Information Security News mailing list archives
The latest version of Kevin Mitnick
From: William Knowles <wk () C4I ORG>
Date: Tue, 21 Nov 2000 01:09:45 -0600
http://www.usatoday.com/life/cyber/tech/cti824.htm By M.J. Zuckerman, USA TODAY 11/20/00- Updated 11:26 AM ET Kevin Mitnick, cult hero and hacker icon, is apologetic. Repentant, even. After spending five years in jail, he says he is eager to get on with his life. But he stops short of being truly contrite. He qualifies each mea culpa with an afterthought. "I do want to make a public apology," he said recently to 300 software designers at a Washington, D.C., conference. "My past actions have invaded their privacy by getting into (companies') machines and getting into their code, and I do regret doing that stuff because it's wrong to do. But I was a kid having fun. I can't change the past, but ...hopefully I can be forgiven." In an interview later, he adds that he was merely "mischievous, being in places I shouldn't have, but never maliciously destroying stuff." Mitnick, now 36, was the first high-profile hacker. Starting in his early 20s, he repeatedly burrowed into such corporations as Motorola and Digital Equipment Corp. to pilfer their source code, the electronic blueprints of a system's operations. In 1996, the Justice Department slapped him with a 26-count indictment on computer and wire fraud charges. Mitnick gained soaring notoriety, including a segment on CBS' 60 Minutes, front-page articles in The New York Times and two books, one in the works as a movie. Throughout, he's portrayed as an evil genius, the USA's most-wanted Information Age outlaw. Today, after six years as a fugitive on an earlier indictment, followed by five years in jail awaiting trial, he's on three years of strict probation. And Mitnick is building a reputation as a computer security pundit. Since his release in January, he has written columns for online publications, is contemplating magazine offers and, with the help of a Los Angeles talent agency, will become the host of a Net radio talk show. "This is how I intend to make a living now," he says. "I'm trying to share my knowledge and experience." Mitnick shrugs off those who continue to distrust him. "There's going to be a group of people out there who will never forgive me and feel 'once a hacker always a hacker,' and I can live with that." He draws the historical distinction between "hacker," someone who tinkers with software code, and "cracker," one who uses his talents for malicious purposes. He describes himself as more in the mold of Steve Jobs than Jesse James. And, in reality, he didn't attack computers so much as he manipulated telephones and engaged in what Mitnick describes as "the art of persuasion" conning people into providing him passwords or faxing him the materials he sought. "His routine was the three-card monte of computer break-ins," says Keith Rhodes, chief technologist at the General Accounting Office. "Look, if I can convince you to give me the password, I'm in, and I need zero technical skills." Mitnick doesn't argue with that observation. Nor does he excuse himself, as many hackers do, by claiming he was merely "testing" the systems' security. "How I first got into computers was phone 'phreaking,'" slang for finding ways to get free phone service or exploiting other weaknesses in the phone system. "When the phone company went computerized, I went computerized with them," he says. Mitnick was the first of a kind, a key figure in the underground society adept at manipulating technology on a whim. After his arrest in 1995, "FREE KEVIN" bumper stickers began showing up. About 18 months ago, the Times Web site was vandalized by supporters. "He's not Public Enemy No. 1, never should have been. But he's not a civil rights cause either," says Richard Power of the San Francisco-based Computer Security Institute. Power says Mitnick "has certainly paid for whatever it is he did," but also "you must question closely" whether he can be trusted. "You can't stereotype people just because they have been described as a hacker," says Mitnick, which he contends describes "a particular skill set," not one's ethics. "I wouldn't hire someone like the Russian hacker who stole $12 million from Citibank, because he has a history of theft." Weld Pond, a computer scientist with @Stake, a security firm, says Mitnick has a limited "role as an independent consultant, a pundit or speaker. But companies selling security services absolutely have to be trusted, so I think he's going to have a hard time actually working on a corporation's networks." Mitnick says he never profited from any source code he stole, nor from the thousands of credit-card accounts he obtained. And he says he was punished excessively and continues to be treated harshly. For example, the average time served for manslaughter is less than the five years Mitnick served. And his probation strictly bars him from owning or using any computerized device. But, after challenging some restrictions in court, he now is permitted to speak at conferences and write on a case-by-case basis. He even has a cell phone, its use closely monitored. He is still forbidden to travel beyond California, so his out-of-state conferring occurs online or via satellite. He finds his probation so onerous that he'd gladly go back to serve time in his minimum-security cell to free himself. "Absolutely, if they told me right now that you go to jail for six months and when you get out no more restrictions, I'd pack my toothbrush." That's how eager Mitnick is to get back into the game. After all, he spent five years missing out on the Net gold rush. If he had lived by the law, he says, "I suppose I could be doing very well for myself by now." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- The latest version of Kevin Mitnick William Knowles (Nov 21)