Hacker for the Hell of It: The Adventures of Kevin Mitnick
At the time of his arrest by the FBI in 1995, Kevin Mitnick was the most wanted hacker in America. The press (misleadingly) likened him to Darth Vader. It was widely believed that he could start a nuclear war simply by whistling into a telephone. His crime? Compromising computer systems, telephone networks, and databases across the nation, as well as eluding the FBI for two years under false identities – mainly for the fun of it.
That's right. In spite of having easy access to credit cards, social security numbers, and proprietary software, Mitnick never spent a dime of other people's money. Never stole any living person’s identity. Never pirated a line of code. His motive – his addiction – was curiosity. And it got him into a LOT of trouble. Mitnick got an early start. By the age of 12, he was adept at "social engineering," which is to human beings as hacking is to computers. You find their vulnerabilities – trust, mainly – and exploit them.The pre-teen Mitnick was precociously articulate and relaxed around adults. He social-engineered a Los Angeles area bus driver, telling him he needed a special hole punch for a school project. The driver helpfully directed him to the public transportation supply store, where he could buy the kind of punch the driver used for transfer passes. 15 bucks from his mom for the punch, a little dumpster-diving at the bus depot for unused transfers, and Mitnick was able to ride the LA bus system anytime, for free.In the years that followed, Kevin applied his social engineering skills to "phone phreaking" - the telephonic predecessor to computer hacking. By doing careful research, learning insider jargon, and impersonating phone company personnel, he was able to get codes and top-secret phone numbers that enabled him to tap phone lines, access unlisted phone numbers, and make free long distance calls. He got employees to place and disable wiretaps. At some point he had control of the entire Pacific Bell network.
Kevin Mitnick: One of the things I did to build a person’s perception over the phone that I was a legit telco employee is they had advertisements for Pacific Telephone when you would be on hold. I recorded these advertisements and I created a looped tape. So, whenever I would call the internal phone company office I would find a reason, “oh, I have another call, let me put you on hold.” I’d let them hear their own advertisements, right, so subliminally that built trust and credibility that I was one of the in group. Once you’re part of the “in group” then you get cooperation. You get compliance.
In 1993, realizing he was being investigated for alleged break-ins at Pacific Bell, Kevin began wiretapping the agents on his case. He set up an early warning system that alerted him to impending raids. When they arrived at his evidence-free apartment, agents found that Kevin had thoughtfully left them a box of labeled “FBI Donuts.”
But the case against Kevin was strong. It was time to get the hell out of Dodge. Using identity-changing skills he had acquired reading underground spy manuals as a high school kid, he relocated to Colorado under a new name. Two years and several states (and identities) later, the FBI finally caught up with him, and Kevin spent five years in prison. A popular movement, endorsed by Kevin’s friend Steve Wozniak (the co-founder of Apple Computers, who, along with Steve Jobs, was also into phone-phreaking as a lad), distributed “Free Kevin” bumperstickers across the country.
Today Kevin continues his hacking adventures legally, as a computer security expert. He has a very cool business card, which is a snap-out, stainless steel lock pick set. He is also the author of Ghost in the Wires, a book about his exploits.
Kevin Mitnick: When the FBI, US Marshall Service and Secret Service were chasing me, it was an adventure. It was this huge cat and mouse game and I never wanted to treat it like I had to be afraid, looking over my shoulder, because that’s not the life I wanted to live. So basically I was very meticulous and I had a strategy where I would get legitimate government issued identification and then I’d go get jobs.
I had a job working in one of the top law firms in Denver, Colorado for over a year. I worked at a hospital in Seattle. So I felt very comfortable that I would not be detected and I was so into creating my cover that when I would walk into supermarkets for example and someone would say “Hey, Kevin!” I wouldn’t even turn around. I would consciously hear it, but I had trained myself that if someone called my real name I would not turn around.
Why did I choose the identity of Eric Weiss? Because that is the name of my idol, my favorite magician in the whole world, Harry Houdini, so I thought I would have a sense of humor by creating a new identity in the name of Eric Weiss.
Much later I learned that the FBI had no sense of humor, but that’s another story.