Kevin Mitnick

From Wikipedia, the free encyclopedia
  (Redirected from Ghost in the Wires)
Jump to: navigation, search
Kevin David Mitnick
Kevin Mitnick 2008.jpeg
Born (1963-08-06) August 6, 1963 (age 51)
Los Angeles, United States
Other names The Condor, The Darkside Hacker
Occupation
Criminal penalty
1999: 46 months prison plus 3 years probation [1] 1988: One year prison.[2]
Website
mitnicksecurity.com

Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author and hacker. In 1999, he was convicted of various computer and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.[4] He now runs a security firm named Mitnick Security Consulting, LLC that helps test a company's security strengths, weaknesses, and potential loopholes, and is the Chief Hacking Officer of security awareness training company KnowBe4.

Mitnick is an active advisory board member at Zimperium,[5] a mobile defense firm that develops a mobile intrusion prevention system.[6]

Life and career[edit]

Early life[edit]

Mitnick grew up in Los Angeles and attended James Monroe High School.[7] He was enrolled at Los Angeles Pierce College and USC.[7] For a time, he worked as a receptionist for Stephen S. Wise Temple.[7]

Computer hacking[edit]

At age 15, Mitnick used social engineering and dumpster diving [8] to bypass the punch card system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering later became his primary method of obtaining information, including user-names and passwords and modem phone numbers.[9]

Mitnick first gained unauthorized access to a computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's computer network and copied their software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.

According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail. Mitnick was apprehended on February 15, 1995, in Raleigh, North Carolina.[10] He was found with cloned cellular phones, more than 100 clone cellular phone codes, and multiple pieces of false identification.[11]

Arrest, conviction, and incarceration[edit]

Supporters from 2600 Magazine distributed "Free Kevin" bumper stickers.

After a well-publicized pursuit, the FBI arrested Mitnick on February 15, 1995, at his apartment in Raleigh, North Carolina, on federal offenses related to a 2½-year period of computer hacking which included computer and wire fraud.[12]

Mitnick was charged with wire fraud (14 counts), possession of unauthorized access devices (8 counts), interception of wire or electronic communications, unauthorized access to a federal computer, and causing damage to a computer.[1]

In 1999, Mitnick pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into PacBell voicemail and other systems and to associating with known computer hackers, in this case co-defendant Lewis De Payne.[13] [14]

Mitnick served five years in prison—four and a half years pre-trial and eight months in solitary confinement—because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone",[15] meaning that law enforcement told the judge that he could somehow dial into the NORAD modem via a payphone from prison and communicate with the modem by whistling to launch nuclear missiles.[16] He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet. Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years, under a special judicial Son of Sam law variation. Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy.

In December, 2002 an FCC Judge ruled that Mitnick was sufficiently rehabilitated to possess a federally issued amateur radio license. [17]


Controversy[edit]

Mitnick's criminal activities, arrest, and trial, along with the associated journalism, were all controversial. Though Mitnick has been convicted of copying software unlawfully,[18] his supporters argue that his punishment was excessive. In his 2002 book, The Art of Deception, Mitnick states that he compromised computers solely by using passwords and codes that he gained by social engineering. He claims he did not use software programs or hacking tools for cracking passwords or otherwise exploiting computer or phone security.

Two books explored the allegations: John Markoff and Tsutomu Shimomura's Takedown, and Jonathan Littman's The Fugitive Game. Littman made four main allegations:

  • Journalistic impropriety by Markoff, who had covered the case for the New York Times, based on rumor and government claims, while never interviewing Mitnick himself;
  • Overzealous prosecution of Mitnick by the government;
  • Mainstream media over-hyping Mitnick's actual crimes;
  • Shimomura's involvement in the matter being unclear or of dubious legality.

Further controversy came over the release of the movie based on the book by John Markoff and Tsutomu Shimomura, with Littman alleging that portions of the film were taken from his book without permission. In addition, a number of media outlets reported on the unavailability of Kosher meals at the prison where he was incarcerated.[19]

The case against Mitnick tested the new laws that had been enacted for dealing with computer crime, and it raised public awareness of security involving networked computers. The controversy remains, however, and the Mitnick story is often cited today as an example of the influence that mainstream newspapers can have on the law enforcement personnel.[citation needed]

Supporters of Mitnick have asserted that many of the charges against him were fraudulent[20] and not based on actual losses.[21]

Consulting[edit]

Since 2000, Kevin has been a paid security consultant, public speaker and author. He does security consulting for Fortune 500 companies, performs penetration testing services for the world’s largest companies and teaches Social Engineering classes to dozens of companies and government agencies. He is the author of a dozen books that have been translated into many languages, including The Art of Deception, The Art of Intrusion, and Ghost in the Wires.

Media[edit]

Adrian Lamo, Kevin Mitnick, and Kevin Poulsen (photo ca. 2001)

In 2000, Skeet Ulrich and Russell Wong portrayed Kevin Mitnick and Tsutomu Shimomura in the movie Track Down (known as Take Down outside the USA), which was based on the book Takedown by John Markoff and Tsutomu Shimomura. The DVD was released in September 2004.[22] A documentary named Freedom Downtime was produced by 2600: The Hacker Quarterly in response to Takedown.

Mitnick is the co-author, with William L. Simon, of two computer security books and his autobiography:

On August 18, 2011, Mitnick appeared on The Colbert Report to talk about his new book.[26] On August 23, Mitnick was interviewed on Coast to Coast AM during the episode "Hacking & Technology".[27] On August 24, he appeared on the TWiT.tv network's Triangulation episode.[28]

On September 12, 2011, Mitnick answered readers' questions on the technology news site Slashdot.[29] This was the second time he was interviewed on Slashdot, the first time being in February 2003.[30]

Pop culture references[edit]

Video games[edit]

Mitnick is referenced in one of the in-game emails of the videogame Deus Ex: Human Revolution.

In the Rockstar video game Grand Theft Auto III, on the in-game Chatterbox radio station, a paranoid caller yells "FREE KEVIN" before he is cut off by the DJ.

In the Rockstar video game Grand Theft Auto: San Andreas, on the in-game WCTR radio station, the same paranoid caller says he could "launch a nuclear attack by whistling into a phone", a clear reference to the charges thrown against Mitnick prior to incarceration.

In the 2004 video game Vampire: The Masquerade – Bloodlines a character named Mitnick provides optional hacking-related quests.

In the Telltale Game Sam & Max Save the World, Max makes an off-hand comment, "Why can't we find an obscure criminal... like Kevin Mitnick!"

Graphic novels[edit]

The 2012 graphic novel Wizzywig by Ed Piskor is a close allusion to the story of Mitnick, with the main character's name replaced with Kevin Phenicle. The novel parallels the entire story of Mitnick under the codename "Boingthump", from his early days of phone phreaking, to his exploits in hacking into companies, through to his eventual arrest and "Free Kevin" campaign, with many of the details of Mitnick's story kept intact.

Kevin at DEFCON 2014[edit]

At the 2014 annual Las Vegas hackers convention DEF CON, Kevin Mitnick asserted that he could steal anyone's identity in 3 minutes. He defended this assertion by discovering online the Social Security number of a single volunteer from the DEF CON audience. [31]

TV[edit]

In "2πR", the eleventh episode of the second season of TV series Person of Interest, Mitnick is mentioned by a computer teacher.[32]

In the sixth episode of the second season of the anime Black Lagoon, the Lagoon company's resident hacker, Benny, claims after cracking a code, "I'm as great as Kevin Mitnick".

See also[edit]

References[edit]

  1. ^ a b c http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
  2. ^ http://www.justice.gov/opa/pr/Pre_96/February95/89.txt.html
  3. ^ http://www.justice.gov/opa/pr/Pre_96/February95/89.txt.html
  4. ^ "Kevin Mitnick sentenced to nearly four years in prison; computer hacker ordered to pay restitution to victim companies whose systems were compromised" (Press release). United States Attorney's Office, Central District of California. August 9, 1999. 
  5. ^ http://blogs.computerworld.com/security/20712/interview-worlds-most-famous-hacker-kevin-mitnick-mobile-security-zimperium
  6. ^ http://techcrunch.com/2013/12/20/zimperium-raises-8m-for-mobile-security-that-turns-the-tables-on-attackers
  7. ^ a b c Mitnick, Kevin (2011). Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. Little, Brown and Company. ISBN 0-316-03770-2. 
  8. ^ http://bigthink.com/think-tank/hacker-for-the-hell-of-it-the-adventures-of-kevin-mitnick
  9. ^ Greene, Thomas C. (January 13, 2003). "Chapter One: Kevin Mitnick's story". The Register. Archived from the original on September 12, 2012. 
  10. ^ Colbert Report
  11. ^ Painter, Christopher M.E. (March 2001). "Supervised Release and Probation Restrictions in Hacker Cases". United States Attorneys’ USA Bulletin (Executive Office for United States Attorneys) 49 (2). [dead link]
  12. ^ "Fugitive computer hacker arrested in North Carolina" (Press release). United States Department of Justice. February 15, 1995. Archived from the original on June 29, 2012. 
  13. ^ http://fas.org/irp/news/1997/cac70627_1.html
  14. ^ http://www.sciencedirect.com/science/article/pii/S1361372399901410
  15. ^ Mills, Elinor (July 20, 2008). "Social Engineering 101: Mitnick and other hackers show how it's done". CNET News. Archived from the original on July 13, 2012. 
  16. ^ "Famed hacker to Snowden: Watch out". CNN. 
  17. ^ "F.C.C. Lets Convicted Hacker Go Back on Net" (Press release). New York Times. December 27, 2002. 
  18. ^ no conviction for forged documents - http://articles.latimes.com/1999/mar/27/business/fi-21393
  19. ^ "Life Not Kosher for Mitnick". Wired. August 18, 1999. Archived from the original on September 18, 2012. 
  20. ^ Randolph, Donald C. "About Kevin's Case". Free Kevin Mitnick. Archived from the original on April 24, 2006. 
  21. ^ "Defense consolidated motion for sanctions and for reconsideration of motion for discovery and application for expert fees based upon new facts". Free Kevin Mitnick. June 7, 1999. Archived from the original on December 22, 2005. 
  22. ^ Skeet Ulrich, Russell Wong (2004). Track Down (DVD). Dimension Studios. 
  23. ^ Mitnick, Kevin; Simon, William L. (October 2003). The Art of Deception: Controlling the Human Element of Security. Wiley Books. ISBN 978-0-7645-4280-0. 
  24. ^ Mitnick, Kevin; Simon, William L. (December 27, 2005). The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers. Wiley Books. ISBN 978-0-7645-6959-3. 
  25. ^ Mitnick, Kevin; Simon, William L. (2011). Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. Little, Brown and Company. ISBN 978-0-316-03770-9. 
  26. ^ "Kevin Mitnick – The Colbert Report". The Colbert Report. video clip: Comedy Central. August 18, 2011. Archived from the original on July 23, 2012. Retrieved September 12, 2011. 
  27. ^ "Hacking & Technology". Coast To Coast AM With George Noory. August 23, 2011. Archived from the original on July 23, 2012. Retrieved September 12, 2011. 
  28. ^ "Triangulation #21". TWiT. August 24, 2011. Archived from the original on September 18, 2012. Retrieved September 12, 2011. 
  29. ^ timothy (September 12, 2011). "Kevin Mitnick Answers". Slashdot (Geeknet Inc.). Archived from the original on July 11, 2012. Retrieved September 12, 2011. 
  30. ^ Roblimo (February 5, 2011). "Kevin Mitnick Answers". Slashdot (Geeknet Inc.). Archived from the original on July 18, 2012. Retrieved September 12, 2011. 
  31. ^ http://www.forbes.com/sites/ehrlichfu/2014/08/15/renowned-security-expert-kevin-mitnick-can-steal-your-identity-in-3-minutes/
  32. ^ Kevin Mitnick (3 January 2013). "Cool! Someone uploaded the piece of Person of Interest that mentions me. Very cool :-) https://www.youtube.com/watch?v=KNLk7qoqVzo&feature=youtube_gdata_player ...". Kevin Mitnick at Twitter. Twitter. Retrieved 13 February 2014. 

Bibliography[edit]

Books[edit]

Articles[edit]

http://www.forbes.com/sites/ehrlichfu/2014/08/15/renowned-security-expert-kevin-mitnick-can-steal-your-identity-in-3-minutes/

External links[edit]