Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kevin Mitnick Answers

Posted by timothy on from the buy-one-mitnick-get-one-free dept.

Last week, you asked Kevin Mitnick questions about his past, his thoughts on ethics and disclosure, and his computer set-up. He's graciously responded; read on for his answers. (No dice on the computer set-up, though.) Thanks, Kevin. Do you own a Guy Fawkes Mask?
by blair1q

Do you own a Guy Fawkes mask, or have an opinion of Anonymous' activities?

Anon & Lulzsec
by zero0ne

What are your opinions on the actions of groups like Lulzsec & Anon? Do you feel that they will, in the end, expand freedom on the net or just help government tighten the noose on Internet restrictions?

Kevin Mitnick: Sorry, I do not own a Guy Fawkes mask.

I don't think you can look at Anonymous as a single collective group. There appears to be many factions of it. Some are out there performing hacktivist activities that are being pursued with the true desire of keeping information free and holding our leaders accountable for their actions. Performing civil disobedience through illegal activities is probably not the preferred method, but I can understand what motivates these individuals.

As far as Lulzsec and other groups under the Anonymous banner that are just doing it for the "lulz," it reminds me of the prankster activities that many hackers have been involved in the past. This is part of the culture. Many of the attacks performed by these groups were going after the low-hanging fruit, and those vulnerabilities should have never been open to compromise. We trust these companies with our personal information. It is their responsibility to secure that data to the best of their ability. However, every time a major hack occurs, we are so focused on the attackers and never on the company that left your private information available to be taken. The media feeds this notion.

I don't think that the actions of groups like Anonymous will have much effect on expanding freedom on the net. Though some of their causes may be worthwhile, when you have groups like Lulzsec that just do it for the "lulz," the government has never understood these types of motivations and move harder to prosecute to make an example. So, the answer to your question is no. I would expect law enforcement would just make it a higher priority to curtail the actions of these kinds of groups.

Do as I do?
by wiedzmin

Do you lead by example, as in encourage hackers to do what you did, so that they can end-up as famous and well-paid security consultants? Or are you more of a "do as I say not as I do" type of role models?

KM: My hacking was always for personal pursuits. I never did it to make money. Naturally, I would try to dissuade anyone involved in legally questionable activities. There are so many opportunities these days to satisfy the challenge of breaking into systems and/or networks without breaking the law.

Though the fact that I am able to work as a professional security consultant and public speaker today is a blessing, the price I had to pay for it was pretty high.

How did you choose your targets?
by Rizimar

When you were hacking and breaking into systems, how did you decide which ones to break into? Was it because of the difficulty/ease of doing it with different security setups? Or was it because of the actual people/corporations/entities behind the servers and what they stood for?

KM: Usually, there was something of personal interest to me. I hacked into companies that developed operating systems to look at the source code. The reason I wanted to look at the source code was to discover security vulnerabilities in the operating system(s) that I could exploit. My goal was to become the best at hacking into any system I desired. To me it was like playing the ultimate video game, but with real world danger and consequences.

Later when I became a fugitive, I compromised cellular phone handset manufacturers to gain access to the handset source code for two reasons: (1) to create invisibility by modifying the firmware in my cellular phone; and (2) for the trophy; the harder the target, the more challenging it was to me.

Hi, Kevin. I'm one of your victims.
by Remus Shepherd

Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day. I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.

So let me ask this: How does it feel to be a 'respected' member of the security community now, after having frightened and hurt so many people back then? How does it feel to have the hacker community regard you as a hero when you've done some of the most amoral and harmful acts in modern computing history? I guess what I'm really asking is, how well do you sleep at night? Honestly.

KM: I did take a copy of the entire Netcom database, which also included the subscriber's credit card information, depending on the subscriber's payment method. I was never interested in the credit card information itself, only the user information associated with it that would allow me to reset passwords of Netcom users. The fact is, I was not the only one with these credit cards numbers. That database had been circulating on the Internet for months. I was merely one of many that had access to this information. This entire story is detailed in my new book — Ghost in the Wires — and once you read it, my objective for this hack will become clearer.

Was your identity ever compromised? Was your personal data ever leaked? If so, it wasn't me! That's because I never profited from my hacking activities, and there was never any disclosure of what I had come across or any of the source code materials that I obtained.

You stated: "You've done some of the most amoral and harmful acts in modern computing history?" You really need to get your facts straight. You sound like the government prosecutor who once claimed I could dial into NORAD and whistle into the phone to launch a nuclear missile. Or like the prosecutors who argued I caused 300 million dollars worth of loss by reading proprietary source code. It was a ridiculous argument.

According to the Securities and Exchange Commission rules, if any of the victim companies in my case suffered a material loss, they are required to report it to their shareholders. Did Motorola, Nokia, Fujitsu, NEC, Sun, Digital, and other public companies report any losses attributable to my conduct to their shareholders? Not at all. So did all the above companies defraud their shareholders by failing to report a loss, or did the Federal prosecutors lie in order to get me a harsh sentence? You work it out.

I paid a heavy price for my activities. I sleep like a baby!

Is it cool any more?
by Hazel Bergeron

You have gone from hacker/cracker to security consultant via quite a difficult route. If you just wanted the money, there would have been far easier ways.

Today, the most well-known kiddies tend to do something high profile but requiring little technical brilliance and move quickly to "legitimate" jobs. The majority of "security consultants" don't really have much technical knowledge at all, being more public relations/ass-covering types.

With this in mind, what advice do you have to people who like to study security for its own sake? Should they keep quiet about what they do, developing an academic career so they can research to their heart's content without commercial pressures?

Or does everyone clever sell out in the end?

KM: First of all, I disagree with your assessment that the majority of security consultants don't really have much technical knowledge. I have working relationships with numerous security people that have substantial technical skills. I encourage others to pursue their passion in security in either the commercial world or in academia depending on their goals. Even in an academic career, your pursuits will be limited, as there will always be a line. For many security professionals, they continue to research security, even on their own time, to keep up with new developments and techniques.

Cybersecurity Companies?
by bigredradio

Kevin, do you suspect any collusion on the part of cybersecurity companies such as Kapersky Labs or Avast! and virus creators? If there were not so many exploits in the wild, would there be a billion-dollar anti-virus industry?

KM: I don't know about Kaspersky but I think it's ludicrous to assert that any anti-virus company would be involved with malware creators. These are large companies and the risk of being involved in this type of unethical behavior is too great.

Responsible Disclosure?
by gcnaddict

Should you find a security vulnerability (either in an open source project, a commercial product, or a company's hosted systems), what procedure would you consider "responsible disclosure" to the parties who are considered owners of the product? I recognize that each of the three cases listed above could vary significantly.

KM: I think you have to notify the developer of the product, so that they may create a solution for the vulnerability. They should be given a reasonable amount of time to correct the situation, and then it should be made public.

NOTE — Kevin clarified with this addition: Note too, I believe the software vendor ought to pay for the vulnerability information as security researchers should be paid for their time.

cybersecurity
by Anonymous

What cybersecurity threats do you see as the most dangerous to the Internet now?

Re:cybersecurity
by zero0ne

What threat do you see as the most dangerous in 2, 5 and 10 years?

KM: Malware is probably the most substantial threat. Not only because it is so prevalent and being crafted better to avoid detection, but also because a large majority of internet users are oblivious to the dangers involved with clicking unknown links, authorizing Java Applets, opening attachments from people they don't know, and are easily fooled by average phishing attacks. People are still the weak link, and even intelligent ones make poor decisions. Case in point, the recent spearfishing attacks on Google and RSA, which proved highly effective.

Looking into the future is difficult as technology progresses so rapidly. In the next few years, as more and more corporations move towards cloud computing, these servers loaded with information are going to be the new playground for hackers. Layers of security need to be applied in any cloud-computing environment to minimize the risk.

With the recent hacks on Certificate Authorities, I would count on SSL becoming obsolete in the future and being replaced with a new, more robust secure standard, since the "web of trust" is no longer a feasible model.

With the proliferation of consumer devices coming onto the market that are internet-ready, I would expect to see more attacks at the heart of these new technologies. New devices, especially those branded by names like Apple, Microsoft, and Google, always tend to draw the attention of hackers from all over the world.

Cyberwar?
by mewsenews

The minor political movement surrounding your incarceration would likely not happen today. Hacking has become a state-sponsored activity, with China attacking Google and America/Israel attacking Iran. Do you think your life would be a lot different if you were born 10 years later?

KM: If you were asking if the circumstances would have been different had my hacking occurred ten years later, then I would say yes. The prosecutors would not have been able to convince the Court that I was a serious National Security threat, which resulted in me being held in solitary confinement for nearly a year, based on ridiculous claim that I could launch a nuclear weapon by whistling into a phone. Also, they would not have been able to claim the damages were the total R&D costs associated with the development of source code, which I merely looked at, without distributing it. I think my sentencing and treatment in the justice system would have been much different, as they would not have been able to exaggerate the harm like the Government did in my case.

Computer Setup?
by Anonymous

What is your computer setup? I mean hardware, OS, software you use to work.

KM: You send me yours along with the IP address, and I'll tell you mine. Good try at information reconnaissance.

SSA
by Anonymous

Has the gal from the Social Security Administration claimed her kiss? if so, was she hot?

KM: No, I don't know if she was hot and she has yet to contact me.

Ham radio license?
by vlm

Are you going to fight to get back your ham radio license or is that all water under the bridge now?

KM: I did fight the FCC and still have my ham radio license. The FCC allowed me to retain my license because they deemed me fully rehabilitated after a long administrative court proceeding.

"Justice ... "
by capnkr

Having experienced "justice" of a rather harsh sort (IMO, & possibly yours, too :) ) given that what you did was relatively inconsequential despite the claims otherwise, do you now do any work towards helping keep the sort of experience you had from happening again to other hackers (note: *not* 'crackers')?

KM: I have, and I do. I don't want to see someone's curiosity or desire to learn how to break into systems land him or her into prison. I remember supporting Dmitry Sklyarov when he was arrested at Defcon for exposing a bug in Adobe's e-books. I remember joining a group of people that were protesting his arrest for alleged DMCA violations in Santa Monica, California a while back.

In the end...
by NabisOne

Was it worth it? Is there an upside to your experiences the last ten years?

KM: I have no regrets in regards to my hacking experiences. I have always had a passion for learning, solving difficult challenges, and satisfying my own curiosity.

However, I do regret the effects that my activities had on my family and the companies that were damaged by my actions. I can't undo the past, and can just move forward to try and help others keep themselves safe from those trying to do them harm.

My recent experiences of the last 10 years have been nothing short of a miracle. One word has changed that for me: authorization! I now get authorization from my clients to test their security controls.

110 of 161 comments (clear)

  1. CA's? What 'web of trust'? by fatphil · · Score: 5, Informative

    The CA setup using SSL has never relied on the /web of trust/ model (where you can say how much you trust our neighbours), it's always relied on the /chain of trust/ model (where all trust is inherited).

    However, I agree that our CA setup should be clearly moribund now.

    --
    Also FatPhil on SoylentNews, id 863
    1. Re:CA's? What 'web of trust'? by SanityInAnarchy · · Score: 1

      I'm curious if this was a slip, or if there are also problems with a "web of trust"?

      --
      Don't thank God, thank a doctor!
    2. Re:CA's? What 'web of trust'? by bragr · · Score: 1

      Really? Because the last time I checked, there are different trust flags set for different root certs that are included with browsers.

    3. Re:CA's? What 'web of trust'? by fatphil · · Score: 1

      That might a a little bit of damage limitation in modern broswers, but such settings tell you nothing about how much Comodo trusts Honest Akhmed or vice versa. (Not structly true, it's 100% apparently)

      --
      Also FatPhil on SoylentNews, id 863
    4. Re:CA's? What 'web of trust'? by bragr · · Score: 1

      Thats what root certs are, keys that you supposedly trust 100% which is why when they are cracked, its so bad. Ergo the model is broken.

    5. Re:CA's? What 'web of trust'? by DamnStupidElf · · Score: 1

      Yeah, but it's all binary trust. I fully trust Verisign, but I wouldn't even trust Digicert to sign hacker.ru. There's a problem with that, because I am only really about 60 to 70 percent sure that Verisign won't be compromised or sell out to China's interests, and I don't really care if hacker.ru is signed by a cheap root authority so long as I'm getting my cracks and wares from them and not evilhacker.ru. The current CA model is a forest of trust model. Every root CA forms a fully trusted tree, and every tree and branch and leaf in the forest is just as trusted as any other for all practical purposes. The forest needs fine-grained trust to become a web of trust, with cross-signing of individual certificates by many other certificate authorities. Then an overall trust measurement can be made.

    6. Re:CA's? What 'web of trust'? by nullchar · · Score: 1

      That's still a chain, just some links are "stronger" (more trusted) than others. You trust your browser/OS who trusts a large list of CA certs. There are no third parties (web) where some trust a CA (or individual cert) and some do not.

      A "web of trust" model is more along the lines of Moxie Marlinspike's proposed 'Notaries' system where you query different notaries for a service behind SSL and based on their responses (a web of them), you decide to trust the cert or not.

  2. brave new world by azalin · · Score: 4, Interesting

    If you were asking if the circumstances would have been different had my hacking occurred ten years later, then I would say yes. The prosecutors would not have been able to convince the Court that I was a serious National Security threat, which resulted in me being held in solitary confinement for nearly a year, based on ridiculous claim that I could launch a nuclear weapon by whistling into a phone. Also, they would not have been able to claim the damages were the total R&D costs associated with the development of source code, which I merely looked at, without distributing it. I think my sentencing and treatment in the justice system would have been much different, as they would not have been able to exaggerate the harm like the Government did in my case.

    They might have used it as an excuse to label him a terrorist though. At least back then they had to work around the law to pull off such shady stuff...

    1. Re:brave new world by tolkienfan · · Score: 1

      Good point! How would you feel about Gitmo, Kevin?

      They never did (and never will) understand taking such risks for no remuneration.

  3. "Tighten the noose" by Anonymous Coward · · Score: 1, Informative

    Come on, we're all adults here. So let's cut the bullshit and call a spade a spade. Government doesn't "tighten the noose" on human rights (including freedom of speech), nor do they "crack down" or cause "erosion". All of those terms imply that there was something immoral or unjust about what the victims were doing in the first place, and government (the criminal) is merely getting around to dealing with it, business as usual. As if government had more important things to worry about, but now the time has come to "crack down" on what they "should have" cracked down on long ago.

    This couldn't be further from the truth, and almost sounds like it came straight out of a propaganda committee. The correct term for what government is doing is oppression. Human rights can NOT be "eroded" or "tightened"; they can be either respected or oppressed. Period.

    1. Re:"Tighten the noose" by tolkienfan · · Score: 1

      I think you misread gp.

    2. Re:"Tighten the noose" by Paracelcus · · Score: 1

      Most of what the government says, does, etc is nothing more than self serving propaganda, they will seize any opportunity to further expand their power (at the expense of civil liberties) example: 9/11 = "Patriot Act" (we ALL know what an unconstitutional nightmare that is) or how Nixon declared a "War on drugs" and so turned local police departments into occupying armies. The government foments fear among the American people using it's controlled media and using that fear as a tool of coercive mass control makes the people themselves complicit in their own oppression!

      They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin

      --
      I killed da wabbit -Elmer Fudd
  4. Re:Washed up by Anonymous Coward · · Score: 1, Insightful

    Anyone not living free in Mommy's basement is a sellout. There is nothing wrong with paying the bills.

  5. Well. by LWATCDR · · Score: 1

    It is hard to tell if what Kevin Mitnick did in the past was harmless pranks or not. In his case from these replies he seems to have paid the price and is now acting like a responsible person. I do not think anybody needs to give him a hard time about the past anymore.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    1. Re:Well. by GameboyRMH · · Score: 1

      I know plenty about what he did and he never did anything really harmful. He basically took information as trophies for his own personal use and has more than paid the price for it. It's the computer equivalent of picking the lock on company offices and looking at/taking pics of the products they were developing to satisfy your own curiosity. Yes it's trespassing and breaking & entering and you could say a violation of privacy. But he didn't cause any destruction or cause any company any real losses.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:Well. by TheSeventh · · Score: 2

      Well, he did steal a few people's identities, as well as who knows how many people's cellular accounts. Running up tens of thousands of dollars in cell phone bills for all of those people, with cell rates around $1 a minute.

      I don't think what he did was deserving of the punishment and poor treatment he received, but he did cause problems for a lot of people.

      Another thing not mentioned in his book is how many people might have lost their jobs for being too trusting to the "engineer calling from the IT security department of their company", because the company didn't have better policies in place. I'm certain some of those people he social-engineered had to have been fired, and from the stories, some of them probably deserved it.

      But let's not boil it down to taking trophies for personal use when it was a lot more than that.

      --
      Just because you're paranoid, it doesn't mean that they're not out to get you.
  6. Re:What comes after the book deal? by Omnifarious · · Score: 2

    He's been free for a long time, and I haven't seen any of those products. Near as I can tell he's become a relatively well respected security researcher specializing in pen-testing. And given his history, I expect him to be fairly good at that job.

    --
    Need a Python, C++, Unix, Linux develop
  7. He lets himself off the hook too easily by chispito · · Score: 4, Insightful

    I really enjoyed his book, but it's clear that if you ask him, he hardly ever hurt anyone. It's hard to believe a lot of what he says, since it comes from someone who achieved most of his goals by nonstop lying.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  8. Re:What comes after the book deal? by azalin · · Score: 1

    So what? This guy was sent to prison with completely overrated accusations and paid dearly for his wrongdoings. He has my blessing for using his "fame" in order to make some money.

  9. Expected responses... by Lumpy · · Score: 2

    "If so, it wasn't me! That's because I never profited from my hacking activities, and there was never any disclosure of what I had come across or any of the source code materials that I obtained."

    If anyone was expecting honest gritty answers they were nuts.

    Honestly, he answered everything exactly the way I expected. Nothing at ALL that will be incriminating in any way, nothing revealing, PC and clean. Tow the line of "I was simply a curious kid that got into trouble! Help your local law enforcement!" response. and honestly after the legal and physical ass-raping they gave him I also would respond the same way.

    The united state government gave him a loud and clear message," The constitution is a ruse we have in place to pacify the masses. If we get our hands on you we can do to you anything we want and your lawyers cant do shit about what we do to you." Want an example? let's trout out the ridiculous "whistle launch codes" stunt...

    The Government pulled that on him as a clear sample of "we own you and can do what we want to you, so do what we tell you"

    OF course all his answers are very PC and very clean. What I want to read is his autobiography he has hidden somewhere to be released upon his death that covers what REALLY happened and names names. I really hope he is writing a detailed and 100% honest book that exposes everything that he is afraid to talk about.

    --
    Do not look at laser with remaining good eye.
    1. Re:Expected responses... by walkerp1 · · Score: 1

      +1 Insightful Lumpy. The sterile answers are not so much a poor reflection on Kevin's character. No, they are an intelligent and calculated response to legal terrorism. We may delude ourselves and say that we are safer, but it is a poor trade indeed for the liberties that we've given up. It's all fun and games until the system turns on you. What follows is more animalistic than human.

    2. Re:Expected responses... by JohnnyComeLately · · Score: 1

      Really? Hacking telecom manufacturers to see source code for cell phone firmware is legal, PC and clean? HA! I bet he wishes you were the prosecutor.

    3. Re:Expected responses... by tixxit · · Score: 1

      He actually does name a lot of names in his book (the majority of names and #s in the book are real, though dated). He also doesn't really hide his dislike for many of the characters in the book.

    4. Re:Expected responses... by MartyBorg · · Score: 1

      Read Cory Doctorow's online book "Little Brother" (http://craphound.com/littlebrother/Cory_Doctorow_-_Little_Brother.htm) and ask yourself if KM went through it in real life.

      --
      Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks!
    5. Re:Expected responses... by jafac · · Score: 2

      A lot of what he says sounds like the same canned rationalizations that were common in the "hacker" community in the 1980's and 1990's. Much of that became what was later known as the "Hacker ethic" and has, in my opinion, eclipsed into legend. Because when it comes down to it, when someone REALLY wants to do that - - - do the hard work of being a PROFESSIONAL computer security person, they quickly realize that they have two choices. They can work inside the law, or outside the law. Working outside the law, you throw your ethics and morals away, because you're making a living writing spambots and rootkits. Working inside the law, you need a reputation and trust, because the market is now saturated enough that unless you have a name LIKE "Kevin Mitnick", you're not going to get hired, if you've got a record. That means not getting caught, and that means staying on the straight and narrow.

      The other difference is, there is a whole lot more learning opportunity out there now, in terms of open source code, than there was in the 1980's. For aspiring young coders looking to get into the security biz. (and then you find out, that in practice, 90% of the actual "work" is documentation, and covering your ass - for most).

      Mitnick endured a gross miscarriage of justice at the hands of an inexperienced FBI, and a terrified financial and industrial community, who did not know how to react to the "Hacker code of ethics" and the trash-talk. They reacted much like the East India trading company reacted to Privateers (Pirates). (revocation of civil liberties). Unfortunately for the rest of us, this revocation was universal, and not limited to the law breakers. This was not Mitnick's fault.

      In any case, I can certainly see why he dissembles like he does. It's the rationalization and justification he used to allow him to do these things in the first place. Being in solitary confinement for a year, I doubt that he had anybody else to "work things out with" - emotionally. It's a fine rationalization, but it's just that. It's not a highly-developed ethical and professional code. And people hiring him for security work are doing so for his practical reputation for effectiveness, but not necessarily out of professional responsibility.

      Kevin should take a basic IT ethics class. If not to change how he reasons and rationalizes. . . to learn how to "talk the talk", to at least set a better example for a younger generation of security professionals, who are not going to be able to get by on "old skool hacker street-cred."

      --

      These are my friends, See how they glisten. See this one shine, how he smiles in the light.
    6. Re:Expected responses... by Lumpy · · Score: 1

      Problem is today you can do all the black hat stuff in your basement legally. less than $200.00 in hardware, heck FREE in most cases and you can set up a 20 machine network with firewalls, servers, etc.. all to hack upon. a old 486 running a hardened BSD install and cracking it is as 1337 as hacking citibank servers. You can get your hands on current MS server products for free for 30 days, hell you are uber 1337 for hacking it to last longer than 30 days... Start there kiddies!

      there is ZERO excuse to do any live illegal hacking. absolutely everything in the wild can be hacked on in the basement legally or grey hat legal. Want to hack on Cisco gear? buy old stuff and hack away or get some torrent to some of the education and simulation stuff the CCNE's use to prep on. Get your hands on some old routers and Wic cards and actually learn hands on how a T1 works (you can easily make a t1 simulator to go between the two routers.)

      I would kill to have what the kids have access today when I was 15. standing with a Tandy 100 and phone cups in the bad part of town hacking into a university connection to gain net access sounds cool, in reality it sucked really bad. A readhead ghost white boy stands out in harlem at 3am, and you get accosted by all the druggies.

      --
      Do not look at laser with remaining good eye.
    7. Re:Expected responses... by Stupendoussteve · · Score: 1

      Woah woah woah, a torrent?

      I'm afraid I'm going to have to ask you to come with me. No, you cannot speak to a lawyer.

    8. Re:Expected responses... by TheSkepticCanuck · · Score: 1

      The only problem with this theory is that your basement setup cannot help you learn the valuable skill of social engineering, which was a major tool in Kevin Mitnick's toolbox. The value of social engineering should not be underestimated. Computers get more secure at a much faster rate than people do. As Kevin said, people are the weakest link in the security chain.

    9. Re:Expected responses... by Lumpy · · Score: 1

      Social engineering can be learned without breaking the law. Start with the best social engineering books and then do things that are not felonies with it.

      Getting past the security at a concert is not a 5 year federal prison offense. Getting the secret number to Steve Jobs bathroom phone from a apple store employee is not a Gitmo offense...

      It is the same skills needed to commit a crime yet non criminal.

      --
      Do not look at laser with remaining good eye.
    10. Re:Expected responses... by fuzzywig · · Score: 1

      Back when Kevin got caught there wasn't really an IT security industry, so it was outside the law or nothing. In fact, it was stories like his and others that convinced companies that maybe they should pay someone to be keeping an eye on these new-fangled computer things, so really he's responsible for creating the industry in some small part.

  10. Re:What comes after the book deal? by Lumpy · · Score: 1

    Ohhh! where can I get a mitnick edition ironkey usb drive?

    --
    Do not look at laser with remaining good eye.
  11. Re:Without remorse there is no rehabilitation. by silas_moeckel · · Score: 1

    To be a crook would require that he had a financial gain. His morals do not have to coincide with yours he like many others see information as something that should be open, that people should be able to invent, create and expand on things. He paid his dept to society for violating the law, you can argue whether those laws are moral or just. I think he has found better ways to get at the information he was interested in that coincide with the law.

    --
    No sir I dont like it.
  12. Re:Without remorse there is no rehabilitation. by Trepidity · · Score: 5, Insightful

    The response didn't seem that unreasonable to me. You accused him of "some of the most amoral and harmful acts in modern computing history", which is absurd, because he didn't really damage much of anything. He's not even particularly notable as a "hacker"; he's more notable for the crazy overreaction than anything else.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  13. Re:Without remorse there is no rehabilitation. by nharmon · · Score: 1

    What specific things did Kevin do that you consider "some of the most amoral and harmful acts in modern computing history"? Because I do not think any of the "attacks" he perpetrated were as harmful than, say, the 15th most destructive computer virus.

    Also, I am curious what you would consider an appropriate level of "remorse" for Kevin's crime.

  14. Re:What comes after the book deal? by pulski · · Score: 1

    You mean the book he wrote almost 10 years ago now? http://en.wikipedia.org/wiki/The_Art_of_Deception

    I imagine he's going to continue on with business as usual.

  15. Re:Without remorse there is no rehabilitation. by Joehonkie · · Score: 2

    So he adequately answered your question, and you have nothing to do but bitch? What contrition or remorse should he show, since you are unable to show you that he hurt you or any of his other supposed "victims" in any way? He clearly shows remorse for the people he DID hurt (family and some corporations), as well as a clear understanding that the best way to learn this security stuff is in the white hat area.

  16. Re:Without remorse there is no rehabilitation. by Anonymous Coward · · Score: 1

    Indeed. The little shit couldn't give a flying fuck about collateral damage. He still sees himself as a knight on a noble quest for knowledge and the prosecutors were the bad guys for doing what it took to get a conviction.
    He's just one more deluded amoral sociopath. He'll never get it.

  17. Re:Without remorse there is no rehabilitation. by teslafreak · · Score: 2

    He's in a legit line of work now, helping secure companies against the same type of attacks he had used to take your information, and you think he hasn't reformed? Part of your last sentence pretty much sums it up, "And he always will be in my eyes"... There's just no convincing some people, and your hard headed line of thinking isn't really his fault.

  18. Re:Without remorse there is no rehabilitation. by Jane+Q.+Public · · Score: 4, Insightful

    First off, you are simply wrong. He does "show remorse". He has clearly and repeatedly stated that he wished he could take back the damage he has done, but cannot. What more do you want? For him to bow down and kiss feet whenever someone mentions his past crimes? Honestly, I don't understand what more you expect him to "show".

    Second, there is plenty of evidence that Kevin has changed, you are just refusing to acknowledge it. He has become a highly respected member of a very suspicious industry, and has been now for years.

    Just my opinion, but I think you're a nutcase.

  19. Re:Without remorse there is no rehabilitation. by Enderandrew · · Score: 3, Insightful

    He was already disproportionally punished, and is now actively working against hackers while discouraging people from breaking the law.

    I can't imagine that he should continue to feel guilty because he has paid more than his fair share of punishment.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  20. Re:Without remorse there is no rehabilitation. by Frosty+Piss · · Score: 1, Insightful

    To be a crook would require that he had a financial gain.

    Nope. The label only requires that he breach of rules or laws for which some governing authority. Which he did. Crook.

    --
    If you want news from today, you have to come back tomorrow.
  21. Re:Without remorse there is no rehabilitation. by Bahumat · · Score: 1

    That's nice.

    --
    "To pass through the jungle; silence, courtesy, ferocity, as the occasion demands." -- Kamau, "Proper Passage"
  22. Re:Without remorse there is no rehabilitation. by vadim_t · · Score: 2

    I agree with what he says.

    While what he did wasn't the most ethical thing to do, I don't think it in any way qualifies as having done "some of the most amoral and harmful acts in modern computing history" by any measure. You've just got an axe to grind because you were personally affected. If you weren't, you'd probably care much less.

    In any event, Kevin shows no remorse for being a criminal, which means he essentially still is one. Time served and a stamp of approval by the white hats doesn't matter; what matters is that a person grows from their experiences and becomes better. I see no evidence that Kevin is a better man than he was.

    No. Legally he served his time, and that's it. What you're talking about is morality which has absolutely nothing to do with the law.

    The people defending him should take note that their hero is a crook. And he always will be in my eyes, until I see some contrition and some remorse for what he's done.

    I don't think he's a hero, nor a much of a villain. He's just some guy that messed with a few things he shouldn't have and paid rather too much for it. He's just one member of a very large list of people.

  23. Re:Without remorse there is no rehabilitation. by Anonymous Coward · · Score: 1

    Um, he showed no remorse for your situation because your situation wasn't his fault and really didn't have anything to do with him. His answer was basically "yeah, I had access to your information, but I didn't do anything with it so blame someone else if something happened to you - I wasn't the only one with access to it".

  24. Re:Without remorse there is no rehabilitation. by GameboyRMH · · Score: 2

    Did you read the reply at all, or his previous Slashdot Q&A article? He's shown plenty of remorse - a lot more than I would in his shoes to be honest, he didn't cause any real destruction or loss. See my post above

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  25. Re:What is this by JRowe47 · · Score: 1

    If someone bothers with researching where he's located and does a sweep, they can narrow down the potential targets by matching it with his posted profile. I'm pretty sure he's probably got honeypots and a very active defense system set up, but would rather not increase his vulnerability by giving attackers any sort of information whatsoever. Really, it'd be like posting a picture of your house on 4chan. There's no difference in the number of idiots in your immediate vicinity, but if one of them uses the information you let loose, your risk of being annoyed by said idiots increases. Privacy doesn't just happen, you actually have to practice it.

  26. Re:Without remorse there is no rehabilitation. by GameboyRMH · · Score: 1

    He downloaded a database full of credit card numbers that was floating around on the Internet and was "liberated" by somebody else, is he supposed to feel bad?

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  27. Re:What comes after the book deal? by gknoy · · Score: 4, Funny

    I think there's probably one lying around near the parking lot where you work. ;)

  28. Re:Without remorse there is no rehabilitation. by Anonymous Coward · · Score: 1

    No, that's not remorse. What he said is the equivalent of punching someone in the face and then saying "I'm sorry you got a black eye." Actions have consequences; he is sorry about the consequences but sees nothing wrong with the actions. It's the rest of the world's fault for getting in the way of his fist.

  29. Anyone going to take him up on this? by SanityInAnarchy · · Score: 1

    What is your computer setup? I mean hardware, OS, software you use to work.

    KM: You send me yours along with the IP address, and I'll tell you mine. Good try at information reconnaissance.

    I have to imagine this would be a good deal, provided you could make yourself reasonably secure and reasonably trust his rehabilitation. I mean, no one cares what my hardware, OS, and software I use to work are, whereas "Hey, Kevin Mitnick uses _____" would probably be of interest to a lot of people.

    --
    Don't thank God, thank a doctor!
    1. Re:Anyone going to take him up on this? by Anonymous Coward · · Score: 2, Funny

      My IP address is 127.0.0.1, and I run Mac OSX.....

    2. Re:Anyone going to take him up on this? by Teancum · · Score: 1

      His paranoia is justified, however. Can you imagine what somebody would do to say "yeah, I hacked Kevin Mitnick and imaged his computer"?

      Security through obscurity can be helpful at times, and I think this is one of them. There is certainly no reason to disclose this kind of information.

    3. Re:Anyone going to take him up on this? by jd · · Score: 1

      I don't interpret it as evasion (although he's obviously free to contradict me on that). 99% of everything written about what he, and other hackers of his era did, talks about Social Engineering, getting people to reveal stuff that they'd normally consider confidential or private. I therefore interpret his answer here as "hey, you've got to think about what you're answering". Either that, or he doesn't want to be seen as endorsing a given solution given all the potential problems that might have. In either case, it wouldn't be hiding the information as much as educating you.

      (Yes, it's possible that there's an element of paranoia in there, but again going back to the point that the vast majority of security issues are not technical but social, as he himself notes on the bits on malware and SSLs, I just don't see him being concerned about software that I imagine has been checked by every vulnerability scanner and static code analyzer he can lay his hands on. It's not where the problems tend to be and if he has been that thorough then it's doubtful he's that concerned over the code.)

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    4. Re:Anyone going to take him up on this? by Anonymous Coward · · Score: 1

      My IP address is 127.0.0.1...

      What a coincidence! That's the password on my luggage!

    5. Re:Anyone going to take him up on this? by swb · · Score: 1

      At least show a sense of humor --

      "Mine is Linux, running on a pretty generic Dell laptop, IP address 10.0.0.1."

    6. Re:Anyone going to take him up on this? by SanityInAnarchy · · Score: 1

      Never said it wasn't.

      What I'm saying is that he's not paranoid enough in that he assumes everyone else is equally paranoid, and that he's setting up some sort of MAD scenario.

      --
      Don't thank God, thank a doctor!
    7. Re:Anyone going to take him up on this? by SanityInAnarchy · · Score: 1

      Doesn't matter much to me what his reasons are. I'm just suggesting that if he really wants to pretend it's a bad idea to share this information, he shouldn't have made an offer like that, even rhetorically.

      It's a bit like when the Sony CEO offered to pay a bounty for PS3s found on shelves. Be wary of being so confident in your assumptions that you make a promise you can't keep. (Or, relevant but worse.)

      --
      Don't thank God, thank a doctor!
  30. Re:What is this by gknoy · · Score: 1

    Given his history, I can't blame him. :)

    I'd have loved if he'd said, "I run a quad-core i7 with Plenty of ram. My SSDs are RAIDed, my GPUs fold proteins while I sleep, and I have a NAS big enough to hold virtual machine images of every version of Linux ever made", or if he'd said "I mainly use my Macbook Pro..."

    No matter what he said, few would believe him -- he has a reputation that makes us believe that he'd deflect any question about his hardware with obfuscation, and he did. :) It'd have been neat if he'd have given his seal of approval for something, but oh well.

  31. Re:Washed up by I(rispee_I(reme · · Score: 2

    I saw him on Montel Williams shilling for Lifelock "identity theft insurance". I know, opiate of the masses, but I just happened to be near an idiot box that was tuned to the show, and Montel's been good for a chuckle since the "MOUNTAIN! GET OUT OF MY WAY!" days.

    Montel hypes him up as the big bogeyman hacker, then the Lifelock guy comes out and says, "Don't worry! I'll protect you! Sign up now and we'll send you a free shredder so Kevin Mitnick can't come and dig your bank info out of your trash can!"

    It reminds me of bear-baiting, except this particular bear never seemed to have any real teeth or claws to begin with.

  32. Re:Without remorse there is no rehabilitation. by Shatrat · · Score: 3, Funny

    I can't believe he can live with himself after not hurting so many people and not causing so much damage. I hope he burns in hell.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  33. Re:Without remorse there is no rehabilitation. by KahabutDieDrake · · Score: 1

    You should take note that the definition of criminal doesn't include anything about remorse. Furthermore, if you can't see the evidence that Kevin is a different person, that is your failing, not anyone else's.

    I'm not here to defend Kevin, because contrary to your opinion, he doesn't need defending (or persecuting). He isn't now, and I have seen no evidence that he ever was a crook. A hacker, sure, but that is only a crime because of Luddites like you. Gaining information is not a criminal act. Exploiting it is. If you can't fathom the difference, that's ok. We already knew you had a small mind.

  34. Re:Without remorse there is no rehabilitation. by SydShamino · · Score: 1

    Remorse for *not* distributing your credit card information to others?

    Do you expect all the waiters at the local TGI Fridays to also share in this remorse?

    --
    It doesn't hurt to be nice.
  35. What is your computer setup? by TheOtherChimeraTwin · · Score: 4, Interesting

    KM: You send me yours along with the IP address, and I'll tell you mine. Good try at information reconnaissance.

    Oh please. The poor fanboy just wanted to have the same setup you are using. From your visit to Atlanta in 2008:

    "In his luggage, they found a MacBook Pro, a Dell XPS M1210 laptop, an Asus 900 mini-laptop, three or four hard drives, numerous USB storage devices, some Bluetooth dongles, three iPhones, and four Nokia cell phones (with different SIM cards for different countries).

    They also found a lock-picking kit and an HID proximity card spoofer that can be used to snag data stored on physical access cards by swiping it in front of them. The data can then be used to enter locked doors without having to make a forged access card. Mitnick says he used the device in a demonstration about security in his speech in Bogota, but that the customs agents' eyes lit up when they saw it, thinking it was a credit card reader.

    (Source: Kevin Mitnick Detained in Atlanta for having computer equipment on flight)

  36. Re:Without remorse there is no rehabilitation. by SydShamino · · Score: 1

    So have you. Crook.

    --
    It doesn't hurt to be nice.
  37. Re:Without remorse there is no rehabilitation. by Anonymous Coward · · Score: 1

    To be a crook would require that he had a financial gain.

    Nope. The label only requires that he breach of rules or laws for which some governing authority. Which he did. Crook.

    I'm sure you're broken a rule or law from some governing authority somewhere. By your own logic, I suppose that makes you a no-good worthless crook too.

  38. Re:Without remorse there is no rehabilitation. by StoneyMahoney · · Score: 1

    "...their hero is a crook. And he always will be in my eyes... etc"

    There's only so much remorse and contrition one individual can show for something. What do you expect? Him to personally come around, apologise and prostrate himself before you, offer to fall on his own sword, buy you a beer and clean out your gutters?

    You never claimed to actually have suffered because of the database hack (that someone else did) so I think you need to rethink your ideas because they completely unrealistic and you are way off being a decent human being. And you always will be in my eyes, until I see some contrition and some forgiveness for what he's done.

  39. Re:Without remorse there is no rehabilitation. by Anonymous Coward · · Score: 1

    He is an example set at the dawn of the information age. Back then, computers were nothing short of magical to the average person. That made him some sort of evil mage. The government had to make an example of someone, and it was him. Honestly, we were probably better off with his type, because now we have entire criminal organizations seeking to do us harm, or state sponsors. John Q. Admin can't fight the full resources of a determined government.

  40. Re:Without remorse there is no rehabilitation. by Remus+Shepherd · · Score: 1

    While what he did wasn't the most ethical thing to do, I don't think it in any way qualifies as having done "some of the most amoral and harmful acts in modern computing history" by any measure. You've just got an axe to grind because you were personally affected. If you weren't, you'd probably care much less.

    That's a fair cop. I am absolutely biased about this, and I'm not going to try to pretend otherwise. And my quote about 'some of the most amoral acts' is outrageous hyperbole, I admit it.

    But Kevin was a bad guy, and I want him to admit that before I'll believe he's a good guy now.

    No. Legally he served his time, and that's it. What you're talking about is morality which has absolutely nothing to do with the law.

    What I'm talking about is empathy. He's saying that he broke into computer systems, stole some information and terrorized them, but he didn't make a profit on it so it's ethically okay. That's bullshit. It's amoral. It's a complete lack of empathy, and a telling sign of a sociopath.

    I don't think he's a hero, nor a much of a villain. He's just some guy that messed with a few things he shouldn't have and paid rather too much for it. He's just one member of a very large list of people.

    Except this one member gets a free Q&A session on Slashdot to promote his new book, and is lauded as a paid speaker at hacker conventions. That's a much shorter list. A good segment of the computer geek community sees this sociopath as a hero, and that is a bad reflection on us.

    --
    Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
  41. How much remorse? by KingSkippus · · Score: 2

    He's said he's sorry. He's assured you that he personally didn't directly cause you financial harm. What else do you want him to do?

    As other have noted, this "most amoral and harmful acts" thing is lunacy. Were you frightened? Yeah, probably so. But causing you angst isn't the most amoral and harmful act in modern computing history. Draining your bank account and sending you and your family compelling death threats--now that would probably rank on up there. If he really could whistle into a phone and launch a nuclear missile and actually did it, yeah, that would rank on up there.

    As it is, though, you come off as needlessly engaging in hyperbole because, as someone else pointed out, you have a personal ax to grind with the guy. I'm not saying that you weren't hurt by this, but certainly not to the level that you're trying to escalate it.

    By the way, one thing I see notably absent from your question and your posts is anger at the company and/or companies that stored your information in a manner in which it was vulnerable to Kevin's attacks. While Kevin bears the lion's share of responsibility for the attacks, the companies certainly aren't blameless. This information--names, credit card info, etc.--is information that is foreseeably valuable to hackers, and they should have taken better precautions to secure it. Have you expressed your outrage to Netcom as well, or are you under the impression that they were merely innocent victims like you, helpless against the mean and evil hackers?

    1. Re:How much remorse? by Jiro · · Score: 1

      Since you admit that Kevin bears the lion's share of the responsibility, you should accept that the lion's share of the anger is directed against him for the same reason. It's foolish to say "you should be angry at Netcom" when you yourself admit that Kevin's responsibility is much more than Netcom's.

      And he may have assured him that he didn't cause him financial harm, but that's not really true. The victim has to treat any breach as a serious threat and act as though his data could be abused. If the thief, in the end, just throws the data out, the victim still had to act, for his own safety, as if the thief didn't. And any damage suffered by the victim in this process is the fault of the thief.

    2. Re:How much remorse? by Remus+Shepherd · · Score: 1

      He's said he's sorry.

      Um, no he hasn't. Not that I've seen. Not here. The only 'sorry' in his answers is, "Sorry, I don't own a Guy Fawkes mask." If he had used the word 'sorry' I would be much more charitable.

      He did say that he has regrets. Regret and sorrow are not the same thing. One can be regretful that they miscalculated and were caught. Sorrow implies empathy and actual emotion. That's all I wanted to see from him.

      --
      Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
  42. Re:Without remorse there is no rehabilitation. by Raenex · · Score: 2

    he like many others see information as something that should be open

    So naive. Check the answer to the question about his "hardware, OS, software you use to work". It's always other people's information that should be free.

  43. Re:Without remorse there is no rehabilitation. by equex · · Score: 1

    What on Earth makes people think that locking people up makes them better persons? It only incapacitates them for as long as they are locked up. Also, most people released from prison get a +10 level-up in crime skills from exchanging techniques with fellow inmates. Prisons helps no-one in the long run, except the companies that run them.

    --
    Can I light a sig ?
  44. Re:Without remorse there is no rehabilitation. by Cabriel · · Score: 2

    You are in the dangerous position of not looking for justice. He committed an act, was punished for it in a way the government thought was appropriate at the time, and now no longer commits the same acts without being granted permission. He cannot still be a criminal if he's not committing criminal acts. What you are looking for is vengeance and instilling punishment for thought crimes. It's time for you to let the past go and move on with your life.

  45. Re:Without remorse there is no rehabilitation. by vadim_t · · Score: 1

    That's a fair cop. I am absolutely biased about this, and I'm not going to try to pretend otherwise. And my quote about 'some of the most amoral acts' is outrageous hyperbole, I admit it.

    Then you should have kept silent. Also, admission of guilt doesn't grant absolution in my eyes, so you admitting it doesn't do much for me.

    What I'm talking about is empathy. He's saying that he broke into computer systems, stole some information and terrorized them, but he didn't make a profit on it so it's ethically okay. That's bullshit. It's amoral. It's a complete lack of empathy, and a telling sign of a sociopath.

    You're making a mountain out of a molehill, IMO.

    IMO you're not much better yourself. He served his time, and is now working on the opposite side. I find that to be enough.

    You on the other hand seem to believe that a simple statement of having been wrong has more value than those deeds for some reason, and I don't really have a lot of respect for that kind of thing. Actions speak louder than words for me.

    Except this one member gets a free Q&A session on Slashdot to promote his new book, and is lauded as a paid speaker at hacker conventions. That's a much shorter list. A good segment of the computer geek community sees this sociopath as a hero, and that is a bad reflection on us.

    IMO you're much closer to a sociopath yourself, given how you think complying with a trivial ritual of "admitting guilt" somehow excuses what you said in this thread and gives you license to keep doing it.

  46. Re:Without remorse there is no rehabilitation. by Orestesx · · Score: 1

    This coward is right. He unequivocally states that he has no regrets. In his mind, it's the companies' faults for having security holes. It's the governments fault for overstating the effect of his actions. He says now there is little difference between what he does now, and what he did then, with one little difference - "authorization." As if that were a trivial difference.

  47. Re:Without remorse there is no rehabilitation. by Remus+Shepherd · · Score: 1

    Hah! 'Amoral' is an excellent definition for my webcomic. Please, feel free to complain about it in as many venues as you wish!

    --
    Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
  48. Re:Without remorse there is no rehabilitation. by Enderandrew · · Score: 1

    He has said repeatedly (including this interview) that criminal activity is wrong, and that he discourages it.

    He never distributed information. He looked at code personally. What price did his victims pay exactly?

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  49. Source code by cachimaster · · Score: 1

    You can see he's old-school when he wanted to see the source code to find bugs. Modern reverse-engineering techniques and tools make source code mostly irrelevant, even for embedded devices.

  50. Re:Washed up by drwho · · Score: 5, Interesting

    I used to hack (dark side) at the same time but in a more restricted manner than Mitnick (I was never on the run). People accuse him of selling out, of being fake, or exaggerated. To some extent, he has sold out - sold up, and made the best of his situation. He paid dearly for his misdeeds, and had prosecutors lie in order for him to wind up with incarceration a lot longer than he deserved. Don't you think he's entitled to a bit of slack? Shouldn't he be able to make a little money on the side? I haven't bought any of his books, though I have been tempted to. I understand why they bother people, but you have to put them and Mitnick's life in perspective: He spent his youth as a hacker, and then years as a prisoner, then released and not allowed to touch computers (for a while) - what else did have to do to support himself? He did the best he could. What else could he do, sink into obscurity and desperation (ala Bill Landreth)? It's not like he could just casually take a job as a SysOp somewhere; his name is too widely known.

    How good of a hacker was he, during his heyday? I'd say he was pretty good, from what I could tell. He wasn't as social as many of the others, but he did trade information with other hackers (including myself). He wasn't as reckless as some others who also had great talent (Mark Tabas), even though he was eventually caught, so he must have made some mistakes. He wasn't a destructive bastard, a gangster, a spy, or any other of a myriad nasties. But, when someone has skills which make them a good black-hat, this influences their attainment of other skills. I've never seen any evidence to suggest that he is more than an average competent programmer (and I do not claim to be any better). He has a broad knowledge of systems and methods, but these systems are often twenty to thirty years old. Who knows what MIZAR is these days? I am in the same basket - lots of old knowledge, much of the technical stuff is irrelevant these days. There are others skills, hunches, and an intuition brought by years of experience which make Grand Old Hackers surprising in the ways go about things, and difficult to predict.

    Kevin is doing what he does best, as a media figure and security consultant. I doubt any of you naysayers could do much better than if you were in his shoes, post-prison.

    Maybe a couple of you might recognize my handle. But I am not famous. I paid for my crimes, but luckily did not have to pay nearly a high price as Kevin Mitnick did.

  51. "all I did was look at the source code" BS by Anonymous Coward · · Score: 1

    Back when Kevin was at the height of his illegal activities I was working at one of the companies he was targeting. His dismissive "all I did was look at the source code" does not begin to cover the havoc his illegal activities caused. The productivity lost trying to find out what he was doing and how he was doing it was huge. The loss of confidence from our customers was impossible to measure.

    Is there anyway to know for sure he didn't manage to add back doors into the source? Certainly neither he nor any of the target companies are going to readily admit that.

  52. Re:Without remorse there is no rehabilitation. by GameboyRMH · · Score: 2

    You like to redefine damage to mean physical things or a real loss.

    I'm not saying that at all. If he stole your credit card number and bought stuff with it, that would be damage. If he broke into your WoW account and transferred your goods to his character, that would be damage. Breaking in and looking at stuff...breaking in could be compared to trespassing and it is comparable to breaking & entering by picking a lock, but that's not damage.

    And looking at corporate software on a business server is hardly as personal or creepy as breaking into a house and sniffing panties.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  53. Re:Without remorse there is no rehabilitation. by DamnStupidElf · · Score: 1

    I feel no remorse at being a criminal either. I feel remorse for living in a fascist society where making copies of digital information for personal use is a crime and you can go to jail for 2 years for having a smartphone in a theater.

    If freedom is outlawed, only criminals will have freedom.

  54. Re:Without remorse there is no rehabilitation. by DamnStupidElf · · Score: 1

    What I'm talking about is empathy. He's saying that he broke into computer systems, stole some information and terrorized them, but he didn't make a profit on it so it's ethically okay. That's bullshit. It's amoral. It's a complete lack of empathy, and a telling sign of a sociopath.

    Why trust empathy when behavior is what counts? The best con men can generate as much false empathy as you want and still rob you blind. A sociopath would continue to pursue antisocial activities regardless of expressing empathy.

  55. Re:Without remorse there is no rehabilitation. by dr_canak · · Score: 1

    While i agree he likely didn't cause "some of the most ammoral and harmful acts in modern computing history", when you say this, "he didn't really damage much of anything" who then is he aplogizing to?

    "However, I do regret the effects that my activities had on my family and the companies that were damaged by my actions."

    jeff

  56. Re:What comes after the book deal? by Aeros · · Score: 1

    Exactly. If anyone else here were in the same situation you can bet that close to 100% of them would do the same. Those that don't...I call bullshit. Kevin did pay for what he did and I say when you have a chance take advantage of it as long as it doesn't go against your morals.

  57. Mitnick's computer setup by sl4shd0rk · · Score: 1

    He runs a hacked version of CP/M on a DEC PDP-11 (on an upgraded Fonz-11 chipset) and a 300 baud modem for internet access. After being locked up for so long, he's had a hard time adjusting to all the newfangled gear running around.

    Rumor has it the news of his setup emerged when he brought in a fried Qbus board to a local Radio Shack looking for some replacement ICs. Since it wasn't an RC car or Cell phone, he had to explain what the board was what it did. Alas, they had no ICs in stock.

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  58. Re:What comes after the book deal? by Presence2 · · Score: 1

    I wonder if he's getting a royalty for the cameo in Deus Ex: Human Revolution.

  59. Name someone by gr8_phk · · Score: 1

    I really enjoyed his book, but it's clear that if you ask him, he hardly ever hurt anyone. It's hard to believe a lot of what he says, since it comes from someone who achieved most of his goals by nonstop lying.

    Name someone that got hurt? I'd have to agree with the second part of what you say though.

    His goal now is to make money - witness the plug for his new book in the answers. Why else would he even do a slashdot interview now?

    1. Re:Name someone by chispito · · Score: 1

      How about the people who footed his cell bill the whole time he was using cloned numbers? He says all they had to do was dispute the bill, but he's assuming they had the time/energy to dispute and that the carrier agreed to drop the charges.

      He conned countless employees into wasting who knows how many hours of productivity.

      He installed backdoor software at every turn, leaving the systems continually compromised.

      He continually abused people's good faith and manipulated them into doing what he wanted. He says he wants to give that one Social Security worker, Ann, a kiss. I doubt she would take him up on that offer if she realized that the whole time she spent on the phone with him, he was a fugitive who was using her to carry out vendettas against people and stake out his own fraudulent identity.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
  60. Re:Washed up by tsalaroth · · Score: 1

    I think I just realized who you are. Minor Threat just recently (relatively, anyway) got his computer ban lifted.

    Suddenly, I feel old.

  61. Re:What is this by spacepimp · · Score: 1

    You send me yours along with the IP address, and I'll tell you mine. Good try at information reconnaissance.

    If you don't think Kevin is a target of up and coming hackers trying to prove themselves then you need to think more.

    What's the risk in saying I use an AMD based PC/ATX with 4GiB of RAM running Ubuntu? Or that I use Wireshark to diagnose network issues? Or is he buying into obscurity now?

    Are you serious you're posting as an anonymous coward, and berating a security professional for not divulging enough information?

  62. Re:Washed up by Larryish · · Score: 1

    I feel ya.

    Got out of the game back when phf still meant something.

    Sometimes I miss it.

    On the upside, our home network is quite nice.

  63. Re:What comes after the book deal? by agbinfo · · Score: 1

    I thought he'd only recently been allowed to profit from his "crimes" which is why he's now allowed to publish this book.

  64. Re:Washed up by mr_mischief · · Score: 1

    Minor Threat? Hmm. I wonder how Mucho Mas is doing...

  65. Re:Without remorse there is no rehabilitation. by Stupendoussteve · · Score: 1

    While what he did wasn't the most ethical thing to do, I don't think it in any way qualifies as having done "some of the most amoral and harmful acts in modern computing history" by any measure. You've just got an axe to grind because you were personally affected. If you weren't, you'd probably care much less.

    The best part is Remus wasn't personally affected, other than possibly getting a new credit card. I could understand if Kevin Mitnick drained his checking account or stole his identity, but this is all based on a letter saying his account details were compromised, very possibly by somebody other than Kevin Mitnick. I've gotten multiple similar letters in the last year, most of them involving Anonymous and Lulzsec, and yet I really don't have an axe to grind against them either.

    I would think 20 years later "Kevin Mitnick stole my credit card number" is a bragging right anyway.

  66. Re:Without remorse there is no rehabilitation. by Stupendoussteve · · Score: 1

    Of course I do. The Fridays waiters actually use the credit card!

  67. Re:Without remorse there is no rehabilitation. by Archimboldo · · Score: 1

    According to my read, he was remorseful for actual damage done. Just curious, what remorse do you have for your wrongs against others? If you have any, one would think you would be a bit more forgiving toward someone who has remorse and who has changed his ways.

    To err is human ... I forget the second half, what was it again?

  68. Re:What comes after the book deal? by SomePgmr · · Score: 1

    Well, he had books previous to this one, Art of Deception and Art of Intrusion. And he was allowed to earn a living acting as a security consultant. So I'd guess he could have done trashy things like the gp suggested... he just didn't.

  69. Why not DNSSEC? by mcrbids · · Score: 1

    We already trust DNS to decide who can say where something is, why not include the ability to declare that you made it to the right place?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
    1. Re:Why not DNSSEC? by fatphil · · Score: 1

      The DNSSEC question will run and run. I know that DJB (who has an alternative) and Dan Kaminsky (who probably also has an alternative, they all seem to!) won't stop fighting over that bone, for example. I guess that argument dates back at 10 years now.

      But I'd rather progress was slow and towards something that everyone (academia, big business, browser writers, ...) subscribes to, than the "something must be done, this is something, therefore this must be done" principle be applied to something inadequate.

      --
      Also FatPhil on SoylentNews, id 863
  70. Re:Without remorse there is no rehabilitation. by gmhowell · · Score: 1

    What I'm talking about is empathy. He's saying that he broke into computer systems, stole some information and terrorized them, but he didn't make a profit on it so it's ethically okay. That's bullshit. It's amoral. It's a complete lack of empathy, and a telling sign of a sociopath.

    This is slashdot. Most of these basement dwelling turds wouldn't know empathy if it jumped up and cried on their collective shoulders. I blame the beatings and wedgies they got in their youth. You'll never convince them. (FWIW, seeing the answer to your question was the only reason I even clicked on this story.)

    --
    Jesus was all right but his disciples were thick and ordinary. -John Lennon
  71. Re:Without remorse there is no rehabilitation. by Jane+Q.+Public · · Score: 1

    It *IS* a trivial difference. Because Mitnick was not doing it for personal profit -- this we KNOW from the evidence and court cases -- and as far as anybody knows, he never did anything significant to cause harm to his targets.

    If he had been collecting credit card numbers for illicit profit, or crashing servers, he would have been convicted of doing such. Instead, he was convicted of what -- yet again we KNOW -- to be exaggerated charges that had little to do with what he actually did.

    You are acting as though we are supposed to take his word for this, but we don't... it's all in the court records.

  72. Re:Without remorse there is no rehabilitation. by Jane+Q.+Public · · Score: 1

    Let me put this a different way:

    What if one day you committed the "crime" of downloading a newspaper you did not actually subscribe to, yet you were arrested and convicted in Federal court for grand larceny and worse?

    What if you stole a candy bar and went to prison for rape?

    It really isn't that much different.

    You want him to have "regrets"? Are you nuts? If justice were actually served, the United States deserves from Kevin Mitnick a gigantic "Fuck You!"

    Yet he decided to become a productive member of society anyway. We should be grateful that Mitnick is the man that he is. Otherwise your credit cards might actually be stolen, this time for real, and this time for genuinely nefarious purposes.

  73. Good try at information reconnaissance by scharkalvin · · Score: 1

    "Computer Setup?
    by Anonymous

    What is your computer setup? I mean hardware, OS, software you use to work.

    KM: You send me yours along with the IP address, and I'll tell you mine. Good try at information reconnaissance."

    Oh come on! That was a general question that he should have answered! I would have liked to know what processor, speed, memory, and OS he was running. Not exactly enough detail to hang anybody or trade secrets. I would expect him to be secret about which applications he modified to break security though.

  74. Re:Sleep like a baby by JCCyC · · Score: 1

    Heh. Now, seriously, I hope KM's answer to that made the butthurt asker's butt hurt even more.

  75. Re:Without remorse there is no rehabilitation. by JCCyC · · Score: 1

    This reply pleases me. (See #37388954 above.)

  76. Re:Without remorse there is no rehabilitation. by DamnStupidElf · · Score: 1

    Proof. I pay for movies. What I want is for movies to last longer than 5 minutes in a house with young kids who think DVDs make excellent coasters and frisbees. Thank the good ol' USA for making decss illegal.

  77. Re:What comes after the book deal? by agbinfo · · Score: 1

    I'm not a lawyer but I think there's a distinction between making money from your fame alone and making money from your profession. One is profiting from your crime. In any case, I don't believe he would have done any such thing. I'm merely pointing out that he might not have been able to even if he had he wanted to.

  78. Remus Shepard by Nyder · · Score: 1

    http://slashdot.org/comments.pl?sid=2403266&cid=37262912
    http://slashdot.org/comments.pl?sid=2403266&cid=37247822
    http://slashdot.org/comments.pl?sid=2403266&cid=37247744
    http://slashdot.org/comments.pl?sid=2403266&cid=37247664

    Or in short, I told you so.

    --
    Be seeing you...