The latest version of Kevin Mitnick

[William Knowles <wk () C4I ORG>]

http://www.usatoday.com/life/cyber/tech/cti824.htm

By M.J. Zuckerman, USA TODAY
11/20/00- Updated 11:26 AM ET

Kevin Mitnick, cult hero and hacker icon, is apologetic. Repentant,
even. After spending five years in jail, he says he is eager to get on
with his life. But he stops short of being truly contrite. He
qualifies each mea culpa with an afterthought. "I do want to make a
public apology," he said recently to 300 software designers at a
Washington, D.C., conference. "My past actions have invaded their
privacy by getting into (companies') machines and getting into their
code, and I do regret doing that stuff because it's wrong to do. But I
was a kid having fun. I can't change the past, but ...hopefully I can
be forgiven."

In an interview later, he adds that he was merely "mischievous, being
in places I shouldn't have, but never maliciously destroying stuff."

Mitnick, now 36, was the first high-profile hacker. Starting in his
early 20s, he repeatedly burrowed into such corporations as Motorola
and Digital Equipment Corp. to pilfer their source code, the
electronic blueprints of a system's operations. In 1996, the Justice
Department slapped him with a 26-count indictment on computer and wire
fraud charges.

Mitnick gained soaring notoriety, including a segment on CBS' 60
Minutes, front-page articles in The New York Times and two books, one
in the works as a movie. Throughout, he's portrayed as an evil genius,
the USA's most-wanted Information Age outlaw.

Today, after six years as a fugitive on an earlier indictment,
followed by five years in jail awaiting trial, he's on three years of
strict probation. And Mitnick is building a reputation as a computer
security pundit.

Since his release in January, he has written columns for online
publications, is contemplating magazine offers and, with the help of a
Los Angeles talent agency, will become the host of a Net radio talk
show.

"This is how I intend to make a living now," he says. "I'm trying to
share my knowledge and experience."

Mitnick shrugs off those who continue to distrust him. "There's going
to be a group of people out there who will never forgive me and feel
'once a hacker always a hacker,' and I can live with that."

He draws the historical distinction between "hacker," someone who
tinkers with software code, and "cracker," one who uses his talents
for malicious purposes. He describes himself as more in the mold of
Steve Jobs than Jesse James.

And, in reality, he didn't attack computers so much as he manipulated
telephones and engaged in what Mitnick describes as "the art of
persuasion"  conning people into providing him passwords or faxing him
the materials he sought. "His routine was the three-card monte of
computer break-ins," says Keith Rhodes, chief technologist at the
General Accounting Office. "Look, if I can convince you to give me the
password, I'm in, and I need zero technical skills."

Mitnick doesn't argue with that observation. Nor does he excuse
himself, as many hackers do, by claiming he was merely "testing" the
systems' security.

"How I first got into computers was phone 'phreaking,'" slang for
finding ways to get free phone service or exploiting other weaknesses
in the phone system. "When the phone company went computerized, I went
computerized with them," he says.

Mitnick was the first of a kind, a key figure in the underground
society adept at manipulating technology on a whim. After his arrest
in 1995, "FREE KEVIN" bumper stickers began showing up. About 18
months ago, the Times Web site was vandalized by supporters.

"He's not Public Enemy No. 1, never should have been. But he's not a
civil rights cause either," says Richard Power of the San
Francisco-based Computer Security Institute. Power says Mitnick "has
certainly paid for whatever it is he did," but also "you must question
closely" whether he can be trusted.

"You can't stereotype people just because they have been described as
a hacker," says Mitnick, which he contends describes "a particular
skill set," not one's ethics. "I wouldn't hire someone like the
Russian hacker who stole $12 million from Citibank, because he has a
history of theft."

Weld Pond, a computer scientist with @Stake, a security firm, says
Mitnick has a limited "role as an independent consultant, a pundit or
speaker. But companies selling security services absolutely have to be
trusted, so I think he's going to have a hard time actually working on
a corporation's networks."

Mitnick says he never profited from any source code he stole, nor from
the thousands of credit-card accounts he obtained. And he says he was
punished excessively and continues to be treated harshly.

For example, the average time served for manslaughter is less than the
five years Mitnick served. And his probation strictly bars him from
owning or using any computerized device. But, after challenging some
restrictions in court, he now is permitted to speak at conferences and
write on a case-by-case basis. He even has a cell phone, its use
closely monitored. He is still forbidden to travel beyond California,
so his out-of-state conferring occurs online or via satellite.

He finds his probation so onerous that he'd gladly go back to serve
time in his minimum-security cell to free himself. "Absolutely, if
they told me right now that you go to jail for six months and when you
get out no more restrictions, I'd pack my toothbrush."

That's how eager Mitnick is to get back into the game. After all, he
spent five years missing out on the Net gold rush. If he had lived by
the law, he says, "I suppose I could be doing very well for myself by
now."


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".