Kevin Mitnick


Kevin Mitnick exploited vulnerabilities in people more often than software. Talking to someone face to face or even on the telephone takes a lot of courage. It removes some of the anonymity someone who is only attacking a computer from another computer has, but if successful it grants access quicker, easier, and is often harder to trace. It is also the most difficult to defend against because each employee must be informed on social engineering. Therefore every employee is a potential vulnerability.   

As a child Kevin was overweight and had trouble making friends, but in his teens he found he could use computers to hack and get a feeling of power and importance.  Not only was hacking a way for him to gain self esteem and friends, but it sometimes had financial rewards. For example, his first social engineering hack was when a bus driver told him he could ride the bus for free with unused transfer slips he found in the garbage. He was also praised by a teacher on at least one occasion. In an interview he said:
I think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A. 

With rewards like the previously mentioned, it is no surprise that his hacking obsession intensified.

    Some hacks Kevin Mitnick executed include:
  • His high schools system, the Los Angeles Unified School District's main computers. With two friends he talked his way past the security at Pacific Bell's COSMOS phone center, found the room where the COSMOS system was, and stole the passwords, manuals, and door combinations for other Pacific Bell offices. Eventually he was caught and served three months in juvenile detention.
  • In 1983 he was caught breaking into a pentagon computer over the ARPAnet. This happened at the same University of Southern California he had gotten into trouble with for hacking into ARPAnet a few years earlier. He served six months at the California Youth Authority's Karl Holton Training School.
  • In 1987 he was convicted of stealing software from the Santa Cruz Operation, and sentenced to 36 months probation.
  • Again in 1987 he launched a series of attacks on Digital Equipment's Palo Alto research laboratories Easynet network to obtain a copy of Digital's VMS minicomputer operating system. Mitnick and friend Lenny DiCicco conducted the attacks from Lenny's place of employment, and were caught when Lenny confessed to his employer. His confession was due to the fact that his employer believed he was in trouble with the Internal Revenue Service thanks to Kevin making prank calls to harass Lenny. He pled guilty and served one year in jail and did six months of counselling. 
  • In 1992 he was charged with illegally accessing a phone company computer, and associating with one of the people with whom he'd originally been arrested in 1981. When the FBI showed up he was already gone. Later that year he was nearly aprehended fleeing a copy shop where he had the Department of Motor Vehicles office in Sacramento fax pictures of a police informer after making a social engineering phone call using a valid law enforcement requester code.
The hack that led to the end of his illustrious career was when he stole thousands of files from security expert Tsutomu Shimomura's computers at Shimomura's beach cottage near San Diego. Shimomura used his own hacking skills to help the FBI track Mitnick leading to his arrest February 15, 1995. Mitnick plead guilty, served 5 years in jail and was released in 2001.                                                                                          

Because of his previous record, and the fact that he had eluded FBI using their own tools he was portrayed as a fearsome criminal. He was accused of hacking the North American Defense Command (NORAD) system in 1982, a hack he denies doing. At one point he was put into solitary confinement after law enforcement officials convinced a judge that he had the ability to launch nuclear weapons from American soil by whistling into a pay phone. Mitnick denies that as even being possible.

Today Kevin Mitnick is a security consultant at mitnicksecurity.com and he is a writer. He wrote The Art of Deception, which is described as showing people how to not be victims of social engineering. Since he cannot profit from profiting by selling his story, he was not able to talk about the events before and during his arrest until 2007.

No comments:

Post a Comment