Skip to content Skip to sidebar Skip to footer
Home / Why Is Kevin Mitnick Trusted Again

Why Is Kevin Mitnick Trusted Again

Post a Comment

A convicted hacker debunks some myths

Kevin Mitnick

Kevin Mitnick

(CNN) -- To many, the proper noun Kevin Mitnick is synonymous with hacking, the cinematic sort where a snot-nosed kid thumbs his nose at potency. Merely, Mitnick says, the characterization is a bit overdone and the fable untrue, if not libelous.

It is true, he says, that he broke into corporate computer systems and stole source code to satisfy his curiosity, but he denies the stories that he hacked into NORAD -- N American Aerospace Defense Command -- or that he wiretapped the FBI.

Later on a well-publicized pursuit that made him notorious, the FBI arrested Mitnick in 1995. He served v years in prison after pleading guilty to charges of wire and computer fraud. He was released in 2000 and today runs a computer security business firm. In a telephone interview with CNN'southward Manav Tanneeru, Mitnick talks nearly his past, the land of online security today, and how he handles what his name has come up to mean.

CNN: There is a sure myth of Kevin Mitnick, only yous seem to disavow a lot of information technology. Why exactly did yous become then famous and what specifically was reported that was inaccurate?

MITNICK: [The claims] that I wiretapped the FBI or something like that were something out of a movie like "War Games" or "Enemy of the Land" or something. There were fictional events that were tied to real events, like when I took code from Motorola and Nokia when I was a hacker to await at the source code. I took a copy, which is essentially stealing, to expect at the information. That was truthful, that was the truth ... in the story, but at that place were a lot of libelous statements. ...

I'm the one that got myself into trouble, only because the reporting in the [New York] Times portrayed me as this very dangerous graphic symbol, the government stepped up the prosecution of the case.

At the terminate of the twenty-four hours, I would have been prosecuted, but I wouldn't take been held in solitary confinement for a twelvemonth for the fear that I could launch nuclear missiles by whistling through a pay phone.

I was powerless because I was represented by a publicly appointed attorney who had a very express upkeep. But a lot of accusations I wasn't charged with. If I hacked into NORAD or wiretapped the FBI, I certainly would have been charged with it. I got into problem largely because of my actions. However, because of the media reporting, I was treated as "Osama bin Mitnick."

CNN: You were one time the most famous and sought after hacker in the state. After your release from prison house you were asked to testify before the Senate, and you lot now run a Spider web security house, which is a fascinating development.

MITNICK: It'due south kind of interesting, because hacking is a skill that could be used for criminal purposes or legitimate purposes, and and so fifty-fifty though in the by I was hacking for the curiosity, and the thrill, to get a bite of the forbidden fruit of cognition, I'm at present working in the security field as a public speaker. Twenty-five percent of my revenue is really doing security assessments, so people actually hire [me] to intermission into their systems to find their security failures and patch them before the bad guys find them.

So, it's kind of interesting, because what other criminal activity can you ethically exercise? You lot can't exist an upstanding robber. You can't exist an ethical murderer. So it's kind of ironic. But it is really rewarding to know that I tin can have my groundwork and skills and knowledge and really help the community.

CNN: The fact that you are back in the online world, especially the cyber security sector, may give many reason for a certain insecurity and paranoia. How has your firm been received?

MITNICK: There are several in the security field that don't trust me. They're my competitors, and right in that location, in that location is an agenda. Simply I'm sure that our visitor does not receive phone calls because they're concerned about my past, and then again, at that place are a lot of people that do make those calls, and they go on the business going pretty skillful. I never got a phone call proverb, "Hey, we're not hiring your house because of x, y and z."

I don't know what the percentage is, only I'm sure there are people that don't desire to employ our firm considering they really don't know much about the example. They simply know me as a hacker that went to jail.

CNN: Compared to the time you were an illegal hacker, and the contemporary mural, how easy is information technology to hack a estimator? Has security improved much? Would you lot still be able to do what you did years ago?

MITNICK: I get hired to hack into computers now and sometimes it'south actually easier than it was years ago. It really depends on who the client is -- or if yous're doing ethical hacking, who the target is. It could be a difficult target or an easy target. The security landscape, the only thing that's changed in regards to vulnerability are technical problems, but with social engineering, information technology's all remained the same. And then, it depends how vigilant the owners and the operators of the computer systems and the network are, and it really doesn't go to the question of are we living in a more than secure world?

CNN: Then, how vulnerable is the common user? Sure, it depends on how many safeguards they've installed, but if they take the most effective of security, how easy is it?

MITNICK: I did a written report USA Today was involved with and some other marketing firm in San Francisco was involved with within the last year, and we set up a honeypot network, which was six different networks running various different operating systems. We plugged them into a DSL line in San Francisco, and we but watched them to see how quickly these systems could get broken into without having any protection. And one of the computers was broken into four minutes after plugging it into the Internet, which is quite astounding.

CNN: You previously mentioned social applied science. What exactly does that term mean to y'all?

MITNICK: Social technology is using manipulation, influence and charade to get a person, a trusted insider within an organization, to comply with a asking, and the request is commonly to release information or to perform some sort of action item that benefits that attacker. It could be something as elementary every bit talking over the phone to something equally complex every bit getting a target to visit a Web site, which exploits a technical flaw and allows the hacker to have over the computer.

CNN: And how practise contemporary hackers use social applied science in what they do?

MITNICK: Well, how most Paris Hilton? She was attacked on her cell phone, and she was attacked 2 ways. One was because of a T-Mobile's Web site, and the other guy was able to compromise it past getting her phone number by going on T-Mobile's Web site, doing a password reset, which SMS-ed her new countersign because, presumably, only the owner would have the handset.

And and then what they did was, they did a technique chosen caller ID spoofing, which allows a person to alter the number they're calling from on their calling phone number display. Then, they were posing as T-Mobile customer service, and they called her telephone, and on the caller ID it showed equally T-Mobile customer service, and and then they told her, "There are some network difficulties. Accept you lot been getting any SMS [messages] about a countersign reset, and what were the contents of the message?" and she freely gave it out, and that's how these guys were able to get to her T-Mobile Sidekick, and her e-post, and whatnot.

In another example, the IRS merely did a security inspect under the office of the inspector general and called 100 managers posing every bit Information technology people at the IRS, and 35 of those mangers freely gave out their countersign and user name over the telephone.

Then, it's a significant threat. A visitor tin spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, merely if an attacker can phone call i trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted. Information technology's essentially meaningless.

CNN: How much do you trust online banking and the usage of credit cards online?

MITNICK: I trust online banking. Yous know why? Considering if somebody hacks into my account and defrauds my credit card company, or my online depository financial institution account, guess who takes the loss? The bank, non me.

CNN: Then what about other transactions? Do yous pay bills online or shop online? I'one thousand but curious if Kevin Mitnick is worried almost ID theft?

MITNICK: Somebody already stole my identity once and used it to use for a cell phone account. And it's besides bad. I wish they stole my identity 10 years agone when I was a avoiding -- that would have been cool. Information technology was a $400 neb, and they used my mom'southward address in Las Vegas when I was living in California under my name. That's really easy, because all yous need to steal someone's identity is the Social Security number. Information technology'due south non really rocket scientific discipline.

But, I don't have a problem at all using my credit card online. There are attacks that tin can be washed, but it'due south unlikely that I'll be targeted as an private. Information technology'south more likely the attackers will target the bank. So that way they tin can get many user names and passwords, and get admission to many accounts, rather than but targeting me. I think information technology'south safer to utilize a credit menu over the Cyberspace than it is to go to a Macy's and use it where an employee tin can simply skim off the card, or go into a bar, or a restaurant where they have your credit card number.

CNN: Y'all've become something of a star, a cult one, at to the lowest degree, even actualization on an episode of "Alias" as a hacker. What do y'all make of your celebrity?

MITNICK: It's kind of interesting, because I went through a horrific, horrendous experience and became the hacker poster boy, and it had a negative consequence on my trip through the criminal justice system. Merely now that I've turned over a new leaf and people are interested in my skill-set, now the notoriety of my name helps me in my business organization. Not because of what I did in the past, simply because I'm a known entity with my skill-set.

CNN: Practise you miss being on the run?

MITNICK: No, no, I don't miss it all. I like my life at present. I made some really stupid mistakes in the past as a younger human being that I regret. I'g lucky that I've been given a second chance and that I could utilise these skills to help the customs.

CNN.com gives y'all the latest stories and video from the around the globe, with in-depth coverage of U.S. news, politics, entertainment, health, law-breaking, tech and more than.

CNN.com gives you the latest stories and video from the around the world, with in-depth coverage of U.S. news, politics, entertainment, health, criminal offense, tech and more.

mabryaddis1988.blogspot.com

Source: https://edition.cnn.com/2005/TECH/internet/10/07/kevin.mitnick.cnna/

You may like these posts

Post a Comment for "Why Is Kevin Mitnick Trusted Again"