Kevin Mitnick

Kevin David Mitnick

Adrian Lamo, Kevin Mitnick and Kevin Poulsen (photo ca. 2001)
Born August 6, 1963 (1963-08-06) (age 47)
Los Angeles, California
Occupation Computer Consultant, Mitnick Security Consulting
Author
Website
http://www.kevinmitnick.com

Kevin David Mitnick (born August 6, 1963) is a computer security consultant and author. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.[1]

Contents

Early life

At 12, Mitnick used social engineering to bypass the punchcard system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information, including user names and passwords and modem phone numbers.[2]

In high school, he was introduced by "Rirm Puk" to phone phreaking, a method of manipulating telephones, which he often used to evade long-distance charges. He also became handy with amateur radios, which he allegedly used to gain unauthorized access to the speaker systems of nearby fast food restaurants.

Computer cracking

Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's computer network and copied DEC's software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.

According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail. Mitnick was apprehended in February 1995 in North Carolina. He was found with cloned cellular phones, more than 100 clone cellular phone codes, and multiple pieces of false identification.[3]

Confirmed criminal acts

Alleged criminal acts

Arrest, conviction, and incarceration

After a well-publicized pursuit, the FBI arrested Mitnick on February 15, 1995, at his apartment in Raleigh, North Carolina, on federal offenses related to a 2½-year computer hacking rampage.[9]

In 1999, Mitnick confessed to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into PacBell voicemail and other systems and to associating with known computer hackers, in this case co-defendant Louis De Payne.

Mitnick served five years in prison — four and a half years pre-trial and eight months in solitary confinement — because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone".[10] He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet.

Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years.

Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy.

Controversy

Mitnick's criminal activities, arrest, and trial, along with the associated journalism were all controversial.

Though Mitnick has been convicted of copying software unlawfully and possession of several forged identification documents, his supporters argue that his punishment was excessive. In his 2002 book, The Art of Deception, Mitnick states that he compromised computers solely by using passwords and codes that he gained by social engineering. He claims he did not use software programs or hacking tools for cracking passwords or otherwise exploiting computer or phone security.

Two books explored the allegations: John Markoff and Tsutomu Shimomura's Takedown, and Jonathan Littman's The Fugitive Game. Littman made four main allegations:

Further controversy came over the release of the movie based on the book by John Markoff and Tsutomu Shimomura, with Littman alleging that portions of the film were taken from his book without permission.

The case against Mitnick tested the new laws that had been enacted for dealing with computer crime, and it raised public awareness of security involving networked computers. The controversy remains, however, and Mitnick is often cited today as an example of the quintessential computer criminal.

Supporters of Mitnick have asserted that many of the charges against him were fraudulent[11] and not based on actual losses.[12]

Media

In 2000, Skeet Ulrich and Russell Wong portrayed Kevin Mitnick and Tsutomu Shimomura in the movie Takedown, which was based on the book Takedown by John Markoff and Tsutomu Shimomura. The DVD was released in September 2004.[13]

A fan-based documentary named Freedom Downtime was created in response to the corporate-based documentary Track Down.

Mitnick is the co-author, with William L. Simon, of two computer security books:

He and his co-author are currently writing Kevin's autobiography.

See also

Notes

  1. United States Attorney's Office, Central District of California (9 August 1999). "Kevin Mitnick sentenced to nearly four years in prison; computer hacker ordered to pay restitution to victim companies whose systems were compromised". Press release. http://www.usdoj.gov/criminal/cybercrime/mitnick.htm. 
  2. Greene, Thomas C. (13 January 2003). "Chapter One: Kevin Mitnick's story". The Register. http://www.theregister.co.uk/2003/01/13/chapter_one_kevin_mitnicks_story/. 
  3. Painter, Christopher M.E. (March 2001). "Supervised Release and Probation Restrictions in Hacker Cases". United States Attorneys’ USA Bulletin (Executive Office for United States Attorneys) 49 (2). http://www.usdoj.gov/criminal/cybercrime/usamarch2001_7.htm. 
  4. 4.0 4.1 4.2 The Art of Deception: Controlling the Human Element of Security, by Kevin Mitnick (2002, Hardback ISBN 0-471-23712-4, Paperback ISBN 0-7645-4280-X)
  5. 5.0 5.1 5.2 2600 Live Mitnick interview, 2600 Magazine, Released January 2003, Run time: 1 hr 18 min 5 sec
  6. 6.0 6.1 6.2 6.3 Markoff, John (February 16, 1995). "A Most-Wanted Cyberthief Is Caught in His Own Web". New York Times. http://www.nytimes.com/1995/02/16/us/a-most-wanted-cyberthief-is-caught-in-his-own-web.html. 
  7. Chappelle, Joe (Director). (2000). Takedown. 
  8. "A convicted hacker debunks some myths". CNN.com. 13 October 2005. http://www.cnn.com/2005/TECH/internet/10/07/kevin.mitnick.cnna/. Retrieved 2008-08-27. 
  9. United States Department of Justice (15 February 1995). "Fugitive computer hacker arrested in North Carolina". Press release. http://www.usdoj.gov/opa/pr/Pre_96/February95/89.txt.html. 
  10. Mills, Elinor (20 July 2008). "Social Engineering 101: Mitnick and other hackers show how it's done". CNET News. http://news.cnet.com/8301-1009_3-9995253-83.html. 
  11. Randolph, Donald C.. "About Kevin's Case". Free Kevin Mitnick. Archived from the original on 2006-04-24. http://web.archive.org/web/20060424153130/http://www.freekevin.com/about.html. 
  12. "Defense consolidated motion for sanctions and for reconsideration of motion for discovery and application for expert fees based upon new facts". Free Kevin Mitnick. 7 June 1999. Archived from the original on 2005-12-22. http://web.archive.org/web/20051222124635/http://www.freekevin.com/060799defmot.html. 
  13. Skeet Ulrich, Russell Wong. (2004). Track Down. [DVD]. Dimension Studios. 
  14. Mitnick, Kevin; Simon, William L. (December 27, 2005). The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers. Wiley Books. ISBN 978-0-7645-6959-3. http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html. 
  15. Mitnick, Kevin; Simon, William L. (October 2003). The Art of Deception: Controlling the Human Element of Security. Wiley Books. ISBN 978-0-7645-4280-0. http://www.wiley.com/WileyCDA/WileyTitle/productCd-076454280X.html. 

References

Books

  • Kevin Mitnick and William L. Simon, The Art Of Intrusion: The Real Stories Behind The Exploits Of Hackers, Intruders, And Deceivers, 2005, Hardback ISB 0471782661
  • Jeff Goodell, The Cyberthief and the Samurai: The True Story of Kevin Mitnick-And the Man Who Hunted Him Down, 1996, ISBN 978-0440222057
  • Tsutomu Shimomura, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It, 1996, ISBN 0-7868-8913-6
  • Jonathan Littman, The Fugitive Game: Online with Kevin Mitnick, 1996, ISBN 0-316-52858-7
  • Katie Hafner and John Markoff, Cyber Punk - Outlaws and Hackers On The Computer Frontier, 1995, ISBN 1-872180-94-9

Articles

External links