Rummaging around through the Telecom Archives, I found two interesting
items on Kevin Mitnick. I wonder if anyone knows what he has been
doing since 1997 or whenever he got out of prison.
Lisa Minter
Date: Thu, 16 Feb 95 11:59:10 CST
From: telecom@eecs.nwu.edu (TELECOM Digest Editor)
Subject: Kevin Mitnick Captured in Raleigh, NC
Kevin Mitnick, who had earned the unofficial title of 'America's Most
Wanted Computer Hacker' was arrested Wednesday morning at his home in
Raleigh, North Carolina.
Mitnick had managed to evade authorities in both Los Angeles and Seattle
during the past two years. He was caught through the efforts of one of
his latest victims, computer security specialist Tsutomu Shimomura of
the San Diego Supercomputer Center. Shimomura was robbed of security
programs he had written when his computer was broken into on Christmas
Day, about two months ago. But one thing Mitnick apparently had not
forseen was that the programs he stole -- and then used -- would be
used to help track him down. Shimomura was able to detirmine this past
weekend that Mitnick, 31, was connecting through a modem attached to
a cellular phone somewhere near Raleigh. Through the cooperation of
telcos and cellular companies, authorities were able to track Mitnick
to his home early Wednesday morning.
Authorities say they hope this latest arrest brings to an end the career
of a man who began hacking and phreaking when he was in high school. At
one point Mitnick broke into a North American Air Defense Command computer
in Colorado.
Referring to Mitnick as a 'dangerous computer terrorist', Justice Department
spokesman John Russell said the raid was conducted at 1:30 am on the
apartment in Raleigh in which Mitnick was living alone under a false name.
"His obsession was his downfall," said Deputy United States Marshall
Kathy Cunningham in Los Angeles. "His obsession to hack and phreak using
cloned cellular phones left us a good trail to follow."
Mitnick, who is known by the hacker name 'Condor' says he took that alias
after seeing the movie 'Three Days of the Condor' starring Robert Redford
as a man on the run from the government. He grew up in Los Angeles, and
was convicted there in 1988 after a series of phreaking and hacking incidents
which included disconnecting the phone service to Hollywood stars and
others. Although initially he was given just a short prison term followed by
federal probation, he continued to act out in his self-destructive ways and
when his probation officer threatened to revoke his probation and send
him to prison, he disconnected her telephone to get even and then ran off!
And he is supposed to be a smart guy?
In 1989, federal prosecutors in Los Angeles portrayed Mitnick as a
brilliant young man 'obsessed with junk food and computers' who
infiltrated computer networks and telephone switching systems in the
United States and England.
Although federal authorities suggested that he had broken into
National Security Agency computers, he was never charged with that
crime. At one point however, they considered him so dangerous they
got a judicial order denying him any use of telephones at all, for
fear he would call up a computer and access it using the touchtone
buttons on the phone.
In the earlier 1988 case, Mitnick agreed to plead guilty to hacking
the Digital Equipment Corporation (DEC) computer network and stealing
a program. He also pleded guilty to theft of sixteen MCI long distance
access codes and using them to make long distance calls. For this, the
court's imposition of punishment included several years imprisonment
with all but one year suspended, to be followed by federal probation
for the remainder of his term. After release from prison, Mitnick
began his probation. When his probation officer suggested she would
revoke his probation because of his behavior and return him to the
penitentiary, his response was to hack the appropriate computer and
disconnect her phone service ... he then fled.
In the fall of 1992, Mitnick was working for a private investigative
firm in Calabasas, California when the FBI was conducting an investigation
into the break-ins of Pacific Bell computers. Realizing they were about
to close in on him, he fled again ... to surface only yesterday when
a man he decided to trifle with -- Tsutomu Shimomura -- decided not to
get mad, but instead to get even! Shimomura cooperated very closely
with the government to pinpoint Mitnick's whereabouts.
On Wednesday, February 15, 1995, Mitnick was taken before a Magistrate
in Raleigh, North Carolina where he was arraigned on the charge of
violating the terms of his probation in 1988, and new charges of
computer fraud in North Carolina. Assistant United States Attorney
David Schindler in Los Angeles said additional charges pertaining to
Mitnick's actions in San Diego, Seattle and Colorado would also be
presented. Citing its belief Mitnick was a danger to the community and
likely to flee again if released, the court ordered him held without
bail, and once again restricted his unsupervised use of telephones.
Mitnick may be a smart man, but he seems to lack some common
sense. One does not ever screw around with one's federal probation
officer; you don't play with her telephone to get even; you don't run
off when she calls you. And when you are on the lam or otherwise, you
don't steal from someone like Tsutomu Shimomura.
Speaking of whom, Shimomura attended the proceedings in Raleigh on
Wednesday. At the end of the hearing as he was being led away, a
handcuffed and shackled Mitnick turned to Shimomura, whom he has never
met or seen before and said, "Hello, Tsutomu, I respect your skills."
Shimomura nodded, then turned his back and walked away.
It must be remembered that in the United States, our constitution
requires a presumption of innocence on the part of Kevin Mitnick until
his guilt is proven to the satisfation of a judge or jury in a court
of law.
Patrick Townson
From: Davew@cris.com (Dave Harrison)
Newsgroups: comp.dcom.telecom
Subject: Mitnick article
Date: 8 Feb 1997 08:45:15 GMT
Organization: Concentric Internet Services
Lines: 113
[TELECOM Digest Editor's Note: Please note that since this
article was submitted, Mitnick has been tried, found guilty
and sent to prison, as of July, 1997. PAT]
Here's an article I came across in one of our online magazines ... I
thought it may be of interest to Digest readers. Note that in a week,
Kevin will have been in custody for *two* years and hasn't had a trial
date set. The Feds also plan on dragging this out by prosecuting Kevin
in multiple jurisdictions because he wouldn't sign a plea bargain.
As a sidenote, a few weeks ago, Mitnick was throw in solitary for a
weekend and his Walkman was confiscated -- the Feds actually thought
he was going to modify it in to a walkie talkie. They also believe he
can whistle commands over the phone to remote modems.
-----------------------------------------------------------------------
Hacked, Cracked and Phreaked
All these idiots," Kevin Mitnick told me when I was researching a book
about his notorious network infiltrations. "They put their
workstations on the Internet and then they run their [encryption]
software on their Unix box, and I just backdoor it [for] their pass
phrase."
With all their bravado, hackers can make you skeptical about the
latest advances in computer security. Sure, encryption, firewalls,
intrusion detection programs and digital IDs are all helpful tools,
but I'm not one of those expecting a miracle cure. As another former
cracker recently told me, "Using encryption doesn't make people
smart."
Two guys named Kevin with eight years of jail between them -- and
counting -- have taught me how the other side thinks. I started getting
late-night calls on a pay phone from Kevin Mitnick more than two years
ago, when he was on the run from the FBI and a little-known security
whiz named Tsutomu Shimomura. Kevin Poulsen may be less notorious,
but he's no less intriguing. Charged with everything from espionage
to hacking radio giveaways -- he won two Porsches -- Poulsen recently
finished a five-year stint in federal jail.
Last fall, Mitnick's crimes were hinted at in a federal indictment.
Since then I've tracked down some of his purported corporate victims
and uncovered a clearer picture. The hacker's real targets were
industry giants such as Motorola and NEC. Was their computer security
bad? Not really. Did Mitnick teach these multinational corporations
some very important lessons? Yes.
The major alleged offenses against Mitnick are the misappropriation of
the proprietary software of a Who's Who of the high-tech
world -- Motorola, Nokia, Fujitsu, Novell and NEC. Eighty million bucks
is what these companies lost, the government privately says. Some of
the companies say the government is exaggerating, arguing that Mitnick
seemed to be in it largely for the thrill. But the danger is clear.
A hacker with his skills, hired by competitors or foreign governments,
could have easily used his intrusions to steal millions of dollars'
worth of secrets.
How did Mitnick do it? A source at Motorola alleges Mitnick installed
what now seems a dated technique -- a packet sniffer to suck up
passwords. He did a little "social engineering," allegedly phoning the
company and impersonating executives to trick Motorola out of the
information he needed to complete his theft. "He did move a block of
code," confirms a Motorola official. "He stole source code." Now, the
company has new policies for information given out over the phone.
Fortunately for Motorola, the company found "no pattern of abuse or
fraud." Mitnick, in other words, didn't damage their computers, and
as far as they could discern, had no plan to sell their code. In
Motorola's defense, sniffers were still new at the time, and Mitnick
was a gifted social engineer. The subsequent victims had fewer
excuses.
Months later, another major cellular phone maker was hit. "By then
everybody knew about packet sniffers," says one of the victims.
Everybody, it seemed, except for the victimized corporation. Again,
they were lucky. Although Mitnick swiped the source code that
operates their cellular phone and other wireless products, he didn't
seem interested in money or wreaking havoc.
Technically, there was no excuse for the success of Mitnick's attacks,
because products to combat them were already widely available. But
there's frequently a time gap between the latest hacking methods and
how quickly companies respond with fixes. Countless Internet mailing
lists and World Wide Web sites are posted weekly, highlighting new
operating system bugs that could provide access. Staying secure is a
fast-moving target. Hackers study and share the vulnerabilities more
thoroughly than most security professionals. If you don't patch it in
days, you may be the next victim.
It's tempting to think that prepacked encryption and other technical
innovations will eliminate these risks. But then I remember Mitnick
telling me how frequently companies make mistakes in deploying such
tools, things as simple as forgetting to delete decrypted
messages. And there's another, more subtle problem. Often, the more
technology corporations buy, the more they develop an aura of
invincibility, an aura the Kevin Mitnicks of the world love to pierce.
Pressure to join the Internet and the Web creates another dilemma.
The Web may be the future, but its general absence of security is
spinning us back into a hacker's Wild West. In the last few months,
Web sites for the Air Force, the Department of Justice and the CIA
have been hacked and plastered with graffiti. Topless pics of
"Friends" TV stars aren't the images the Justice Department wants to
portray to the public. Imagine the worst that might show up on your
company's window to the public.
It's tempting to think technology and the government's tough line on
hacking will rid our networks of crime. But consider what the CIA
recently told Congress: Hacker terrorists, warned the CIA's director,
could execute a strike against our telecommunication and information
infrastructure with the destructive force of a nuclear attack.
Remember Kevin Poulsen? He wrote a program that ran on Pacific Bell's
computers and tipped him off to nearly every FBI wiretap in the state
of California. He found mob taps, DEA taps and national security
taps. And he could wiretap whomever he wished. Just a kid with no
high school diploma, without a political agenda. Imagine what the
really scary criminals are doing.
Jonathan Littman is a free-lance writer in Mill Valley, Calif., who
writes and speaks about computer security. He is the author of "The
Fugitive Game" and the upcoming "The Watchman: The Twisted Life and
Crimes of Serial Hacker Kevin Poulsen."
----------------
So, I guess I am curious: What is Kevin Mitnick doing these days?
Lisa Minter