RealTime IT News

An Hour with Kevin Mitnick

I had the pleasure of spending an hour with Kevin Mitnick at the Infosec World Conference in Orlando, Florida last week. Kevin Mitnick, in case you don't already recognize the name, is the "super-hacker" of the 80's who was finally captured by the FBI in 1995 after being on the run for two years.

Having already spent four years in federal prison without a trial, without bail and for eight months in 23-hour-a-day solitary confinement, Kevin reached a plea agreement with the government. He was released from custody into supervised release in early 2000. In January 2003, Kevin was freed from those restrictions.

Giving testimony before Congress, Kevin once said, "I have gained unauthorized access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed. I have used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and inner workings."

In person, Kevin is completely forthright about the nature of his wrongdoings, but stresses in his own defense that he never used anything he obtained to gain monetary advantage. "All of this activity was to satisfy my curiosity; to see what I could do; and to find out secret information about operating systems, cell phones, and anything else that stirred my curiosity."

Kevin Mitnick is now a security consultant to corporations worldwide and co-founder of Defensive Thinking, a Los Angeles-based consulting firm. He has testified before the Senate Committee on Governmental Affairs on the need for legislation to ensure the security of the government's information systems. His articles have appeared in major news magazines and trade journals, and he has appeared on Good Morning America, 60 Minutes, CNN's Burden of Proof and Headline News. Kevin has also been a keynote speaker at numerous industry events and has hosted a weekly radio show on KFI-AM 640 Los Angeles.

He is also an author. In his book, "The Art of Deception" (co-authored with William Simon, Wiley Publishing) Kevin delves into "Social Engineering" — essentially con-man tactics used to get employees to divulge fragments of corporate information which, when assembled correctly, provide the basis for an intrusion attack.

The book highlights vulnerabilities in human nature that are easily exploited by the "social engineer", and suggests a variety of methods for reduction of the associated risks in the enterprise. His company, Defensive Thinking, also produces training videos that are both entertaining and eye opening.

In person, Kevin is a charming and very likeable man, and it is clear how he was able to use this type of skill so successfully! Here are some extracts from our conversation.

So what is your message today?

Kevin Mitnick: My message today is primary the same... I usually go around speaking on the threat of the human element, particularly on social engineering. I go around speaking on wireless security. I'm writing a new book,

I have a company where we do vulnerability assessments and pen[etration] testing and I'm an expert witness. I'm an expert witness in a case that's in appeal about a guy who allegedly misappropriated source code from a major, major company — he actually worked there and then apparently they found it on his laptop later.

So the guy that did the forensics for the State of California really botched up the job, so I'm called in as an expert on the "Habeas" petition, which is a 2255. And I'm an expert witness on another major hacking case. The defendant actually recently pled, but I'm looking for another person that can help on loss evaluation. That's what I'm doing, pretty much, today.

Page 2: Hiring Hackers and Mitnick's Motivation