Ghost in the Wires: The Kevin Mitnick Interview

Ghost in the Wires: The Kevin Mitnick Interview

Summary: The world's most famous hacker discusses his new book, his exploits, his imprisonment and his success. Meet the Ghost in the Wires, Kevin Mitnick.

SHARE:

I can count on one hand the number of people who've significantly influenced a generation of IT professionals: Bill Gates, Linus Torvalds, Steve Jobs, Richard Stallman and Kevin Mitnick. I've had the unique privilege of interviewing two of the people in this list (Stallman and Mitnick). Each of the men in this list has his own unique approach to shaping the world in which he lives but they all have one thing in common: Passion for what they do.

But, it's not a normal passion, it's an all-consuming passion that seeps from every pore of their being. It's rare and it's what sets them apart from everyone else. There is a special pace to their speech--a cadence of thought--and a childlike thrill in their hearts for what they do.

This is a summary of my interview with Kevin Mitnick, the world's most famous and most passionate hacker.

Kevin Mitnick was the first famous hacker that I remember. He had a face and a name. He looked like a regular guy to me. He certainly didn't fit into the Ectomorphic Cerebrotonic somatotype that I expected. He didn't look like an evildoer and he didn't sound like an evildoer. But, to law enforcement, including the FBI, he was just that. To them, he was a name and a face on a Wanted poster and they wanted him under arrest. The world's largest and most influential telephone and technical companies just wanted him out of their wires.

He was unstoppable like a ghost that could walk through walls.

His new book, Ghost in the Wires, chronicles his exploits into phone systems, into computer systems, into FBI operations and into prison.

Little, Brown and Company; (August 15, 2011) 115 Amazon.com Customer Reviews: 5 Stars.

Curiosity, Mr. Decker. Insatiable curiosity.

KH: What was your motivation for hacking into phone systems and computer systems?

KM: Pranskterism. It was fun. I was curious. I wanted to know how things worked, especially operating systems. I read the source code. I didn't sell it or distribute it.

You'd think that someone who hacks into a major company would actually steal something, even if to expose it to the world. Not so with Kevin. He just wanted to read the code and understand how it worked. Apparently, the FBI placed a value on that learning exercise that was higher than his freedom.

"No company that I ever hacked into reported any damages, which they were required to do for significant losses. Sun didn't stop using Solaris and DEC didn't stop using VMS."

Instead, the FBI estimated Kevin's hacks and code reading into the $300 million range, which accounted not only for any break-in mitigation but also for the entire cost of operating system research and development. It was extreme and unfair but it was to send a message to Kevin and others like him that such actions would not be tolerated.

The punishment became more about the message rather than any actual damages. No one, not even Kevin himself, is saying that what he did was OK but the punishment should fit the crime.

"What I did was illegal and I should have been punished. But, the punishment should have been for any real damages that I caused."

KH: What is the purpose of Ghost in the Wires? What do you hope to accomplish with it?

KM: Its my story. And, I want to get my story out. I want people to know the true story. There's a lot of myth and false information about me out there.

FREE KEVIN

KH: Was the Free Kevin campaign to help you with attorney's fees?

KM: No, it was to educate people about the unfair treatment I was receiving: solitary confinement, exaggerated claims, poor representation and outlandish damage estimates.

KH: How did you pay for your attorney's fees? The cost must have been overwhelming.

KM: I had a court-appointed attorney. And, the court didn't want to spend a lot of money defending me, so I sat in prison for more than four years without a trial. About one year of that was in solitary confinement.

Ass Burgers

KH: I've heard that a lot of hackers, including you, have been diagnosed with Asperger's Syndrome. What do you think of that?

KM: I was diagnosed with it but I think it was my attorney's effort to help my defense. It was never used in the case. I don't think I have it. I've heard that Adrian Lamo, Gary McKinnon and John Draper have it. I might believe that Draper has it. I don't know about the others or the Lulz guys.

Thank you for calling Cheyenne Mountain, how may I direct your call?

KH: Can you really whistle the launch codes to our nuclear arsenal?

KM: No, that is a gross exaggeration and part of what got me placed in solitary confinement. They wouldn't allow me to have access to a telephone because of accusations like that.

Welcome to McDonald's, may I take your order?

KH: Do you have a favorite hack?

KM: Hacking into the communications at McDonald's. That was a lot of fun.

How it works: Customers pull up to the drive-through box to place an order and instead of hearing the employee inside, they hear your greeting. The employees can also hear you and the reactions of the customers. Hackers who do this use some form of modified CB radio or telephonic device to tune into the frequency used by the wireless sets in fast food restaurants.

"One guy was so frustrated that he went out and looked into the drive-through box to see if he could find something in it. Of course, I was across the street watching it all."

Danger, Will Robinson!

KH: What kind of threats are big right now? It seems that full frontal attacks are down.

KM: Successful attacks these days are hybrid. Attackers use a combination of Social Engineering and Spear Phishing to compromise systems and networks.

One example of this hybrid technique is that a "vendor representative" will call an unsuspecting person in a company and ask which software versions they're using. They would ask for an email address along with that information. The hacker will then send an email with malicious code attached to deliver a payload that gets the hacker inside the company's network.

Close enough for government work?

KH: From our conversation, it seems that there's no way to fully protect ourselves from hacks. Is that true?

KM: It is. You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk. For example, if you accept email attachments as part of your business, you're introducing risk. But, if your customers need to send attachments, you have to accept that risk.

Got Security?

KH: What do you do now?

KM: I'm still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.

The Good Hacking Seal of Approval?

KH: Which operating system do you use?

KM: I use Mac. Not because it's more secure than everything else--because it is actually less secure than Windows but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.

KH: Do you use Linux?

KM: Yes, I use Ubuntu and Gentoo.

Just the VAX ma'am, just the VAX

KH: What is your favorite OS?

KM: VMS. I've always liked it.

None shall pass

KH: What's the most secure OS? Is there one that you can recommend?

KM: I don't know of any secure OS. In the past eight years, I've had 100% success at penetration testing on all of them. Wait, ChromeOS, ChromeOS is the most secure because of its very limited attack vector--there's just nothing to exploit.

Eep Op Ork Ah Ah

KH: What else can you tell me about Ghost in the Wires, are there any secrets that you haven't revealed?

KM: Yes, at the beginning of each chapter, I've placed cryptograms there for readers to solve. If you solve all of them, then I'm going to draw names of the winners and give a piece of evidence from my case in the actual FBI bags. It would be a cool piece of memorabilia for people interested in the case or hacking. You can answer the questions by reading the book. I'm currently setting up the website now for this.

Deep vengeance is the daughter of deep silence

KH: Do you have any recourse or do you want any vengeance against anyone for the wrongs that were done to you?

KM: No. None. The best vengeance for me is that my book is number eight on the best seller list right now, my business is successful and I have my family.

To Kevin: It's better that you feel that way. Unfortunately, I am neither so wise nor so forgiving. I'm glad you're on our side and using your powers for good.

Personal Notes: I interviewed Kevin just a few days after his appearance on The Colbert Report and we had a good time trading hacking stories, discussing his new book and talking about security issues facing individuals and companies. I believe that he was treated unfairly by the courts, the FBI and the media (at the time). Accusations against him were ridiculous and exaggerated because he made fools of law enforcement. They took it personally. I also don't believe that he has Asperger's. That is nonsense and am glad that it never came up in his proceedings. I want him to have his vengeance through the success of his business, his books and his life. Godspeed, Kevin.

Kevin's other books:

The Art of Intrusion

The Art of Deception

Unauthorised Access

See Also:

LulzSec: Is it too cocky for its own good?

Hacker named to Homeland Security Advisory Council

Topics: Security, Browser, Malware, Operating Systems, Software, Ubuntu, Windows

About

Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

27 comments
Log in or register to join the discussion
  • RE: Ghost in the Wires: The Kevin Mitnick Interview

    There's a little more to Kevin Mitnick's early hacks than "pranksterism". A colleague of mine and I had to bodily chase him out of a tradeshow around 1981 because he kept trying to crash our demo computers.
    djlong
    • chuckle.....

      @djlong
      Still sounds like prankterism to me... ;)
      rhonin
  • Must be a Windows fanboi.

    "KM: I use Mac. Not because it???s more secure than everything else. Because it is actually less secure than Windows but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems."

    Hmmmmm
    Your Non Advocate
    • RE: Ghost in the Wires: The Kevin Mitnick Interview

      @facebook@... If Mac OS X is under the radar, where is desktop Linux? Not just under the radar, but subterranean (or underground).

      That said, there's nothing wrong with using an OS on the PC that has a significantly lower profile than Windows. Security, apparently, is difficult if not impossible. [Relative] safety will do.

      One is safer running Mac OS X, Linux or BSD on their PC (except for smartphones, where WP7 is the safe choice). When was the last time anyone has ever heard of a Puppy Linux user, the default user account is root, getting hacked?
      Rabid Howler Monkey
      • RE: Ghost in the Wires: The Kevin Mitnick Interview

        @Rabid Howler Monkey

        Linux desktops are under the radar because hardly anyone uses them. Plus, it's hard to write malicious code for Linux because most users don't have enough access to allow much damage. And, most Linux folk aren't dumb enough to execute a mail attachment as root.
        khess
    • RE: Ghost in the Wires: The Kevin Mitnick Interview

      @facebook@...

      I'm sure that he's made it as secure as possible. You'd be hard-pressed to be the guy to hack Kevin Mitnick's computer.
      khess
      • RE: Ghost in the Wires: The Kevin Mitnick Interview

        @khess I find his logic to be sound. hackers today do not share the ethos of Mitnick's generation. Back then, it was the art of the hack for nothing more than the hack itself. Today, hackers have monetized their activities. No one is interested in hacking Linux desktops and Macbooks because there is no money in it. contrary-wise iphones and androids are inundated with hacks and exploits.
        Your Non Advocate
    • Must be a Windows fanboi.

      "KM: I use Mac. Not because it???s more secure than everything else.(= that's not my reason that I use mac) Because it is actually less secure than Windows.
      Peter Okker
  • So, the most secure OS on the planet is not Ubuntu

    From the article:
    "ChromeOS is the most secure because of its very limited attack vector???there???s just nothing to exploit.

    Too bad that the applications and user data reside on Linux and Windows servers in the cloud.
    Rabid Howler Monkey
    • RE: Ghost in the Wires: The Kevin Mitnick Interview

      @Rabid Howler Monkey

      "Too bad that the applications and user data reside on Linux and Windows servers in the cloud. "

      That is exactly what he said. There is just nothing to exploit. It is not as if it is unhackable, recent news proves otherwise, it is just that there is no value in hacking it.
      Your Non Advocate
      • RE: Ghost in the Wires: The Kevin Mitnick Interview

        @facebook@... Now instead of hacking thousands of computers, you can hack a single cloud environment... awesome!
        tdogg219
  • RE: Ghost in the Wires: The Kevin Mitnick Interview

    For all you linux fans espousing its invulnerability ... have you visited the linux.org site recently? ... ahem ;-).
    Regarding the book, its an awesome read, can't recommend it enough - just go and buy it, but don't start reading until you can afford to not put it down again for several hours ...!
    MadHatter1
    • RE: Ghost in the Wires: The Kevin Mitnick Interview

      @MadHatter1

      Surprisingly, or maybe not, you know that some of the world's highest profile sites are embarrassingly unsecured.
      khess
  • Deja Vu

    [i]"KM: I use Mac. Not because it???s more secure than everything else???because it is actually less secure than Windows but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines."[/i]

    Charlie Miller said the same thing, and I've quoted as much many a time... but somehow between the written word and the RDF, it becomes white noise.
    UrNotPayingAttention
  • Deja Vu

    [i]KM: I use Mac. Not because it???s more secure than everything else???because it is actually less secure than Windows but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.[/i]

    Charlie Miller said the same thing, for some reason, between written word and the RDF, it turns to white noise.
    UrNotPayingAttention
  • RE: Ghost in the Wires: The Kevin Mitnick Interview

    This is a guy who still doesn't "get it". When you're breaking the law the penalty is what the criminal justice system says it is, not what you think it ought to be.
    fatchance2005
    • RE: Ghost in the Wires: The Kevin Mitnick Interview

      @fatchance2005

      True, even if they're wrong.
      khess
  • Hess makes a good point, but...

    Yes, *that* assessment of "damages" to Mitnick was ridiculous in excess.

    But FBI, corporate interests, and governments saw way down the track.

    They knew "If that sort of behavior goes unpunished..."

    You can fill in the rest.

    They were just scared, and--it turns out thanks to Anonymous and LulzSec--rightfully so.

    But did they create their own army of antagonists? They created the pranksters and troublemakers.

    But serious criminals, responsible for the major personal-data leaks and ID theft, paid no attention. They still need bloodhound pursuit and the harshest penalties.
    archetuthus
  • RE: Ghost in the Wires: The Kevin Mitnick Interview

    I didn't read this bit of malarky; there is nothing a crimnal can say or do that makes him worthy of a single word here. Wise up and find something interesting to write about and people who deserve it.
    tom@...
    • RE: Ghost in the Wires: The Kevin Mitnick Interview

      @tom@...

      Give me some names and I'll do it.
      khess