Mitnick backs federal DNA database

Saying that identity theft is a 'huge problem that will be tough to stop,' the notorious hacker makes a surprising recommendation.

Should the Government establish a central database that uses biometric identifiers such as DNA to make sure you're who you say you are?

Hacker Kevin Mitnick thinks so.

Mitnick, released from prison in January after serving four and a half years in prison on computer and wire fraud charges, is no fan of federal authorities, but, in an extensive interview with Yahoo! Internet Life magazine, he sounded a word of warning about identity theft and the Internet. (See: The full Kevin Mitnick interview.)

According to Mitnick, 36, who created fake IDs while on the lam from the FBI, the explosion of the Net has made identity theft "a huge problem that will be tough to stop."

"A lot of databases rely on your Social Security number, and you definitely need one to get work. Also, you can get a person's birth certificate so long as you know your target's full name, his date and place of birth, his father's name, and his mother's maiden name. And now, with the explosion of the Internet, people are sharing this information at Web sites. This is a huge problem that will be tough to stop," Mitnick told Yahoo! Internet Life.

"I think the government has to establish some sort of central database that uses biometric identifiers, such as your DNA, that can label you as you. This might eliminate a lot of identity theft, because anyone can apply for credit by supplying information over the phone."

In the wide-ranging interview, Mitnick said the popularity of the Internet "has increased the potential number of victims."

"A lot of people don't take the time to configure their systems properly. A lot of software products have security vulnerabilities that can be exploited, and these vulnerabilities attract the criminal element. Not only can criminals steal confidential credit card numbers and research and development information online, but they can also get into a site's Web server and order products -- even have them shipped," he said.

And, although he hasn't touched a PC since 1995 and is now making a living as a columnist for and as a keynote speaker, Mitnick said he thought he could still be a "successful" hacker.

"I was so good at the social engineering component. No matter what technological solutions people use -- firewalls, encryption, limited dial-in access, or strong authentication devices like biometric identifiers -- you can always find somebody who has legitimate access to the information you want and trick them into giving it to you," he said.

"Or you could simply run a Trojan horse, which is a program that basically opens a secret back door on someone's computer. Today, it's just a matter of finding a gullible user, sending him an e-mail with an attachment, and having him launch the attachment."

During the interview Mitnick took another swipe at New York Times journalist John Markoff, claiming the reporter libeled him; described Tsutomu Shimomura, the computer scientist who helped the FBI find him while on the run in 1995, as "a vigilante hacker"; and claimed he was misled into a "60 Minutes" TV interview.

Mitnick also said he wanted to rehabilitate his "notorious" reputation.

"I've done wrong. I broke into computers. I recognize that, and I'm sorry for it. But I'm not agreeing that I committed the amount of harm I was accused of or that the punishment fit the crime. I deserved to be punished but not to have my rights as a U.S. citizen disregarded. If they can disregard Kevin Mitnick's rights, they can disregard yours. That's been my argument all along," he said.

Mitnick is banned from engaging in any computer-related activities until January 2003.