Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate - that is, until he returned from a trip to Colombia two weeks ago.
Since being released from prison eight years ago, Kevin
Mitnick's brushes with the law have consisted of a few parking
tickets and a citation for driving without a front license plate
— that is, until he returned from a trip to Colombia two
Kevin Mitnick (Credit: Monty Brinton)
After landing at the Atlanta airport for a security conference,
Mitnick was detained for four hours for reasons still not fully
explained. To make matters worse, while customs officials in
Atlanta were busy inspecting his cell phone, laptop, and luggage,
police in Bogota were ripping open a package he had mailed to his
US address on suspicion that it contained cocaine.
The simultaneous incidents gave Mitnick deja vu of his days as a
fugitive pursued by the FBI for
breaking into computer networks, only this time, he hadn't
broken any laws.
"There was uncertainty, fear, and panic because I didn't know
what was going on, and I didn't do anything wrong," he said in a
recent telephone interview with ZDNet.com.au sister site
CNET News. "In my mind, I thought I was being set up for
Mitnick's Delta Airlines
plane landed in Atlanta on September 16 at around 3pm. He had flown
in from Bogota, where he had gone to give a speech to the newspaper
El Tiempo and to visit his girlfriend.
The first sign of trouble was when a US customs agent swiped his
passport through the computer system and started staring intently
at the screen and typing. "Kevin," the agent said with a big
smile on his face. "Guess what? There are some people downstairs
who want to have a word with you, but don't worry. Everything will
While he waited to retrieve his
luggage, Mitnick's cell phone rang. It was his girlfriend in
Bogota saying she'd just gotten a call from the police there. They
wanted permission to open up a package of computer equipment and
souvenirs he'd mailed back to the US a few days earlier because
they said they found traces of cocaine on the package.
He finished the call and went back to the business at hand,
offering his luggage up for inspection. A customs agent asked if he
had ever been arrested. "Yes." Had he ever been to jail? "Yes."
For how long? "Five years." They knew the answers all too well,
In his luggage, they found a MacBook Pro, a Dell XPS M1210
laptop, an Asus 900 mini-laptop, three or four hard drives,
numerous USB storage devices, some Bluetooth dongles, three
iPhones, and four Nokia cell phones with different SIM cards for
They also found a lock-picking kit and an HID proximity card
spoofer that can be used to snag data stored on physical access
cards by swiping it in front of them. The data can then be used to
enter locked doors without having to make a forged access card.
Mitnick says he used the device in a demonstration about security
in his speech in Bogota, but that the customs agents' eyes lit up
when they saw it, thinking it was a credit card reader.
Mitnick asked if he was under arrest and was told that, no, he
was just being detained. He asked if there is a warrant for his
arrest and he was told, "We don't know yet." The agents let him
call his lawyer and his family.
"I was really nervous because I didn't know what the hell was
going on," he said.
Agents from the Immigrations Customs Enforcement (ICE) arrived
to question him. They asked why he was in Atlanta and he told them;
he was there to moderate a panel at a security conference sponsored
by the American Society for Industrial Security (ASIS). Asked for
proof, he fired up a laptop to show them the itinerary in his
email. But when he clicked "yes" to have Firefox clear his
private data — an automatic response to a default setting
— the agents snatched the laptop away from him, thinking he
was deleting evidence.
"Then I realised I was logged in and I don't want them to have
my password," Mitnick said. So, he quickly reached over and hits
the power button to "off."
Fortunately for Mitnick, one of the members of the panel he was
to moderate works for the FBI, and customs agents were able to
reach him to verify Mitnick's story.
Meanwhile, ASIS organisers,
worried about Mitnick's non-arrival for his awaiting airport ride,
had also called the director of security at the airport and helped
clear things up. The FBI in Atlanta cleared Mitnick of any
wrongdoing, so ICE let him go after apologising several times.
After some more questioning from customs officials, he was
But what about the package in Bogota? Police there tore open the
box, took the electronic equipment apart, and destroyed the hard
drive trying to open it by drilling a hole in it, but didn't find
any drugs. The two incidents were, apparently, completely unrelated
"Can you imagine if I had said to the agents 'Does this have
to do with the cocaine?" Mitnick jokes.
He can laugh about it now, but he was willing to share the story
as a cautionary tale for anyone traveling into the United States
with computer equipment. He was red-flagged for obvious reasons,
and someone without his background might be able to stay under the
radar. However, scrutiny is at the whim of officials who have been
said to target political activists, nuns, and people who just
happen to have a last name on no-fly government lists.
And then there is the recently bestowed right customs officials
have to seize laptops crossing into the country with no cause
whatsoever — though that may change. Legislation was recently
introduced that would require reasonable suspicion of illegal
activity before border agents could search electronic devices of US
"They can detain you for four hours, inspect everything, and
put you through the third degree for no reason. It's really a
police state," Mitnick said. "I travel in foreign countries that
have even more stringent rules, and I never have problems."
To protect his privacy and that of his clients, Mitnick encrypts
all the confidential data on his laptops, transmits it over the
Internet for storage on servers in the US, and wipes it from the
computer before returning from any international trips, just in
case officials decide to search or seize his equipment. He also
encrypts his hard drive. And now, he says he is going to keep a
"clone" of his MacBook at home so he will have an exact duplicate
of it if it is ever seized.
"I don't harbor any ill feelings toward [customs], but I was
really scared because of the circumstances that were happening in
Bogota at the same time," he says. "I feel lucky in a sense, and
I feel violated in a sense."