Kevin Mitnick: Hacker With Chutzpah
At age 12, Mitnick used social engineering to bypass the punchcard system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information, including user names and passwords and modem phone numbers.
Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DIC's computer network and copied DEC's software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail. Mitnick was apprehended in February 1995 in Raleigh, North Carolina. He was found with cloned cellular phones, more than 100 clone cellular phone codes, and multiple pieces of false identification.
After a well-publicized pursuit, the FBI arrested Mitnick on February 15, 1995, at his apartment in Raleigh, North Carolina, on federal offenses related to a 2½-year period of computer hacking.
Mitnick served five years in prison — four and a half years pre-trial and eight months in solitary confinement — because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone". He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet. Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years. Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy.
Kevin Mitnick: I was about, you know, 17 years-old and I was in Hollywood at the time with another phone phreaker friend, and we decided we’re going to go take a self tour of the Sunset Gower Central Office. We wanted to look at the switching equipment, maybe we can come across some passwords or dial-up numbers to gain access to the system from the outside. So we actually acquired the door code to get into this building, and we’re like, it’s a nine-story building. . . . So we’re walking through. We’re looking at the cool equipment. We weren’t going to steal anything. We weren’t going to take any equipment out of there. We just wanted to see how everything worked.
And about 20 minutes into our self-guided tour this big security guard was there, and he goes “Hello!” And we look over, “Yes?” “Who are you?” “Well my name is Steve. I’m from the Cosmos Center in San Diego. I'm showing my friend the Central Office. He’s never seen it.” “At 2:30 in the morning?” “Well, you know, we were in Hollywood seeing a movie and I figured after the movie I could show it to him . . . and that it was just the timing of everything.” He goes, “Let me see your ID.” “Hold on. Yeah, no problem sir.” I'm reaching into my pocket. I reach into the other pocket. I go, “I must have left it in my car. I'll go get it. I'll be right back.” He goes, “No, you’re both coming with me.”
So he escorts us up to the ninth floor security and he goes, “I just caught these guys in the building and this guy claims he works with the Cosmos Center in San Diego.” I said, “Yes, I do.” “I work in the Cosmos Center in San Diego.” And I go through the whole story again, and I already knew the supervisor of that center. I just knew it from my phone phreaking experience, and they said, “Well we’re going to go ahead and call your supervisor to verify that you’re legitimate.” I go, “No problem. Go ahead. You can call Sally whatever.” So they actually had an inner company directory, a paper book. They looked up her home number . . . and I'm saying, “Listen guys. It’s 2:30 in the morning. You’re going to wake my boss. She’s going to be really pissed.” And, “No, we’re going to verify who you are.”
So they called the supervisor, woke her up and they go, “Yeah, we have your employee Steve here in the Hollywood Gower Office. We caught him in the building with some other guy and we just wanted to make sure he is with you.” And then I said to the guy, I go, “Why don’t you let me talk to her?” So they hand the phone to me, and I press the phone really tight to my ear so they can’t hear. I go, “Hey Sally, it’s Steve. How are you doing? Yeah, I'm sorry they woke you up.” As I'm talking to her calmly and nicely she’s going, “Who is this? Who are you? Who are you?” “Yeah, well I'm really sorry this happened. Are we still on for lunch on Tuesday? Oh, we are? Well, I do have that report almost done. It will be on Thursday.” And she’s going, “Who are you? Who is this? Who is this?” And I'm holding the phone really tight to my ear so they can’t hear what she is saying, and then I said, “Okay, well I'm sorry about the interruption. Go back to sleep. See you on Tuesday.” And then I go, “Satisfied?” and I hang up the phone. And then there . . . there’s a lot—you could see the uncomfortable silence of I didn’t hand the phone back. But I said, “Are you satisfied?” And he goes, “Okay.” I said, “We’re going to be only about 15 more minutes. We’ll be out of the building. We’re sorry we caused this problem.”
We didn’t decide to stay 15 more minutes. We went immediately to the lobby and ran out, and then we sat in my car about a block away just to look at the front door for awhile. And like 20 minutes later that same guard came out. He is looking in both directions. So it was a way I was able to use social engineering to get myself out of a bad predicament.
Directed by Jonathan Fowler
Produced by Elizabeth Rodd
In this clip from our recent interview, Kevin recalls an incident back in 1981 when he was seventeen: He and a phone-phreaker buddy decide to sneak into Pacific Telephone’s central office in Hollywood. They social-engineer the key code and stroll in nonchalantly. Almost immediately, a security guard catches them. Typically this kind of story ends with a weeping phone call to mom. But Kevin Mitnick was not your typical seventeen-year-old . . .
- The meaning of the word 'confidence' seems obvious. But it's not the same as self-esteem.
- Confidence isn't just a feeling on your inside. It comes from taking action in the world.
- Join Big Think Edge today and learn how to achieve more confidence when and where it really matters.
The controversial herbicide is everywhere, apparently.
- U.S. PIRG tested 20 beers and wines, including organics, and found Roundup's active ingredient in almost all of them.
- A jury on August 2018 awarded a non-Hodgkin's lymphoma victim $289 million in Roundup damages.
- Bayer/Monsanto says Roundup is totally safe. Others disagree.
- There are 2 different approaches to governing free speech on college campuses.
- One is a morality/order approach. The other is a bottom-up approach.
- Emily Chamlee-Wright says there are many benefits to having no one central authority on what is appropriate speech.
SMARTER FASTER trademarks owned by The Big Think, Inc. All rights reserved.