Mitnick In The News
“On access and very pissed federal agents.” The most famous hacker in the world reveals the backstage of his work
Oct 23, 2018 - INN, by Krzysztof Majdan
Kevin Mitnick, a pseudonym of Condor, the most famous hacker in the world. INNPoland.pl is one of the few editors who managed
to conduct an interview with a star in the cybersecurity industry
This is about a story about passion, unauthorized access and very pissed off federal agents - describes the biographer Kevin Mitnick, the world's most famous hacker. Suffice it to say that the man's antics in the late 1980s and early 1990s caused fears that Mitnick might break into NORAD and whistle to the phone to fire a nuclear attack. In an interview with INNPoland.pl, he reveals how he managed to make these spectacular burglaries.
Kevin Mitnick is referred to as the most famous hacker in the world, mainly thanks to a biography - after all a guy, at first a rogue breaking into companies, served his time, got a good knowledge, but let's be honest - a bit of ordinary marketing.
Master of manipulation
But - and here without a hint of exaggeration - Mitnick can be described as a master of social engineering. Human speaking - a master of manipulation of others. And that's what he was talking about at the Inside Trends conference organized by Business Insider Polska . Man is the weakest link in almost every security structure and it is much easier to manipulate him than to bypass software or hardware security.
First things first. Before we go to the examples of manipulating people, briefly about the life of Mitnick, because it is certainly original. As a child, he managed to persuade the driver of a city bus in Los Angeles to show him "to the school project", where he buys naturals. With such a device, purchased for 15 dollars, and a file of empty tickets, which he found in the trash bin at the depot, he arranged for himself free trips in the whole district.
"The magician from the phones"
- Where does the fascination with hacking , how did it start? - I ask Mitnick
- I was a joker - he says. - As a child, I was very interested in magic. I rode a bicycle to a nearby store to watch tricks to see how the trick works from the kitchen. I was interested in this forbidden fruit of knowledge - he recalls.
In high school, he met the "magician on phones". This one showed him various tricks, eg using a special code, to call anywhere in the world for free. He recalls that he liked making jokes to colleagues, changing the configuration of their home phones to paid - when they picked up, they de facto paid for the call. In the end, he went to computer classes in his high school.
- Mr. Chris, the teacher, did not want to accept me at first, but he accepted when I showed some tricks. I bet he regrets this decision to this day - laughs Mitnick.
He mentioned that he was heavily inspired by the article about "blue boxes", small transmitters for hacking analog phones. It was built by Steve Wozniak, one of Apple's co-founders, and Steve Jobs was supposed to sell them on the university campus , thanks to which both rulers were to finance part of the costs of building the first computer. In one of his interviews, Wozniak himself mentioned that thanks to the "blue box" he managed to call the pope as Henry Kissinger.
In the 1980s and 1990s, Kevin Mitnick made loud, audacious burglaries, including to Motorola or Sun Microsystems, one of the largest producers of computer software at that time, later incorporated into Oracle.
Nuclear attack from a prison phone
Mitnick spent less than five years in prison and detention, although he was never charged with hacking. In one of the interviews, he mentioned that he spent the year in isolation.
- The prosecutor convinced the board that having access to the telephone, I can boo the access codes and fire a nuclear attack - he recalled.
The prosecutor argued that since Mitnick was so proficient in telecommunications networks, he could hack NORAD (Command of North American and Aerospace Defense) from the prison phone and initiate the attack. It shows the scale of fear and the general paranoia that it caused.
Computer hacking broke into the public consciousness as something dangerous and dark, reserved for a small group of specialists. Sam Mitnick, by the way, through a part of American society was seen as a kind of digital Robin Hood, fighting against soulless corporations.
Freaked out by the federal agency.
If you sat longer, would you become a cybercriminal? You were young, then you are vulnerable - I ask.
- No, I do not think so. Already at the time when I was sought after by the FBI's arrest warrant, I did various legal jobs under false names, of course, so that the government could not find me. If I was to become a cybercriminal, I would do it then, why should I wait? - answers Mitnick.
Here it is worth developing the "pissed off federal" theme from the introduction. Mitnick in one of the interviews mentioned that thanks to establishing phone numbers of tracking agents and breaking into the telephone network, he was able to monitor their location. - The closer they were to me, the further I escaped from them - he recalled. In the end, however, he came up.
- You escaped them for over two years. How did they catch you? - I'm asking.
- They tracked me over the telephone network, based on its use. I had a cloned phone, of course not in my name, but they fixed my fake name, they had a radio transmitter, then locating the target is trivial - says Mitnick.
I hack too much.
In a sense, his fate has sealed one hack too much. Tsutomu Shimomura - like Mitnick - was a hacker, with the difference that he found susceptibility he reported to companies and institutions before someone with bad intentions could use it. When Mitnick broke into Shimomura's computer, he took the FBI's help to locate the hacker as a point of honor.
Today, Mitnick is a consultant on the "good side". His company provides consultancy and pentersterskie services. Pentesters are people who, by order of the organization, try to infiltrate and bypass its security system to see where the gaps are, patch them before they find them and use the "bad ones".
- When I was a black hat (black hat, "bad hacker", one who after finding vulnerability, does not inform or try to make money on it, opposite the white hat - editorial note), there was no such thing as pentesting. they had such research programs, but generally there were no such services, and companies did not use them - says Mitnick in an interview with INNPoland.pl.
- Man is the weakest link in any security system? - I'm asking.
- Yes. There are no systems that prevent the attack, only those that hinder the attacker's work. After all, two-step verification whether the updated antivirus does not give you a guarantee, only raise the level of difficulty - says Mitnick.
To read the rest of this interview and other interesting technological news, please refer to the source.