Kevin Mitnick: World’s Most Famous Hacker

Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on RedditPin on PinterestShare on StumbleUponEmail this to someoneDigg thisShare on LinkedInShare on Tumblr

mitnick255_fKevin David Mitnick (born on August 6, 1963) is an American computer security consultant, author, convicted criminal, and hacker. In the late 20th century, he was convicted of various computer and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.

Personal Life

Mitnick grew up in Los Angeles and attended James Monroe High School. He was enrolled at Los Angeles Pierce College and USC. He worked as a receptionist for Stephen S. Wise Temple for a while. He now runs a security firm named Mitnick Security Consulting, LLC that helps test a company’s security strengths and weaknesses.

Computer Hacking

At age 12, Mitnick used social engineering to bypass the punchcard system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information, including user-names and passwords and modem phone numbers.
Mitnick first gained unauthorized access to a computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC’s computer network and copied their software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail. Mitnick was apprehended on February 15, 1995 in Raleigh, North Carolina. He was found with cloned cellular phones, more than 100 clone cellular phone codes, and multiple pieces of false identification.

Arrest, Conviction, and Incarceration

kevin-mitnickSupporters from 2600 Magazine distributed “Free Kevin” bumper stickers.
After a well-publicized pursuit, the FBI arrested Mitnick on February 15, 1995, at his apartment in Raleigh, North Carolina, on federal offenses related to a 2½-year period of computer hacking.
In 1999, Mitnick confessed to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into PacBell voicemail and other systems and to associating with known computer hackers, in this case co-defendant Lewis De Payne.
Mitnick served five years in prison — four and a half years pre-trial and eight months in solitary confinement — because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to “start a nuclear war by whistling into a pay phone”. He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet. Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years. Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy.

Controversy

mitnicksMitnick’s criminal activities, arrest, and trial, along with the associated journalism, were all controversial.
Though Mitnick has been convicted of copying software unlawfully and possession of several forged identification documents, his supporters argue that his punishment was excessive. In his 2002 book, The Art of Deception, Mitnick states that he compromised computers solely by using passwords and codes that he gained by social engineering. He claims he did not use software programs or hacking tools for cracking passwords or otherwise exploiting computer or phone security.
Two books explored the allegations: John Markoff and Tsutomu Shimomura’s Takedown, and Jonathan Littman’s The Fugitive Game. Littman made four main allegations:

  • journalistic impropriety by Markoff, who had covered the case for the New York Times based on rumor and government claims, while never interviewing Mitnick himself.
  • overzealous prosecution of Mitnick by the government
  • mainstream media over-hyping Mitnick’s actual crimes
  • Shimomura’s involvement in the matter being unclear or of dubious legality

b7kjkkFurther controversy came over the release of the movie based on the book by John Markoff and Tsutomu Shimomura, with Littman alleging that portions of the film were taken from his book without permission. In addition, a number of media outlets reported on the unavailability of Kosher meals at the prison where he was incarcerated.
The case against Mitnick tested the new laws that had been enacted for dealing with computer crime, and it raised public awareness of security involving networked computers. The controversy remains, however, and Mitnick is often cited today as an example of the quintessential computer criminal.
Supporters of Mitnick have asserted that many of the charges against him were fraudulent and not based on actual losses.

Media

  • In 2000, Skeet Ulrich and Russell Wong portrayed Kevin Mitnick and Tsutomu Shimomura in the movie Track Down (known as Take Down outside the USA), which was based on the book Takedown by John Markoff and Tsutomu Shimomura. The DVD was released in September 2004. A fan-based documentary named Freedom Downtime was created in response to Takedown

ghost

  • Mitnick is the co-author, with William L. Simon, of two computer security books and his autobiography:
    • The Art of Deception
    • The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
    • Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
  • On August 18, 2011, Mitnick appeared on The Colbert Report to talk about his new book. On August 23, Mitnick was interviewed on Coast to Coast AM during the episode “Hacking & Technology”. On August 24, he appeared on the TWiT.tv network’s Triangulation episode.
  • On September 12, 2011, Mitnick answered readers’ questions on the technology news site Slashdot. This was the second time he was interviewed on Slashdot, the first time being in February 2003.

Video Game References

  • Mitnick is referenced in one of the in-game emails of the videogame Deus Ex: Human Revolution.
  • In the Rockstar video game Grand Theft Auto III, on the Chatterbox Radio Station (which can be accessed in-game) a paranoid caller yells “FREE KEVIN” before he’s cut off by the DJ.
  • In the Rockstar video game Grand Theft Auto San Andreas, on the WCTR Radio Station (which can be accessed in-game) the same paranoid caller says he could “launch a nuclear attack by whistling into a phone”, a clear reference to the charges thrown onto Kevin Mitnick prior incarceration. The voice in both Grand Theft Auto III and Grand Theft Auto San Andreas is well-known hacker Emmanuel Goldstein
  • In the 2004 video game Vampire: The Masquerade – Bloodlines a character named Mitnick provides optional hacking-related quests.
  • In the Telltale Game Sam and Max Save the World (aka Sam and Max Season 1), Max, the hyperkinetic rabbity thing, makes an off-hand comment, “Why can’t we find an obscure criminal…like Kevin Mitnick!”

References in Literature

  • The 2012 graphic novel Wizzywig by Ed Piskor is a close allusion to the story of Mitnick, with the main character’s name replaced with Kevin Phenicle. The novel parallels the entire story of Mitnick under the codename ‘Boingthump’, from his early days of phone phreaking, to his exploits in hacking into companies, through to his eventual arrest and ‘Free Kevin’ campaign, with many of the details of Mitnick’s story kept intact.

The Story:

mitnicksmallKevin Mitnick reached adolescence in suburban Los Angeles in the late 1970s, the same time the personal computer industry was exploding beyond its hobbyist roots. His parents were divorced, and in a lower-middle-class environment that lacked adventure and in which he was largely a loner and an underachiever, he was seduced by the power he could gain over the telephone network. The underground culture of phone phreaks had already flourished for more than a decade, but it was now in the middle of a transition from the analog to the digital world. Using a personal computer and modem it became possible to commandeer a phone company’s digital central office switch by dialing in remotely, and Kevin became adept at doing so. Mastery of a local telephone company switch offered more than just free calls: It opened a window into the lives of other people to eavesdrop on the rich and powerful, or on his own enemies.

PhonePhreaksMitnick soon fell in with an informal phone phreak gang that met irregularly in a pizza parlor in Hollywood. Much of what they did fell into the category of pranks, like taking over directory assistance and answering operator calls by saying, “Yes, that number is eight-seven-five-zero and a half. Do you know how to dial the half, ma’am?” or changing the class of service on someone’s home phone to payphone status, so that whenever they picked up the receiver a recorded voice asked them to deposit twenty cents. But the group seemed to have a mean streak as well. One of its members destroyed files of a San Francisco-based computer time-sharing company, a crime that went unsolved for more than a year — until a break-in at a Los Angeles telephone company switching center led police to the gang.

The case was actually solved when a jilted girlfriend of one of the gang went to the police…

That break-in occurred over Memorial Day weekend in 1981, when Kevin and two friends decided to physically enter Pacific Bell’s COSMOS phone center in downtown Los Angeles. COSMOS, or Computer System for Mainframe Operations, was a database used by many of the nation’s phone companies for controlling the phone system’s basic recordkeeping functions. The group talked their way past a security guard and ultimately found the room where the COSMOS system was located. Once inside they took lists of computer passwords, including the combinations to the door locks at nine Pacific Bell central offices and a series of operating manuals for the COSMOS system.. To facilitate later social engineering they planted their pseudonyms and phone numbers in a rolodex sitting on one of the desks in the room. With a flourish one of the fake names they used was “John Draper,” who was an actual computer programmer also known as the legendary phone phreak, Captain Crunch, the phone numbers were actually misrouted numbers that would ring at a coffee shop pay phone in Van Nuys.

artworks-000042362227-40zzr4-cropThe crime was far from perfect, however. A telephone company manager soon discovered the phony numbers and reported them to the local police, who started an investigation. The case was actually solved when a jilted girlfriend of one of the gang went to the police, and Kevin and his friends were soon arrested. The group was charged with destroying data over a computer network and with stealing operator’s manuals from the telephone company. Kevin, 17 years old at the time, was relatively lucky, and was sentenced to spend only three months in the Los Angeles Juvenile Detention Center, followed by a year’s probation.

A run-in with the police might have persuaded most bright kids to explore the many legal ways to have computer adventures, but Mitnick appeared to be obsessed by some twisted vision. Rather than developing his computer skills in creative and productive ways, he seemed interested only in learning enough short-cuts for computer break-ins and dirty tricks to continue to play out a fantasy that led to collision after collision with the police throughout the 1980s. He obviously loved the attention and the mystique his growing notoriety was bringing. Early on, after seeing the 1975 Robert Redford movie Three Days of the Condor, he had adopted Condor as his nom de guerre. In the film Redford plays the role of a hunted CIA researcher who uses his experience as an Army signal corpsman to manipulate the phone system and avoid capture. Mitnick seemed to view himself as the same kind of daring man on the run from the law.

After he was released, he obtained the license plate “X HACKER” for his Nissan…

His next arrest was in 1983 by campus police at the University of Southern California, where he had gotten into minor trouble a few years earlier, when he was caught using a university computer to gain illegal access to the ARPAnet. This time he was discovered sitting at a computer in a campus terminal room, breaking into a Pentagon computer over the ARPAnet, and was sentenced to six months at the California Youth Authority’s Karl Holton Training School, a juvenile prison in Stockton, California. After he was released, he obtained the license plate “X HACKER” for his Nissan, but he was still very much in the computer break-in business. Several years later he went underground for more than a year after being accused of tampering with a TRW credit reference computer; an arrest warrant was issued, but it later vanished from police records without explanation.

By 1987, Mitnick seemed to be making an effort to pull his life together, and he began living with a woman who was taking a computer class with him at a local vocational school. After a while, however, his obsession drew him back, and this time his use of illegal telephone credit card numbers led police investigators to the apartment he was sharing with his girlfriend in Thousand Oaks, California. He was convicted of stealing software from the Santa Cruz Operation, a California software company, and in December 1987, he was sentenced to 36 months probation. That brush with the police, and the resultant wrist slap, seemed only increase his sense of omnipotence.

In 1987 and 1988, Kevin and a friend, Lenny DiCicco, fought a pitched electronic battle against scientists at Digital Equipment’s Palo Alto research laboratory. Mitnick had become obsessed with obtaining a copy of Digital’s VMS minicomputer operating system, and was trying to do so by gaining entry to the company’s corporate computer network, known as Easynet. The computers at Digital’s Palo Alto laboratory looked easiest, so every night with remarkable persistence Mitnick and DiCicco would launch their modem attacks from a small Calabasas, California company where DiCicco had a computer support job. Although Reid discovered the attacks almost immediately, he didn’t know where they were coming from, nor did the local police or FBI, because Mitnick was manipulating the telephone network’s switches to disguise the source of the modem calls.

…he agreed to one year in prison and six months in a counseling program for his computer “addiction.”

The FBI can easily serve warrants and get trap-and-trace information from telephone companies, but few of its agents know how to interpret the data they provide. If the bad guy is actually holed up at the address that corresponds to the telephone number, they’re set. But if the criminal has electronically broken into to the telephone company’s local switch and scrambled the routing tables, they’re clueless. Kevin had easily frustrated their best attempts at tracking him through the telephone network using wiretaps and traces. He would routinely use two computer terminals each night — one for his forays into Digital’s computers, the other as a lookout that scanned the telephone company computers to see if his trackers were getting close. At one point, a team of law enforcement and telephone security agents thought they had tracked him down, only to find that Mitnick had diverted the telephone lines so as to lead his pursuers not to his hideout in Calabasas, but to an apartment in Malibu. Mitnick, it seemed, was a tough accomplice, for even as they had been working together he had been harassing DiCicco by making fake calls to DiCicco’s employer, claiming to be a Government agent and saying that DiCicco was in trouble with the Internal Revenue Service. The frustrated DiCicco confessed to his boss, who notified DEC and the FBI, and Mitnick soon wound up in federal court in Los Angeles. Although DEC claimed that he had stolen software worth several million dollars, and had cost DEC almost $200,000 in time spent trying to keep him out of their computers, Kevin pleaded guilty to one count of computer fraud and one count of possessing illegal long-distance access codes.

Poulsen-LamoIt was the fifth time that Mitnick had been apprehended for a computer crime, and the case attracted nationwide attention because, in an unusual plea bargain, he agreed to one year in prison and six months in a counseling program for his computer “addiction.” It was a strange defense tactic, but a federal judge, after initially balking, bought the idea that there was some sort of psychological parallel between the obsession Mitnick had for breaking in to computer systems and an addict’s craving for drugs. After he finished his jail time and his halfway-house counseling sentence for the 1989 Digital Equipment conviction Mitnick moved to Las Vegas and took a low-level computer programming position for a mailing list company. His mother had moved there, as had a woman who called herself Susan Thunder who had been part of Mitnick’s phone phreak gang in the early 1980s, and with whom he now became reacquainted. It was during this period that he tried to “social engineer” me over the phone. In early 1992 Mitnick moved back to the San Fernando Valley area after his half-brother died of an apparent heroin overdose. He briefly worked for his father in construction, but then took a job he found through a friend of his father’s at the Tel Tec Detective Agency . Soon after he began, someone was discovered illegally using a commercial database system on the agency’s behalf, and Kevin was once again the subject of an FBI investigation. In September the Bureau searched his apartment, as well as the home and workplace of another member of the original phone phreak gang. Two months later a federal judge issued a warrant for Mitnick’s arrest for having violated the terms of his 1989 probation. There were two charges: illegally accessing a phone company computer, and associating with one of the people with whom he’d originally been arrested in 1981. His friends claimed Mitnick had been set up by the detective firm; whatever the truth, when the FBI came to arrest him, Kevin Mitnick had vanished.

His escape, subsequently reported in the Southern California newspapers, made the authorities look like bumblers who were no match for a brilliant and elusive cyberthief.

In late 1992 someone called the California Department of Motor Vehicles office in Sacramento, and using a valid law enforcement requester code, attempted to have driver’s license photographs of a police informer faxed to a number in Studio City, near Los Angeles. Smelling fraud, D.M.V. security officers checked the number and discovered that it was assigned to a Kinko’s copy shop, which they staked out before faxing the photographs. But somehow the spotters didn’t see their quarry until he was going out the door of the copy shop. They started after him, but he outran them across the parking lot and disappeared around the corner, dropping the documents as he fled. The agents later determined that they were covered with Kevin Mitnick’s fingerprints. His escape, subsequently reported in the Southern California newspapers, made the authorities look like bumblers who were no match for a brilliant and elusive cyberthief.


Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on RedditPin on PinterestShare on StumbleUponEmail this to someoneDigg thisShare on LinkedInShare on Tumblr
Tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>