Slashdot Mirror
Ask Kevin Mitnick
The hacker with perhaps the most famous first name around, Kevin Mitnick, has gone from computer hacking of the sort that gets one on the FBI's Most Wanted list (and into years of solitary confinement) to respected security consultant and author, helping people minimize the sort of security holes he once exploited for fun. His new book is called Ghost in the Wires: My Adventures as the World's Most Wanted Hacker; it's his first since the expiration of an agreement that he could not profit from books written about his criminal activity. Kevin's agreed to answer your questions; we'll pass the best ones on to him, and print his answers when they're ready. Note: Kevin also answered Slashdot questions most of a decade ago; that's a good place to start. Please observe the Slashdot interview guidelines: ask as many questions as you want, but please keep them to one per comment.
What and how much has changed nowadays? In other words, how would a (hacker) Kevin Mitnick getting started in 2011 hack and exploit?
Do you own a Guy Fawkes mask, or have an opinion of Anonymous' activities?
You have gone from hacker/cracker to security consultant via quite a difficult route. If you just wanted the money, there would have been far easier ways.
Today, the most well-known kiddies tend to do something high profile but requiring little technical brilliance and move quickly to "legitimate" jobs. The majority of "security consultants" don't really have much technical knowledge at all, being more public relations/ass-covering types.
With this in mind, what advice do you have to people who like to study security for its own sake? Should they keep quiet about what they do, developing an academic career so they can research to their heart's content without commercial pressures?
Or does everyone clever sell out in the end?
How do you think would have happened in a scenario where you managed to escape the FBI and the hackers that helped them?
Is it possible to be completely anonymous from home? I.e. launch an attack from home and get away with it?
ics
What would you recommend to organizations to curtail the sort of social engineering break-ins for gaining unauthorized entry?
That's not what I meant.
Kevin Mitnick was recently on Colbert Report to promote his book. Here is the link if anyone's interested.
How on Earth did Kevin and Lewis make-up? How could Kevin forgive Lewis all that?...
1) Taking his wife and
2) [wearing a wire/leading him into a trap] to get arrested?
W.T.F.... how???
Should you find a security vulnerability (either in an open source project, a commercial product, or a company's hosted systems), what procedure would you consider "responsible disclosure" to the parties who are considered owners of the product? I recognize that each of the three cases listed above could vary significantly.
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
What cybersecurity threats do you see as the most dangerous to the Internet now?
Was it worth it? Is there an upside to your experiences the last ten years?
Huh? If they're dead, what's the problem? It would be much more evil to steal the identities of living people. If he killed the infants to steal their identities, then I think you'd have a point.
(Note: I don't actually know anything about this guy or what he did)
which is totally what she said
The minor political movement surrounding your incarceration would likely not happen today. Hacking has become a state-sponsored activity, with China attacking Google and America/Israel attacking Iran.
Do you think your life would be a lot different if you were born 10 years later?
Would you agree that mostly there exists a tradeoff between security and convenience? If so, how much security (or convenience) do you think is worth sacrificing for the other?
Do you lead by example, as in encourage hackers to do what you did, so that they can end-up as famous and well-paid security consultants? Or are you more of a "do as I say not as I do" type of role models? Thanks.
Bow before me, for I am root.
When you were hacking and breaking into systems, how did you decide which ones to break into? Was it because of the difficulty/ease of doing it with different security setups? Or was it because of the actual people/corporations/entities behind the servers and what they stood for?
What are your opinions on the actions of groups like Lulzsec & Anon? Do you feel that they will, in the end, expand freedom on the net or just help government tighten the noose on internet restrictions?
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.
So let me ask this: How does it feel to be a 'respected' member of the security community now, after having frightened and hurt so many people back then? How does it feel to have the hacker community regard you as a hero when you've done some of the most amoral and harmful acts in modern computing history? I guess what I'm really asking is, how well do you sleep at night? Honestly.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
What has been the most common security issue that you have come across that has helped you get into more systems? Poor passwords, gullible people, or something else?
What is your computer setup? I mean hardware, OS, software you use to work.
What do you think the biggest opportunities for software businesses will be in the next five to ten years?
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Has the gal from the Social Security Administration claimed her kiss? if so, was she hot?
How would you proceed if someone broke into your company and managed to download your company's most sensitive information, and what (if anything) would you tell your clients if, for example, their sensitive info got leaked?
Are you going to fight to get back your ham radio license or is that all water under the bridge now?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Kevin, do you suspect any collusion on the part of cybersecurity companies such as Kapersky Labs or Avast! and virus creators? If there were not so many exploits in the wild, would there be a billion-dollar anti-virus industry?
Flexible bare-metal recovery for Linux/UNIX
What is the primary purpose of hacking? Has this purpose remained constant over the decades, or has it changed from your rise as a hacker up to today?
TFA Asserts that "Mitnick has agreed that any profits he makes on films or books that are based on his criminal activity will be assigned to the victims of his crimes for a period of seven years following his release from prison." The summary asserts that this is the reason you chose to wait before arranging for the publishing of a personal autobiography.
Given you had the opportunity to publish a copyrighted work and sell it for a profit prior to the release of your "official autobiography" under the pretense that the profits would be sent to the victims of your crimes (a number of which included theft of trade secrets and violation of copyright), why have you chosen to wait until the end of the agreement so that you could personally profit from this? And in a related question (unless you have answered it in the first), do you believe all of your crimes were vitcimless, some were, or perhaps none were?
Mitnick made his way by stealing the personal identification of *dead infants*. He's a sociopath.
Maybe if he stole them for shits and giggles, but the identities of dead infants have two significant properties: They're real identities and they're not in use. If there was another class of people with the same or better potential for clean identity theft, he probably would have stolen their identities too.
With all the advancements in bioengineering, do you think that at some time "biohackers" will emerge that will divert animal or human genomes to do what they want? Do you think that "social engineering" will one day be helpful in making someone share his/her genetic material so it can be hacked?
Is it really possible to hide your online activity, keeping in mind that the enemy has the most advanced tools and computers to filter the traffic, and pinpoint your exact physical location?
To expand slightly on the above question, I think the "enemy" in this case needs to be properly defined. Is it a Corporation or the Government? If Government, which Government? (IE I don't think China would give the NSA / CIA access to their backbone routers to start monitoring traffic).
With that change, How do you suggest we as citizens of the net go about to protect ourselves properly? How can a whistle-blower be safe in today's connected world?
Having experienced "justice" of a rather harsh sort (IMO, & possibly yours, too :) ) given that what you did was relatively inconsequential despite the claims otherwise, do you now do any work towards helping keep the sort of experience you had from happening again to other hackers (note: *not* 'crackers')?
Looking forward to reading your book.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
In what area of technology did you find had the most holes for your exploitation? Was it mostly bad programming? Bad hardware? Bad protocols? Cheap companies (i.e. the security flaws were known but not addressed)?
Did you meet and hang out with other hackers in prison? I mean others who served time for computer related crimes similar to your own? Or did you make friends with any sort of people? Even non-nerds?
It isn't. The crime is the digital equivalents of Breaking & Entering, Trespassing, Vandalism, Industrial Espionage/Sabotage...
At last year's Defcon, you crashed the EFF Summit party, having waited until they were backed up at the door and very busy to force your way through the door and into the party. Shortly thereafter you were escorted out and you stuck around the front of the party where they had not the privileged to force you to vacate the area. Afterwards you engaged many involved in the charity event on twitter where you claimed to have been "in" the party for over two hours, were called out and subsequently harassed those that did so. Initially you seemed to just block those that had negative things to say about you, but it quickly turned into you calling some at work and harassing them.
My question for you; As a felon, do you sometimes worry that playing games with other hackers will get you into trouble?
Nothing more, what he did was worth (at most) one year in minimum security and a ruinous fine! The fact that the posturing, corrupt little villains in law enforcement chose to exploit this for their own personal aggrandizement just highlights the failings of the (so called) "Justice" system!
I killed da wabbit -Elmer Fudd
In your last interview you mentioned that one of your primary goals was to change your much-maligned image as the most notorious hacker in the world into something more reputable. Have you succeeded? How has the journey been?
If so, I've been thinking about buying a guitar and wanted to know whats your preferred Make and wood finish.
Hey, you seem eager to answer every question, I thought you might enjoy a break from the norm.
Lets just say that it would help boost my spirits when I'm running from the law, and I would get to know something about you on a personal level, that would then make me interested in reading your books more.
Oh my, Look at the time. Excetera. Excetera.
-Freax.
hacked your way into a girl's panties?
A good friend of mine insists that your past behavior was due to a lack of certain ethical / moral regions in your psyche, in comparison, I think its more like a different orientation of ethical / moral beliefs rather than an outright lack of certain areas. So what is your philosophical reflection on why you did what you did?
In simpler terms, were you naughty because you didn't stop to consider if it was naughty or not, or were you naughty because in your judgement at that time it was overall the right thing to do?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Wow, some /. writer has a bit of a man-crush on Mr. Mitnick...
Even if you mean just "most famous first name in the computer security field", I would argue that the only reason his first name is famous is because people know what it is. There are many more (current) computer security hacktivists whose online pseudonyms are well known: GeoHot, comex, etc.
I work at a computer security company, yet if I were to say "Kevin" to someone, Mr. Mitnick would *NOT* instantly spring to mind.
And as timothy does not specify "computer security", only "most famous first name", we have to include *MANY* more people. Madonna, Cher, Pele, even Adolf. (Yup, it was bound to happen - I just invoked Godwin - although Godwin is a last name...)
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
CmdrTaco is only gone a few days and here's Mitnick again. Why should this particular criminal get any play on slashdot? He wasn't even a particularly good hacker.
.
Who am I and where is my car?
.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Did you / have you brought any legal actions for the breach of rights committed in the pursuit and eventual arrest of you? Do you feel the violations were similar to ones now being taken against "terrorists"?
--WooooHoooo--
What is your opinion on anonymity - one of the Internet's greatest attributes - being attacked from all directions off late? On the one hand, governments are gunning against it citing national security and "protecting the children" as excuses, ISPs are being forced to retain activity logs thanks to the RIAA & other mobs, and the advent of Facebook, Google+, and other "people registers", are eroding privacy across the board. On the other hand, entire governments are being overthrown thanks to social revolutions with the Internet fostering freedom of speech without fear of repercussion. What is your opinion on all this and where do you see things ending up?
I read the book and absolutely loved it. Best non-fiction I've read in a looong time. As I read it I kept wondering when you'd get to the part where you got into Microsoft's network and snagged the source code to NT or Excel. But you never did. Why not?
I see that you are now 48 years old. Do you still enjoy getting your hands dirty digging into code or do you find yourself becoming comfortable moving towards management & other roles? Where do you see yourself five years from now?
Well, I'm guessing that he is sleeping just fine if everything he did was amoral. Now if it was immoral, then he might have a problem sleeping. I'd really be interested in knowing what harm you experienced as a victim. You had your cc number stolen... and ... Did he run up charges on it? Did you lose your job, house, wife, children? Did you have to stand in line at a bank to report it stolen? Spend 30 minutes on the phone with someone with a southern accent?
Most "hard core computer people", or whatever you want to call them, have some gaming interests.
So, what is it, minecraft, dwarf fortress, WoW, DnD online, obscure programming languages not fit for production like brainf*ck or intercal or java (just kidding about the last one... or maybe not), anyway what wastes your time? Or do you still do "analog" gaming like ESR does?
Personally, I do hex-based-wargames, text adventures, non-FPS RPGs, and simulations (xplane, civ, etc). There's a lot more out there than WW2 rail shooter sequel number 23425.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
As soon as I was told about it I canceled the card. Which was a hardship for me, considering I had just gone through a divorce and I was in bad financial straits at the time. He didn't hurt me much, but he frightened me plenty. There are others who were hurt far worse.
It frosts my chaps that this guy is treated as a hero by the hacking community. But I suppose people get the heroes they deserve. I was just wondering how Kevin feels about that.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
If there was another class of people with the same or better potential for clean identity theft, he probably would have stolen their identities too.
I was watching "I [almost] got away with it" on TV the other day, and the perps solution to identity theft was rather low tech. He befriended homeless people who looked similar to himself, and stole physical SSN documents from them. Then he went and got legit drivers' licenses etc
I am Slashdot. Are you Slashdot as well?
Right - "I wasn't in her house to rob her, I just wanted to see what was in her fridge and see what kind of undies she liked."
He's getting rather old, but he's a good mouse.
How much has Social Engineering changed since your first tinker?
I saw an interview he did on The Colbert Report and I could swear that he did one year in solitary. The reason was something akin to the fact that because the DA told the judge that Mitnick had the ability to call up NORAD and whistle in the phone and cause all sorts of havoc on our defense system, part of his sentencing stipulated that he be kept away from telephones. The only place that met that condition in prison was solitary. So basically, as I recall it from the interview anyways, he was put there for a year as a last resort, not put there for years because that was the sentence handed down.
Lotus Notes is still around? *crunching on my VisiCalc spreadsheet*
3 digit? 4 digit? 5? Just curious.
sysadmins and parents of newborns get the same amount of sleep.
The people who shouldn't sleep well at night is whoever thought credit cards where a good idea. Mitnick was responsible for 'stealing' 20k cards - they're responsible for all.
Seriously, a system where you have to give all the authorization info necessary to charge money to the company/person you're paying, and where there's only one single set of numbers, making it impossible to revoke access without canceling the whole card?
Who can trust it?
I don't know about yours, but here we have accounts where we can set up 'direct debits', which not only can have limits, but can be revoked on an individual basis without affecting the account. This is the minimum for a decent payment system.
Dilbert RSS feed
Wow man, let it go. It's been a long time now. I've learned to forgive people. It's honestly better for everyone involved.
You mean they couldn't just give you a new card with a new number? Or are you saying your finances were in such bad shape that you needed an active credit card account to pay for necessities?
I don't think the frightening you and others received woudl merit the kind of treatment Kevin received. Crime is crime, however and punishments should meet the crime. Credit card theft should be punished. But thank you for your account, the media has always either glorified his exploits or painted him as a dark villain. Either account failed to mention any specific harm to individuals. From what I can recall, he was just a social hacker who gained access just for the thrill of gaining access. That last bit about doing something just for the challenge appeals to a lot of geeks, including myself.
The reason was something akin to the fact that because the DA told the judge that Mitnick had the ability to call up NORAD and whistle in the phone and cause all sorts of havoc on our defense system, part of his sentencing stipulated that he be kept away from telephones.
This is the reason prosecutors should not have immunity. Solitary confinement is torture. DA tortured Mitnick based on a completely implausible rumor. Both the DA and the judge that signed off on it belong in jail.
Give me Classic Slashdot or give me death!
What is your home backup strategy? External media, or send it to another location? How often, and full, differential or incremental? I liked your book :)
All those moments will be lost in time, like tears in rain. Time to die.
How disappointed were you with the portrayal of your character in the movie "Operation Takedown" ?
Burroughs said of The Naked Lunch, that it was that moment frozen in time when everyone can see whats really on the end of their fork.
That said, then, what is Kevin really doing now, when no one is watching? (pardon for bluntness, but I was an abrasive rock journalist in the 80s and learned to cut the crap for maximum return.)
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Have you or your clients send any cracker to jail? For getting into the systems you secure.
In the new Deus Ex game, set in 2052, as you are infiltrating a rogue Chinese company the main character discovers that the Chinese company hired a 'penetration expert' named Kevin Mitnick? The expert does not appear in the game, but you are able to read emails from 'Kevin Mitnick'. How do you feel knowing you'll be successfully hacking for pay 40 years from now? Or more seriously, how do you feel about being included in the game this way?
The people who shouldn't sleep well at night is whoever thought credit cards where a good idea.
Good, blame the victim. Mitnick was a thief and con man. I suppose you believe that people should only do the right things when they're forced to.
How does it feel to be a big hero now with thousands of semi-literate amoral /. readers who think it's OK to get away with whatever you can? Who have the moral compass of a Goldman Sachs executive? Who excuse your thefts and conning good-hearted people who were not trained in security? You tried to steal US secrets and sell them to Russia, and got caught because you and your cohorts were too stupid to fool trained agents. Ever think of just shutting your big mouth?
Kevin,
Every time I see your name mentioned in an article written by Kevin Poulsen, I wonder how many people reading it know the connection. Do you have any interesting stories of crossing paths with someone your knew from your "ghost in the wire" days, or unexpected relationships you've developed or continued with people who either impacted your life, or were impacted by your actions back then?
There's been a lot of hubbub lately with G+ and the the nymwars where they want to expose everyone to public scrutiny by using their real names.
What's your take on Google's stance ("go somewhere else if you want privacy") with it being an identity service as it pertains both to individual privacy and changes in how pretexting crimes will occur?
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
You moron.
He didn't 'steal' anything. That file with credit card numbers had been floating around for MONTHS. He was only guilty of having a copy, not for being the one who 'stole' it.
http://blockyourid.com/~gbpprorg/2600/the_world.txt
"With regards to the credit card numbers, this is far more misleading. For one
thing, only one computer system (Netcom) had its credit card numbers accessed,
not "computer systems around the nation." And this compromise was not even news
the Autumn, 1994, issue of 2600 reported it nearly half a year ago Apparently,
Netcom did nothing to secure the credit card numbers of its subscribers and,
despite multiple warnings and basic common sense, kept this sensitive
information online."
"Little mention is made of the fact that not one of the
20,000 credit card numbers lying around on Netcom was ever used by Mitnick, nor
was he ever suspected of benefiting financially or causing any damage."
[emphasis mine]
well.. if you canceled the card instead of just having them issue a new number then you're an idiot.
but he frightened me plenty
Grow a pair. Seriously, he did his time, he got out, now he's a productive member of society. Isn't that what we want of all our criminals?
Did you ever drop the soap in the shower?
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.
So let me ask this: How does it feel to be a 'respected' member of the security community now, after having frightened and hurt so many people back then? How does it feel to have the hacker community regard you as a hero when you've done some of the most amoral and harmful acts in modern computing history? I guess what I'm really asking is, how well do you sleep at night? Honestly.
Seriously, put the kool-aid down.
First, when did Kevin Mitnick get into credit card stealing? Granted it's been awhile, I don't recall that being in any of the charges against him. And if he was stealing credit card info, i would imagine that would be part of the charges against him.
Second, Netcom isn't even listed in the targets he hit.
I'm going to guess, netcom fucked up, and to save face, they blamed Kevin Mitnick, and sent everyone info saying it was him, so you'd be pissed (which you still are) at him, when he wasn't the one responsible.
So, how does it feel to be played? Twice even? Seems like Netcom screwed ya twice. Hope you got a reach around with that.
Be seeing you...
As soon as I was told about it I canceled the card. Which was a hardship for me, considering I had just gone through a divorce and I was in bad financial straits at the time. He didn't hurt me much, but he frightened me plenty. There are others who were hurt far worse.
It frosts my chaps that this guy is treated as a hero by the hacking community. But I suppose people get the heroes they deserve. I was just wondering how Kevin feels about that.
The more you post , the more you seem like a complete idiot.
Of course, your too stupid to understand, but whatever.
All Kevin ever did was show that people are stupid everywhere, and your post confirms this.
Please, I need some proof that he hacked netcom and stoled credit card info, because all I've found is some "alleged that Kevin broke into netcom and stoled credit card info" of course, it goes to say that credit card info was commonplace on the net.
So, like i said in my other post to you, you got played by netcom.
Netcom security sucked dog shit, and they got broken into. They then decided to blame Kevin Mitnick, because he was hacker public enemy #1.
That is not unlike how we blame terrorist for everything today.
You sir, not only need to turn your geek card in, you need to stop posting.
Where did you buy your low UID from? Because it's apparent you haven't been on here that long and still be so clueless.
Be seeing you...
So, your a furry huh?
http://en.wikifur.com/wiki/Remus_Shepherd
Oh, and a zoophile i see from what that says.
god the internet is great.
See, that person can be different from you, but now, since i suggested you were the same, people are going to think your a furry & a zoophile.
Not unlike how Netcom said Kevin Mitnick was responsible for the credit card stealing, though that is something he never did before or after and never even admitted to it later. But hell, the damage is done. You've carried a grudge against him for decades, even though the info you were told is most likely false.
Do you see how that works?
Anyways, have fun getting knotted or whatever weird shit you like to do with animals. Hey, it's cool. Your an adult, if you want to dress up like an animal and fuck animals, more power to you.
Be seeing you...
...Would you do it wearing Gucci or Tommy Hilfiger?
I tried to think of a good sig, and this wasn't it.
How does it feel to be blamed for other people's stupidity? I mean, when someone is too stupid, or lazy, to secure their systems and allows my personal information to get stolen, how does it feel when I blame you instead of the idiot that didn't take security seriously?
I guess what I'm really asking is, when someone hides their housekey under the doormat and some thief uses it to walk into their house and take stuff, how do you sleep at night?
Honestly.
In times of universal deceit, telling the truth gets you modded -1 Troll
Of course, your too stupid to understand, but whatever.
That line simply screams "Brilliant!"
But whatever.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
related: have you met Bubba ( from infamous BSA posters ) in prison and was it a painful meeting?
Hi Mr. Mitnick,
Is there an amount of security that would stop a gifted social engineer like yourself, and if so, how much would it typically cost a Forbes 500 company?
Read your book, it was quite entertaining and informative!
Did you ever make peace with Tsutomu Shimomura and/or John Markoff?
Where does the school board find them and why do they keep sending them to ME?
Or allow others to call you that?
You are a cracked, not a hacker. And at that, you are just a script kiddie. You haven't ever found a single vulnerability, and you haven't developed a single exploit. You relied on social engineering and script-kiddie techniques.
Why do you give Hackers a bad image? Certainly the figure of a script-kiddie who has done obvious attacks, was quickly discovered, ran away, was found and served prision time, then used his fame to make money as a security consultant, is incompatible with the average Hacker, who contributes to society by writing Free Software, works in an area he loves earning honest money, and only seldomly murders his wife and buries her in the woods.
Please stop calling yourself a hacker, you are nothing but a script kiddie.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
So I assume that your credit card info getting into Kevin's hands caused you grievous financial harm? Oh, it didn't? Well then.
I've yet to hear about any truly harmful acts Kevin Mitnick ever "perpetrated". Maybe I just never heard about something truly terrible and destructive, but I have my doubts.
I remember sigs. Oh, a simpler time!
I spotted the same thing and giggled, then seeing this on slashdot 24 hours later seemed a weird enough coincidence to mention -- unfortunately I lack mod points right now, so I shall just chime in by seconding your question :-)
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
I'd loved to seek the look on his ex-wife's face when she found out her hubby was into animals. Some funny shit here.
US-UK-Israel: The real Axis of Evil
mistake you ever made?
how many pairs of boxer shorts should you own?
So I take it you didn't bother to take ten seconds to run a Google search about it before you went spouting off its falsehoods? One that would have provided numerous sources including the Wikipedia page on Netcom and, oh, about 35,199 others? (2,590 if you want to force the inclusion of "credit card" rather than simply "Netcom.")
Now I suppose it's possible that there is a decades-long, Internet-wide conspiracy to prepare for the day that somebody on Slashdot wanted to sound more clever than they are, spew pure speculation and use it to make some terrible joke about reach arounds, but I do have to admit that I find it rather unlikely. Slightly more likely is the possibility that Kevin Mitnick hacked 35,200 pages on the Internet to make you look bad. But all in all, I'm going to go all Occam's razor and assume that you probably just shouldn't go around acting like a stuck up prick unless you're very, very careful to be accurate.
Would you like a reach around with this? I'm easier than Netcom.
If you were able to deploy only 1 defense mechanism to a mission critical server, which one would it be and why? You have a choice of: firewall, antivirus, ids, stack smashing protector, monitors, other: please specify)
you're a tard.
In his glory days it was a special privilege to even have email. usually at a steep per transaction + long distance cost on time shared mainframes. At one point we valued the privacy of mail instead of letting every money whore on the pipe sniff its ass, and it was usually more important than "dude I just downed thries ceg!!! LOL" due to the overhead of having equipment, phone service and system access.
now get the fuck off my lawn
You were obviously a celebrity /then/ - no one can forget "Free Kevin!"
How do you feel about being a celebrity /now/? Your name is used in the most recent Deus Ex game, and you're in the Internet exhibit at the Museum of Science and Industry in Chicago.
A few questions, take what you will:
1) What did you think about the movie adaptation of Takedown? I know your opinion about both the book and movie being drastically dramatized, but I'm more interested in knowing how it felt seeing yourself being portrayed in a motion picture (or in a book, if you did not see the movie). What is your general opinion on books and films that attempt to portray the hacker and social engineering subcultures throughout the decades? Does the certain lack of verisimilitude in some media irk you due to having a high degree of knowledge in the field?
2) After serving time, you've turned around and made your skill set available for preventive measures. Despite both sides offering a worthy challenge, do you ever miss the other side (sans the legal issues)? Do you still get similar thrills now that you're on the other side of the proverbial wall (if such a metaphor is even valid)?
3) I know that there are a lot of "Then versus Now" questions, so I'll try to keep this one focused to one area: Do you feel a sense of overwhelming complexity and bloatedness in both tech and security compared to previous decades? Individuals and small groups may have dominated in the 80s and 90s, but now it feels more and more that it requires nation state-sized entities to carry out outstanding cracks, and it takes large-scale security firms to prevent them. Is this perhaps just a misperception? What insights do you have?
4) This is a bit inspired by some of the other questions that I've been seeing. I imagine you get a lot of goading comments from people who claim you weren't/aren't a real hacker. I'm guessing at this point you shrug it off, but just out of curiosity what goes through your mind when you hear that kind of stuff? Have these critiques/insults ever had a major impact on you? Do you think there's some legitimacy in some remarks, or maybe they're more motivated to discredit someone with some celebrity status when they feel others ought to have more of the spotlight? Maybe it doesn't matter all that much, but I'm just curious. :-)
I have all sorts of other questions, but those are the three I've always thought about asking Kevin Mitnick if I ever got the chance. I've always been a big fan of his writing, as well as his life story. Can't wait to see this interview unfold.
History is little else but a picture of human crimes and misfortunes
Does it worry you that while the contemporary problem is advanced persistent threat, people are looking out for and protecting against script kiddy type attacks?
Take off every 'sig' !!
It seems to me that the movie is quite fair with you :
In a scene we can see "Kevin" ashamed by how they treat him in the press (like a dangerous criminal) and looking a computer screen, saying that "I could take millions of dollars right here, but I don't do that!". This scene describe a Mitnik rather honest but treated unfairly.
The Raleigh episode (with the Cellscope 2000 and FBI arrival) seems technically accurate.
Also the movie clearly depict a Kevin who use both social engineering and great technical skills.
I know they made up the "Contempt" program and your encounter with Shimomura, this was to make the movie "look good".
There are also a few silly things I guess.
However the movie seems not that far from reality.
Could you share your feelings about how they depicted you and the technical and social engineering parts ?
No, I'm blaming the people who've come up and promoted the system.
I specifically said "they're responsible for all." The victim couldn't be responsible for all, now could it? At most (s)he would be responsible for one.
Dilbert RSS feed
Direct debits are a million times worse than credit cards. If someone runs up a bill on your credit card, you tell them it's fraud and don't pay it. If someone takes too much out on a direct debit, sure you'll get your money back... in 1-2 months. Also, any chump with your sort code and account number (which you have to hand out to people who want to send you money) can set up a direct debit on your account.
I am trolling
Um, no. Torture is torture. Waterboarding is torture, and that's a fight that needs to be fought. Solitary confinement... isn't.
I am trolling
What would you suggest to government(s) about cyberwarfare? What are your thoughts on the current strategy and tools?
So, having a close sourced BIOS, a close sourced CPU with god knows what AES implementation and a lot of hw with onboard memory, LotusNotes with dedicated NSA access etc. as a consultant, what are your thoughts to companies that want to protect themselves against economical / tech espionage?
In your book you allude the the possibility that hacking was a behavioral addiction, and at one point you were "clean" for a long stretch, but then returned to old behaviors to investigate your brother's death. Do you consider that your drive to hack, at great risk to a normal life, was an addiction after all?
It's interesting, then, that there are over a dozen Anonymous Cowards defending him in response to my post. Sure looks like some people regard him as a role model.
Look, this incident was a long time ago and I've recovered completely from it both emotionally and financially. I just hate seeing the idol worship of bad people. Kevin Mitnick is a bad person. He shouldn't be given a Slashdot 'Ask' thread, he should be shunned. His bad reputation damages all those who associate with him, and Slashdot is opening itself up to that.
What might change my mind about that? Well, if Mitnick feels guilt and remorse for his crimes, I'll take that as a sign that he's grown and become a better person. And that's what I wanted to ask him; how well does he sleep at night? If the answer is 'sometimes not well', then I'll gain a measure of respect for the man and it won't bother me as much when I see people fawning over him like some kind of celebrity.
But until I see that little glint of humility, all I can do is shake my head sadly at all those defending him. You losers sure know how to miss a point.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
No, I'm blaming the people who've come up and promoted the system.
I specifically said "they're responsible for all." The victim couldn't be responsible for all, now could it? At most (s)he would be responsible for one.
Yep, you're a dumbass.
I don't know what kind of system you have running there, but here only the owner of the account can set up direct debits. The company I want to pay to gives me two numbers, and I create on my own account a "Debit Authorization" that allows them to charge monthly. And I can revoke each Authorization on an individual basis.
If someone takes too much out on a direct debit, sure you'll get your money back... in 1-2 months.
Nope, you can choose the limit for each Authorization. I have a limit for my cable bill, a different one for my electricity bill, etc.
To quote my national bank:
consumers (debtors) wishing to make direct debit payments shall hold a bank account and shall expressly authorize the debit of the amounts to be collected in such accounts.(...) Each debtor must issue a âoedirect debit authorisationâ, under which the creditor may regularly collect the amounts due.
Frankly, I'm appalled by your banking systems. Insecure direct debits, paying to use ATMs outside your own bank, it's a mess.
Dilbert RSS feed
Yes, I am, but I'm also right, as we can see by your lack of arguments.
Dilbert RSS feed
If you read my post carefully, you'll see I actually blame both.
Dilbert RSS feed
We have both, but our virtual CCs are more for single uses, they expire in a month. Great for online purchases, not so great for recurring charges.
Dilbert RSS feed
Mitnick was a mastermind "social engineer". Not a computer "hacker"/cracker/phreaker. He was/is a con-man with a penchant for computers.
there are 3 kinds of people:
* those who can count
* those who can't
So I take it you didn't bother to take ten seconds to run a Google search about it before you went spouting off its falsehoods? One that would have provided numerous sources including the Wikipedia page on Netcom and, oh, about 35,199 others? (2,590 if you want to force the inclusion of "credit card" rather than simply "Netcom.")
Now I suppose it's possible that there is a decades-long, Internet-wide conspiracy to prepare for the day that somebody on Slashdot wanted to sound more clever than they are, spew pure speculation and use it to make some terrible joke about reach arounds, but I do have to admit that I find it rather unlikely. Slightly more likely is the possibility that Kevin Mitnick hacked 35,200 pages on the Internet to make you look bad. But all in all, I'm going to go all Occam's razor and assume that you probably just shouldn't go around acting like a stuck up prick unless you're very, very careful to be accurate.
Would you like a reach around with this? I'm easier than Netcom.
I did google, and seeing my comprehension is better then yours, if he did steal all those credit cards, how come he wasn't even charged with it? In fact, you don't find any credit card theft charges listed in any charges against him.
Look, I'd ask Kevin straight up if I knew him. And since we are going all Occam's razor here, then how about this.
Corporations are about 1 thing only. Greed. They are to make as much money for their shareholders are possible. Also, when people screw up, they like to blame others, never themselves, mainly when it costs lots of money and you can get fired for the fuck up.
Netcom got broken into via computers and a bunch of credit cards got stolen.
So, Occam's razor would be, that the admin fucked up on his security, and to cover his ass, he blamed the FBI's most wanted hacker, Kevin Mitnick, instead of admitting that their securty wasn't the best.
Otherwise, your suggesting that Kevin Mitnick was doing something there has never been any evidance of, and if there had been, he would of been charged with it.
Here's the the thing, I don't like Kevin Mitnick, never had. But it had been obvious from the start that he was being railroaded to make some peeps feel happy while the reality is they didn't learn their lessons and improve security. The biggest clue of this? Social Enginneering is still one of the easist ways to get access to a system.
Be seeing you...
When you, myself and many others were younger, you could do all sorts of digital stuff while under 18 without any concerns about geting in trouble.
WIth how things are today, how do we get kids to learn these skills? Where does someone learn safely how to break into a newtwork?
Are any rewarding alternative choices available today to a kid inclined to use his skill to crack into other people's systems?
Well, according to a guard in a Discovery channel program on jails, people go bonkers in solitary confinement. If true, I'd qualify long term solitary as torture.
Bert