliefs rather than an outright lack of certain areas. So what is your philosophical reflection on why you did what you did?
In simpler terms, were you naughty because you didn't stop to consider if it was naughty or not, or were you naughty because in your judgement at that time it was overall the right thing to do?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
In early 1994, I was a young, inexperienced sysadmin doing contract work for Colorado SuperNet. One day, Federal Marshals and corporate attorneys from a cell phone manufacturer (who shall remain unnamed) descended on us with search warrants and shut down the place for four days while they searched for stolen files. The gist of it was that _someone_ had used social engineering to convince an employee of the cell phone company to upload a phone ROM to a public FTP site, from whence it was then stolen. The FTP logs led them to an account at SuperNet.
Copies of the stolen files were indeed found on one of our servers, and I quit the job in a panic, convinced we were going to be shut down, and/or that I might somehow be liable. Quite honestly, our security had more holes than a Swiss cheese back then, and there were probably many "hackers" going in and out of the place on a daily basis.
I have always suspected that the person responsible was you, Kevin Mitnick, Was it you, and do you have any regrets for the collateral damage your actions may have caused over the years?
(Signed Anonymous due to a court order over this incident.)
Wow, some /. writer has a bit of a man-crush on Mr. Mitnick...
Even if you mean just "most famous first name in the computer security field", I would argue that the only reason his first name is famous is because people know what it is. There are many more (current) computer security hacktivists whose online pseudonyms are well known: GeoHot, comex, etc.
I work at a computer security company, yet if I were to say "Kevin" to someone, Mr. Mitnick would *NOT* instantly spring to mind.
And as timothy does not specify "computer security", only "most famous first name", we have to include *MANY* more people. Madonna, Cher, Pele, even Adolf. (Yup, it was bound to happen - I just invoked Godwin - although Godwin is a last name...)
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
> how well do you sleep at night? Honestly.
My guess is he sleeps rather well. If you have the money to spend, which he does, you can afford a very comfortable bed, sheets and soothing sound makers.
CmdrTaco is only gone a few days and here's Mitnick again. Why should this particular criminal get any play on slashdot? He wasn't even a particularly good hacker.
.
Who am I and where is my car?
.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
So what are your thoughts on stuxnet and government supported hacking? How would you do it with today's tools?
Which operating system do you use, and why?
Did you / have you brought any legal actions for the breach of rights committed in the pursuit and eventual arrest of you? Do you feel the violations were similar to ones now being taken against "terrorists"?
--WooooHoooo--
What is your opinion on anonymity - one of the Internet's greatest attributes - being attacked from all directions off late? On the one hand, governments are gunning against it citing national security and "protecting the children" as excuses, ISPs are being forced to retain activity logs thanks to the RIAA & other mobs, and the advent of Facebook, Google+, and other "people registers", are eroding privacy across the board. On the other hand, entire governments are being overthrown thanks to social revolutions with the Internet fostering freedom of speech without fear of repercussion. What is your opinion on all this and where do you see things ending up?
Care to perhaps be more specific as to what the "most amoral and harmful acts in modern computing history" are? I'm hard pressed to understand how anything Mitnick did holds a candle to the criminal mischief of botnets, extortion, and spam that now happens on a daily basis.
I read the book and absolutely loved it. Best non-fiction I've read in a looong time. As I read it I kept wondering when you'd get to the part where you got into Microsoft's network and snagged the source code to NT or Excel. But you never did. Why not?
I've often wondered if the biggest threat to security at a company is people or software. Do you think it's possible for a company to setup a reasonably secure network or is it doomed by the weakest link in the chain, users? What about OS vendors, is there anything we (i work on a BSD project) can do to prevent attacks beyond responding to security vulnerabilities and trying to offer help documents to educate users about possible dangers?
15-20 Years ago People used to abuse of external system for having the possibility to learn new technology or just curiosity. Abusing IT Platform was not considered by the ordinary man in the street as a serious crime. Now things changed and you can buy a for 2k, a server to create an IT labs with all the technology if can imagine. What differences do you see in the actual people perception of ICT abuse/crime? Do you see difference in the perception by IT people?
I see that you are now 48 years old. Do you still enjoy getting your hands dirty digging into code or do you find yourself becoming comfortable moving towards management & other roles? Where do you see yourself five years from now?
Well, I'm guessing that he is sleeping just fine if everything he did was amoral. Now if it was immoral, then he might have a problem sleeping. I'd really be interested in knowing what harm you experienced as a victim. You had your cc number stolen... and ... Did he run up charges on it? Did you lose your job, house, wife, children? Did you have to stand in line at a bank to report it stolen? Spend 30 minutes on the phone with someone with a southern accent?
There are a number of common botnets in the wild. I imagine almost every pc has some sort of bot in it. Every so often security researchers discover one. Is it conceivable that the NSA (or other nameless covert agency) has not already discovered a number of them and also figured out completely how to control it (or been in collusion with the controller or even been the agency that released it in the first place). If so, and if there is an NSA botnet, or any botnet controllable by the NSA, wouldn't that be more useful for things like (a) bypassing laws for illegal wiretaps on individual computers and (b) take the net down in national emergency and (c) many other things? To me, it is absolutely inconceivable that the NSA does not control one or more existing and prevalent botnets, and cannot use them for various purposes like spying on me or shutting me down. What do you think?
Most "hard core computer people", or whatever you want to call them, have some gaming interests.
So, what is it, minecraft, dwarf fortress, WoW, DnD online, obscure programming languages not fit for production like brainf*ck or intercal or java (just kidding about the last one... or maybe not), anyway what wastes your time? Or do you still do "analog" gaming like ESR does?
Personally, I do hex-based-wargames, text adventures, non-FPS RPGs, and simulations (xplane, civ, etc). There's a lot more out there than WW2 rail shooter sequel number 23425.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
As soon as I was told about it I canceled the card. Which was a hardship for me, considering I had just gone through a divorce and I was in bad financial straits at the time. He didn't hurt me much, but he frightened me plenty. There are others who were hurt far worse.
It frosts my chaps that this guy is treated as a hero by the hacking community. But I suppose people get the heroes they deserve. I was just wondering how Kevin feels about that.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
Do up-and-coming hackers try to make a name for themselves by going after famous hackerati like yourself, fastest-in-the-west style? What's the best prank that's been played on you by a hacker friend or fiend?
You do realize that Kev is famous for being the most famous example of a kid who was given a ridiculously harsh punishment for what amounted to a series of relatively benign crimes, do you not? He was far from the leader of a gang of identity thieves. I'm sure a few people were bent out of shape because their power was turned off, or their phone service got confusing, but nobody was living in fear.
You make the guy sound like Richard Ramirez. He was more like an Eddie Haskell who ended up in solitary confinement for years and forbidden from touching technology once released. If his original sentence stuck, he wouldn't be allowed to own a cell phone today.
Put your pitchfork away. He more than paid for his crimes.
You need to take the blue pills, not the red pills.
How much has Social Engineering changed since your first tinker?
how did you like it when I gave you the bone hard and fast last night? I was the one wearing the sombrero...
I saw an interview he did on The Colbert Report and I could swear that he did one year in solitary. The reason was something akin to the fact that because the DA told the judge that Mitnick had the ability to call up NORAD and whistle in the phone and cause all sorts of havoc on our defense system, part of his sentencing stipulated that he be kept away from telephones. The only place that met that condition in prison was solitary. So basically, as I recall it from the interview anyways, he was put there for a year as a last resort, not put there for years because that was the sentence handed down.
So for the media you were the image of a superhacker. Who in your opinion were in your time and today the hackers that would deserve far more attention from media or hacker community?
How does it feel?
3 digit? 4 digit? 5? Just curious.
sysadmins and parents of newborns get the same amount of sleep.
The people who shouldn't sleep well at night is whoever thought credit cards where a good idea. Mitnick was responsible for 'stealing' 20k cards - they're responsible for all.
Seriously, a system where you have to give all the authorization info necessary to charge money to the company/person you're paying, and where there's only one single set of numbers, making it impossible to revoke access without canceling the whole card?
Who can trust it?
I don't know about yours, but here we have accounts where we can set up 'direct debits', which not only can have limits, but can be revoked on an individual basis without affecting the account. This is the minimum for a decent payment system.
Dilbert RSS feed
Wow man, let it go. It's been a long time now. I've learned to forgive people. It's honestly better for everyone involved.
You mean they couldn't just give you a new card with a new number? Or are you saying your finances were in such bad shape that you needed an active credit card account to pay for necessities?
I don't think the frightening you and others received woudl merit the kind of treatment Kevin received. Crime is crime, however and punishments should meet the crime. Credit card theft should be punished. But thank you for your account, the media has always either glorified his exploits or painted him as a dark villain. Either account failed to mention any specific harm to individuals. From what I can recall, he was just a social hacker who gained access just for the thrill of gaining access. That last bit about doing something just for the challenge appeals to a lot of geeks, including myself.
I would hope he sleeps well since he's paid his debt to society despite the farce involved in prosecuting him.
If you were emotionally traumatized or suffered monitory damages you should have filed a civil suit.
The reason was something akin to the fact that because the DA told the judge that Mitnick had the ability to call up NORAD and whistle in the phone and cause all sorts of havoc on our defense system, part of his sentencing stipulated that he be kept away from telephones.
This is the reason prosecutors should not have immunity. Solitary confinement is torture. DA tortured Mitnick based on a completely implausible rumor. Both the DA and the judge that signed off on it belong in jail.
Give me Classic Slashdot or give me death!
Good thing credit cards limit the amount of liability you have in the case of it being stolen. I think "some of the most amoral and harmful acts" is quite an over-statement, considering how often credit card info is stolen nowadays.
Are you for real? What did he do that was so awful to you? I've had credit card numbers cloned before, sure it's a minor hassle having to call the card company and report it, but you seem to be acting as though he personally drove over your dog repeatedly. Oh no, your credit card info was stolen! You were so violated and harmed and terrorized!
Get a grip!
Like a boss.
He took both pills.
The blue one got crushed & snorted, and the red one went in his bum.
What is your home backup strategy? External media, or send it to another location? How often, and full, differential or incremental? I liked your book :)
All those moments will be lost in time, like tears in rain. Time to die.
I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.
This is like saying "Someone told me that you broke into my house at some point without my noticing. I won't ask what you stole. . ."
If you don't know, then either nothing was done with the CC info, or you were completely insulated from whatever was done (other than having to cancel the card).
I've had my CC info stolen and I found out about it when hundreds of dollars was charged to my account. This was indeed a hassle, and I certainly don't condone theft of any kind, but my chaps were more frosted by a) whoever mishandled my info in the first place, allowing it to be stolen and b) the businesses who allowed it to be used illegitimately, allowing some crook to profit from the theft.
How disappointed were you with the portrayal of your character in the movie "Operation Takedown" ?
Yes, because calling your credit card company to cancel your credit card is clearly mentally-scarring.
Burroughs said of The Naked Lunch, that it was that moment frozen in time when everyone can see whats really on the end of their fork.
That said, then, what is Kevin really doing now, when no one is watching? (pardon for bluntness, but I was an abrasive rock journalist in the 80s and learned to cut the crap for maximum return.)
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Have you or your clients send any cracker to jail? For getting into the systems you secure.
Let me answer that for you. And no, I'm not Kevin Mitnick.
You are not alone. You are 1 of a long list of many over the past 20 or 30 years that has had their financial livelihood eviscerated. If you want closure? Good luck. You might actually get something of a response from Kevin. That's more than the rest have likely gotten.
In short, yes, you were a victim. The culprit got caught, and probably did far more time than he should of (IMO). However I'd like you to ask yourself this. What has the governing bodies of the Financial and Credit information systems done to protect YOU since that happened a decade ago? You can blame all the script kiddies and credit thieves you want, and in the end they are part of the problem, but at some point you have to ask yourself, why isn't the system more difficult to compromise?
You're obviously still a little upset over the ordeal, and financial ruin can take its toll, but I'm hoping you've gotten your life back after all these years.
This wasn't meant to be harsh, and please don't take it that way, but you really can't compare the 'information structure' that Kevin infiltrated then to what exists today. Today it's much much worse and fraud is far more rampant.
In the new Deus Ex game, set in 2052, as you are infiltrating a rogue Chinese company the main character discovers that the Chinese company hired a 'penetration expert' named Kevin Mitnick? The expert does not appear in the game, but you are able to read emails from 'Kevin Mitnick'. How do you feel knowing you'll be successfully hacking for pay 40 years from now? Or more seriously, how do you feel about being included in the game this way?
They did cruelty to you on the basis of wrong claims.
Did you sue them back for abusing you ?
The people who shouldn't sleep well at night is whoever thought credit cards where a good idea.
Good, blame the victim. Mitnick was a thief and con man. I suppose you believe that people should only do the right things when they're forced to.
I too Kevin am one of your victims. As you stole my CC info could you please post the Netcom CC info along with any other CC info you might be in possession of, so that I can retrieve my CC info from the list.
Ah yes, the "Don't blame me for picking your lock; blame the manufacturer for not making it unpickable" argument.
How does it feel to be a big hero now with thousands of semi-literate amoral /. readers who think it's OK to get away with whatever you can? Who have the moral compass of a Goldman Sachs executive? Who excuse your thefts and conning good-hearted people who were not trained in security? You tried to steal US secrets and sell them to Russia, and got caught because you and your cohorts were too stupid to fool trained agents. Ever think of just shutting your big mouth?
Kevin,
Every time I see your name mentioned in an article written by Kevin Poulsen, I wonder how many people reading it know the connection. Do you have any interesting stories of crossing paths with someone your knew from your "ghost in the wire" days, or unexpected relationships you've developed or continued with people who either impacted your life, or were impacted by your actions back then?
Hey, Kevin, some years ago I bought one of your books - "The Art of Deception". Since it turned out to be a quite worthless and pathetic piece of PR fiction, in which you just glorify yourself, please have it back. Oh, and can I have my money back? The book is in mint condition.
I did stupid shit in 1979, but I was smart enough to not do anything like you did. You're an ex-con like all the other losers out there. Anyone that tries to make you a hero needs to turn off War Games and get out of the basement.
There's been a lot of hubbub lately with G+ and the the nymwars where they want to expose everyone to public scrutiny by using their real names.
What's your take on Google's stance ("go somewhere else if you want privacy") with it being an identity service as it pertains both to individual privacy and changes in how pretexting crimes will occur?
How does it feel to have the hacker community regard you as a hero[...]
Sorry, I'm going to have to stop you there. I'd just like to say that most of the "hacker community" regards Mitnick as a fuckwad.
Many good hackers nowadays got very good jobs as security consultants.
A few of them with very high salaries and very intriguing tasks.
They accomplished all that without selling fraudolent credit cards or profiting from criminal activities.
And, obviously, without making it to the FBI most wanted list.
Do you really think that was worth what you got?
Zibri
Nowadays, vs. that of "yesteryear" when you were @ work for "the dark side", so-to-speak?
APK
P.S.=> No, not counting "social engineering" methods, but, more along the lines of Operating System level (especially if "security-hardened" ala -> http://www.google.com/#sclient=psy&hl=en&source=hp&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&pbx=1&oq=%22HOW+TO+SECURE+Windows+2000%2FXP%22&aq=f&aqi=&aql=1&gs_sm=e&gs_upl=1541l9233l0l9460l31l26l0l0l0l0l407l5712l0.5.13.4.1l23l0&bav=on.2,or.r_gc.r_pw.&fp=87cd2c56f2a7d925&biw=983&bih=624 ), as well as @ the application level of softwares & Operating Systems of today, vs. those you took advantage of...
Thanks for the answer should this be submitted!
... apk
I read the book (which makes me an expert) and I can shed some light on the first part about self-incrimination/what he did with the data.
He stated in the book that the credit card data, specifically referencing the data you are talking about, was simply a trophy of his hack and he never intended to do anything with it.
He said that had he stolen money using the cards, he probably would have been able to afford a better defense. He also stated that he found some pleasure/security in the power of knowing he could use a card a day and never run out for the rest of his life. Obviously that was bullshit because the cards would no doubt expire or be cancelled before he could use them all.
I don't think he's worried about self-incrimination because, as he stated, the statute of limitations has run out.
...frightened and hurt so many people...
Inconvenienced maybe. Did someone actually steal money from you? Did anything happen to you at all besides maybe you got a phone call from the bank saying here's a new card?
... when you've done some of the most amoral and harmful acts in modern computing history.
Like what? Stealing the source code the Solaris? Making some free phone calls? How were you harmed again?
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
You moron.
He didn't 'steal' anything. That file with credit card numbers had been floating around for MONTHS. He was only guilty of having a copy, not for being the one who 'stole' it.
http://blockyourid.com/~gbpprorg/2600/the_world.txt
"With regards to the credit card numbers, this is far more misleading. For one
thing, only one computer system (Netcom) had its credit card numbers accessed,
not "computer systems around the nation." And this compromise was not even news
the Autumn, 1994, issue of 2600 reported it nearly half a year ago Apparently,
Netcom did nothing to secure the credit card numbers of its subscribers and,
despite multiple warnings and basic common sense, kept this sensitive
information online."
"Little mention is made of the fact that not one of the
20,000 credit card numbers lying around on Netcom was ever used by Mitnick, nor
was he ever suspected of benefiting financially or causing any damage."
[emphasis mine]
I worked for the company whose RT Programming Consultant owned the Well Account that led to your capture. Did you know anything about the account and its owner? Why/How did you choose it? Did you check the volume and type of traffic that was on the account before you decided to run tarballs through it? Would it have deterred you to know how well connected he was with some of the top networking and security professionals working in the Bay Area at the time? Were you surprised how quickly the FBI appeared at your motel while you were still downloading? Do your current security services customers know how sloppy you were when you were captured?
well.. if you canceled the card instead of just having them issue a new number then you're an idiot.
but he frightened me plenty
Grow a pair. Seriously, he did his time, he got out, now he's a productive member of society. Isn't that what we want of all our criminals?
Mr Mitnik, do you think the legal 'innovations' to justify your long imprisonment and stay in solitary confinement were used as a base from which to springboard the methods of imprisonment used by the US government during the "Global War on Terror (tm)"?
Did you ever drop the soap in the shower?
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.
So let me ask this: How does it feel to be a 'respected' member of the security community now, after having frightened and hurt so many people back then? How does it feel to have the hacker community regard you as a hero when you've done some of the most amoral and harmful acts in modern computing history? I guess what I'm really asking is, how well do you sleep at night? Honestly.
Seriously, put the kool-aid down.
First, when did Kevin Mitnick get into credit card stealing? Granted it's been awhile, I don't recall that being in any of the charges against him. And if he was stealing credit card info, i would imagine that would be part of the charges against him.
Second, Netcom isn't even listed in the targets he hit.
I'm going to guess, netcom fucked up, and to save face, they blamed Kevin Mitnick, and sent everyone info saying it was him, so you'd be pissed (which you still are) at him, when he wasn't the one responsible.
So, how does it feel to be played? Twice even? Seems like Netcom screwed ya twice. Hope you got a reach around with that.
Be seeing you...
Have any of your exploits unintentionally produced anything useful that's not directly related to security? For example - a lockpick that inspires the design for a new dental tool; an exploit methodology that inspired a new brew beer brewing technique......that kind of thing.
As soon as I was told about it I canceled the card. Which was a hardship for me, considering I had just gone through a divorce and I was in bad financial straits at the time. He didn't hurt me much, but he frightened me plenty. There are others who were hurt far worse.
It frosts my chaps that this guy is treated as a hero by the hacking community. But I suppose people get the heroes they deserve. I was just wondering how Kevin feels about that.
The more you post , the more you seem like a complete idiot.
Of course, your too stupid to understand, but whatever.
All Kevin ever did was show that people are stupid everywhere, and your post confirms this.
Please, I need some proof that he hacked netcom and stoled credit card info, because all I've found is some "alleged that Kevin broke into netcom and stoled credit card info" of course, it goes to say that credit card info was commonplace on the net.
So, like i said in my other post to you, you got played by netcom.
Netcom security sucked dog shit, and they got broken into. They then decided to blame Kevin Mitnick, because he was hacker public enemy #1.
That is not unlike how we blame terrorist for everything today.
You sir, not only need to turn your geek card in, you need to stop posting.
Where did you buy your low UID from? Because it's apparent you haven't been on here that long and still be so clueless.
Be seeing you...
So, your a furry huh?
http://en.wikifur.com/wiki/Remus_Shepherd
Oh, and a zoophile i see from what that says.
god the internet is great.
See, that person can be different from you, but now, since i suggested you were the same, people are going to think your a furry & a zoophile.
Not unlike how Netcom said Kevin Mitnick was responsible for the credit card stealing, though that is something he never did before or after and never even admitted to it later. But hell, the damage is done. You've carried a grudge against him for decades, even though the info you were told is most likely false.
Do you see how that works?
Anyways, have fun getting knotted or whatever weird shit you like to do with animals. Hey, it's cool. Your an adult, if you want to dress up like an animal and fuck animals, more power to you.
Be seeing you...
...Would you do it wearing Gucci or Tommy Hilfiger?
I tried to think of a good sig, and this wasn't it.
How does it feel to be blamed for other people's stupidity? I mean, when someone is too stupid, or lazy, to secure their systems and allows my personal information to get stolen, how does it feel when I blame you instead of the idiot that didn't take security seriously?
I guess what I'm really asking is, when someone hides their housekey under the doormat and some thief uses it to walk into their house and take stuff, how do you sleep at night?
Honestly.
In times of universal deceit, telling the truth gets you modded -1 Troll
Of course, your too stupid to understand, but whatever.
That line simply screams "Brilliant!"
But whatever.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Citibank has something like that. Its called virtual credit cards. They make one up. You set how much can be debited. Then it can only be used once. Guess which one I use on the psn network now...
Have used it many times on shifty sites or sites that scream 'my kid brother put this together'. 2 or 3 of them have been 'stolen' but they are no good anymore...
As a kid growing up in the middle of nowhere North Carolina, I have a very vivid memory of a famous computer hacker being transported to the local county jail. If their goal was to keep you as far removed from technology as possible then Johnston County was definitely the right place, trust me. While I'm sure it wasn't fun for you, your arrest (and the subsequent media frenzy) inspired me to learn about security and technology as well as get involved in the 2600 community.
I suspect your memories of that time are not nearly as pleasant as mine though. I'd like to know what you remember about the trip to that particular jail in rural North Carolina.
Hi Mr. Mitnick,
Is there an amount of security that would stop a gifted social engineer like yourself, and if so, how much would it typically cost a Forbes 500 company?
Read your book, it was quite entertaining and informative!
Did you ever make peace with Tsutomu Shimomura and/or John Markoff?
Where does the school board find them and why do they keep sending them to ME?
Or allow others to call you that?
You are a cracked, not a hacker. And at that, you are just a script kiddie. You haven't ever found a single vulnerability, and you haven't developed a single exploit. You relied on social engineering and script-kiddie techniques.
Why do you give Hackers a bad image? Certainly the figure of a script-kiddie who has done obvious attacks, was quickly discovered, ran away, was found and served prision time, then used his fame to make money as a security consultant, is incompatible with the average Hacker, who contributes to society by writing Free Software, works in an area he loves earning honest money, and only seldomly murders his wife and buries her in the woods.
Please stop calling yourself a hacker, you are nothing but a script kiddie.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
...
So I assume that your credit card info getting into Kevin's hands caused you grievous financial harm? Oh, it didn't? Well then.
I've yet to hear about any truly harmful acts Kevin Mitnick ever "perpetrated". Maybe I just never heard about something truly terrible and destructive, but I have my doubts.
I remember sigs. Oh, a simpler time!
I spotted the same thing and giggled, then seeing this on slashdot 24 hours later seemed a weird enough coincidence to mention -- unfortunately I lack mod points right now, so I shall just chime in by seconding your question :-)
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
In the mid-nineties, I worked for Novell and met a man who was attempting to develop the ultimate debugger for Novell and Microsoft products. I was later told that about that time you were attempting to gain access to certain Novell code. Was the dubugger guy you?
I worked at an ISP that you stored a bunch of your files at and I made a copy of them -- it was all crap. Why did you take those email and other files, I couldn't understand what was so valuable. So, why did you take what you took, and how did you "value" the files?
-r
I'd loved to seek the look on his ex-wife's face when she found out her hubby was into animals. Some funny shit here.
US-UK-Israel: The real Axis of Evil
mistake you ever made?
how many pairs of boxer shorts should you own?
Kevin, just so you know, is not highly regarded in the hacker community.
So I take it you didn't bother to take ten seconds to run a Google search about it before you went spouting off its falsehoods? One that would have provided numerous sources including the Wikipedia page on Netcom and, oh, about 35,199 others? (2,590 if you want to force the inclusion of "credit card" rather than simply "Netcom.")
Now I suppose it's possible that there is a decades-long, Internet-wide conspiracy to prepare for the day that somebody on Slashdot wanted to sound more clever than they are, spew pure speculation and use it to make some terrible joke about reach arounds, but I do have to admit that I find it rather unlikely. Slightly more likely is the possibility that Kevin Mitnick hacked 35,200 pages on the Internet to make you look bad. But all in all, I'm going to go all Occam's razor and assume that you probably just shouldn't go around acting like a stuck up prick unless you're very, very careful to be accurate.
Would you like a reach around with this? I'm easier than Netcom.
If you were able to deploy only 1 defense mechanism to a mission critical server, which one would it be and why? You have a choice of: firewall, antivirus, ids, stack smashing protector, monitors, other: please specify)
Get the fuck over it. Did you lose any money? Since when does being "frightened" make you a victim? Maybe black people should apologize to old women for forcing them to cross the street.
You were obviously a celebrity /then/ - no one can forget "Free Kevin!"
How do you feel about being a celebrity /now/? Your name is used in the most recent Deus Ex game, and you're in the Internet exhibit at the Museum of Science and Industry in Chicago.
A few questions, take what you will:
1) What did you think about the movie adaptation of Takedown? I know your opinion about both the book and movie being drastically dramatized, but I'm more interested in knowing how it felt seeing yourself being portrayed in a motion picture (or in a book, if you did not see the movie). What is your general opinion on books and films that attempt to portray the hacker and social engineering subcultures throughout the decades? Does the certain lack of verisimilitude in some media irk you due to having a high degree of knowledge in the field?
2) After serving time, you've turned around and made your skill set available for preventive measures. Despite both sides offering a worthy challenge, do you ever miss the other side (sans the legal issues)? Do you still get similar thrills now that you're on the other side of the proverbial wall (if such a metaphor is even valid)?
3) I know that there are a lot of "Then versus Now" questions, so I'll try to keep this one focused to one area: Do you feel a sense of overwhelming complexity and bloatedness in both tech and security compared to previous decades? Individuals and small groups may have dominated in the 80s and 90s, but now it feels more and more that it requires nation state-sized entities to carry out outstanding cracks, and it takes large-scale security firms to prevent them. Is this perhaps just a misperception? What insights do you have?
4) This is a bit inspired by some of the other questions that I've been seeing. I imagine you get a lot of goading comments from people who claim you weren't/aren't a real hacker. I'm guessing at this point you shrug it off, but just out of curiosity what goes through your mind when you hear that kind of stuff? Have these critiques/insults ever had a major impact on you? Do you think there's some legitimacy in some remarks, or maybe they're more motivated to discredit someone with some celebrity status when they feel others ought to have more of the spotlight? Maybe it doesn't matter all that much, but I'm just curious. :-)
I have all sorts of other questions, but those are the three I've always thought about asking Kevin Mitnick if I ever got the chance. I've always been a big fan of his writing, as well as his life story. Can't wait to see this interview unfold.
History is little else but a picture of human crimes and misfortunes
Has anyone really been far even as decided to use even go want to do look more like?
Does it worry you that while the contemporary problem is advanced persistent threat, people are looking out for and protecting against script kiddy type attacks?
Take off every 'sig' !!
"considering I had just gone through a divorce and I was in bad financial straits at the time"
Right, so what you're saying is that you'd fuck up your finances, your wife had left you, and you blame Kevin for how much of a fuckup you were.
"He didn't hurt me much, but he frightened me plenty."
Right. Because it's so scary having to get a new card issued. Oh except for some irrational, illogical reason you didn't do that, you cancelled it.
It sounds like you really fucked up your life, but rather than take responsibility for that, you blame Kevin.
"It frosts my chaps that this guy is treated as a hero by the hacking community."
Not so much a hero but people are sympathetic to him because the treatment he suffered was completely and utterly unacceptable- the authorities showed themselves to be far worse than he ever was. Putting a mischief maker in solitary for a year? That's not just right.
"I was just wondering how Kevin feels about that."
He probably just feels that you're a whiney cock who got everything he deserved- no I don't mean the credit card thing, I mean your wife leaving you, and your finances being fucked up.
Take a look at yourself, it sounds like you were the problem, not Kevin. Your ex-wife would seem to agree too. The common factor in your problems is you.
Free Kevin!!
It seems to me that the movie is quite fair with you :
In a scene we can see "Kevin" ashamed by how they treat him in the press (like a dangerous criminal) and looking a computer screen, saying that "I could take millions of dollars right here, but I don't do that!". This scene describe a Mitnik rather honest but treated unfairly.
The Raleigh episode (with the Cellscope 2000 and FBI arrival) seems technically accurate.
Also the movie clearly depict a Kevin who use both social engineering and great technical skills.
I know they made up the "Contempt" program and your encounter with Shimomura, this was to make the movie "look good".
There are also a few silly things I guess.
However the movie seems not that far from reality.
Could you share your feelings about how they depicted you and the technical and social engineering parts ?
No, I'm blaming the people who've come up and promoted the system.
I specifically said "they're responsible for all." The victim couldn't be responsible for all, now could it? At most (s)he would be responsible for one.
Dilbert RSS feed
Direct debits are a million times worse than credit cards. If someone runs up a bill on your credit card, you tell them it's fraud and don't pay it. If someone takes too much out on a direct debit, sure you'll get your money back... in 1-2 months. Also, any chump with your sort code and account number (which you have to hand out to people who want to send you money) can set up a direct debit on your account.
I am trolling
Um, no. Torture is torture. Waterboarding is torture, and that's a fight that needs to be fought. Solitary confinement... isn't.
I am trolling
Why did you stay in the United States while on the run ?
What do you think of the recent story of wikileaks and Assange's legal troubles? Also, what is your opinion about publishing restricted information on the web?
The only factual omission in the history of your endeavors is the identity of your Israeli friend nicknamed "JSZ". When are you going to reveal who he is? I'm surprised that more people aren't curious to find out, because clearly this person has played a big role in perpetrating your attacks.
What would you suggest to government(s) about cyberwarfare? What are your thoughts on the current strategy and tools?
So, having a close sourced BIOS, a close sourced CPU with god knows what AES implementation and a lot of hw with onboard memory, LotusNotes with dedicated NSA access etc. as a consultant, what are your thoughts to companies that want to protect themselves against economical / tech espionage?
In your book you allude the the possibility that hacking was a behavioral addiction, and at one point you were "clean" for a long stretch, but then returned to old behaviors to investigate your brother's death. Do you consider that your drive to hack, at great risk to a normal life, was an addiction after all?
It's interesting, then, that there are over a dozen Anonymous Cowards defending him in response to my post. Sure looks like some people regard him as a role model.
Look, this incident was a long time ago and I've recovered completely from it both emotionally and financially. I just hate seeing the idol worship of bad people. Kevin Mitnick is a bad person. He shouldn't be given a Slashdot 'Ask' thread, he should be shunned. His bad reputation damages all those who associate with him, and Slashdot is opening itself up to that.
What might change my mind about that? Well, if Mitnick feels guilt and remorse for his crimes, I'll take that as a sign that he's grown and become a better person. And that's what I wanted to ask him; how well does he sleep at night? If the answer is 'sometimes not well', then I'll gain a measure of respect for the man and it won't bother me as much when I see people fawning over him like some kind of celebrity.
But until I see that little glint of humility, all I can do is shake my head sadly at all those defending him. You losers sure know how to miss a point.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
No, I'm blaming the people who've come up and promoted the system.
I specifically said "they're responsible for all." The victim couldn't be responsible for all, now could it? At most (s)he would be responsible for one.
Yep, you're a dumbass.
I don't know what kind of system you have running there, but here only the owner of the account can set up direct debits. The company I want to pay to gives me two numbers, and I create on my own account a "Debit Authorization" that allows them to charge monthly. And I can revoke each Authorization on an individual basis.
If someone takes too much out on a direct debit, sure you'll get your money back... in 1-2 months.
Nope, you can choose the limit for each Authorization. I have a limit for my cable bill, a different one for my electricity bill, etc.
To quote my national bank:
consumers (debtors) wishing to make direct debit payments shall hold a bank account and shall expressly authorize the debit of the amounts to be collected in such accounts.(...) Each debtor must issue a âoedirect debit authorisationâ, under which the creditor may regularly collect the amounts due.
Frankly, I'm appalled by your banking systems. Insecure direct debits, paying to use ATMs outside your own bank, it's a mess.
Dilbert RSS feed
Yes, I am, but I'm also right, as we can see by your lack of arguments.
Dilbert RSS feed
If you read my post carefully, you'll see I actually blame both.
Dilbert RSS feed
We have both, but our virtual CCs are more for single uses, they expire in a month. Great for online purchases, not so great for recurring charges.
Dilbert RSS feed
would you still call the FBI and the companies you hacked into to help you figure out what they knew about you, or to distract them on a wild goose chase? I know if I was in your shoes and I found out they knew something about me, calling the FBI would be the last thing I would do. However, in your case you were a pro at social engineering, and knew the consequences of getting caught - you wanted to avoid it at all costs. But in today's world, is that even viable? In my experience, even small-medium sized companies are training employees on security and social engineering. It would seem the FBI would be much more aware these days as well.
Mitnick was a mastermind "social engineer". Not a computer "hacker"/cracker/phreaker. He was/is a con-man with a penchant for computers.
there are 3 kinds of people:
* those who can count
* those who can't
Glad to see your book is available for purchase as a Ebook on Amazon. But given your background, don't you think it would be more appropriate for people to just download it via Bittorrent?
So what was so special about shimomura's virus and what's his connection with NSA?
So I take it you didn't bother to take ten seconds to run a Google search about it before you went spouting off its falsehoods? One that would have provided numerous sources including the Wikipedia page on Netcom and, oh, about 35,199 others? (2,590 if you want to force the inclusion of "credit card" rather than simply "Netcom.")
Now I suppose it's possible that there is a decades-long, Internet-wide conspiracy to prepare for the day that somebody on Slashdot wanted to sound more clever than they are, spew pure speculation and use it to make some terrible joke about reach arounds, but I do have to admit that I find it rather unlikely. Slightly more likely is the possibility that Kevin Mitnick hacked 35,200 pages on the Internet to make you look bad. But all in all, I'm going to go all Occam's razor and assume that you probably just shouldn't go around acting like a stuck up prick unless you're very, very careful to be accurate.
Would you like a reach around with this? I'm easier than Netcom.
I did google, and seeing my comprehension is better then yours, if he did steal all those credit cards, how come he wasn't even charged with it? In fact, you don't find any credit card theft charges listed in any charges against him.
Look, I'd ask Kevin straight up if I knew him. And since we are going all Occam's razor here, then how about this.
Corporations are about 1 thing only. Greed. They are to make as much money for their shareholders are possible. Also, when people screw up, they like to blame others, never themselves, mainly when it costs lots of money and you can get fired for the fuck up.
Netcom got broken into via computers and a bunch of credit cards got stolen.
So, Occam's razor would be, that the admin fucked up on his security, and to cover his ass, he blamed the FBI's most wanted hacker, Kevin Mitnick, instead of admitting that their securty wasn't the best.
Otherwise, your suggesting that Kevin Mitnick was doing something there has never been any evidance of, and if there had been, he would of been charged with it.
Here's the the thing, I don't like Kevin Mitnick, never had. But it had been obvious from the start that he was being railroaded to make some peeps feel happy while the reality is they didn't learn their lessons and improve security. The biggest clue of this? Social Enginneering is still one of the easist ways to get access to a system.
Be seeing you...
When you, myself and many others were younger, you could do all sorts of digital stuff while under 18 without any concerns about geting in trouble.
WIth how things are today, how do we get kids to learn these skills? Where does someone learn safely how to break into a newtwork?
Are any rewarding alternative choices available today to a kid inclined to use his skill to crack into other people's systems?
What are your thoughts on the hbgary/Aaron Barr saga.
Well, according to a guard in a Discovery channel program on jails, people go bonkers in solitary confinement. If true, I'd qualify long term solitary as torture.
Bert
What operating system is safest in desktop use? You most likely want to make difference between
a) Average users with random attacks from the net.
b) Someone who would be targeted by highly skilled attackers with lots of money and resources.