Jump to content

Recommended Posts

Posted

mitnick.gif

 

Who is Kevin Mitnick? The picture that emerged after his arrest in Raleigh, N.C. last February was of a 31-year old computer programmer, who had been given a number of chances to get his life together but each time was seduced back to the dark side of the computer world. Kevin David Mitnick reached adolescence in suburban Los Angeles in the late 1970s, the same time the personal computer industry was exploding beyond its hobbyist roots. His parents were divorced, and in a lower-middle-class environment that lacked adventure and in which he was largely a loner and an underachiever, he was seduced by the power he could gain over the telephone network. The underground culture of phone phreaks had already flourished for more than a decade, but it was now in the middle of a transition from the analog to the digital world. Using a personal computer and modem it became possible to commandeer a phone company's digital central office switch by dialing in remotely, and Kevin became adept at doing so. Mastery of a local telephone company switch offered more than just free calls: It opened a window into the lives of other people to eavesdrop on the rich and powerful, or on his own enemies.

Mitnick soon fell in with an informal phone phreak gang that met irregularly in a pizza parlor in Hollywood. Much of what they did fell into the category of pranks, like taking over directory assistance and answering operator calls by saying, "Yes, that number is eight-seven-five-zero and a half. Do you know how to dial the half, ma'am?" or changing the class of service on someone's home phone to payphone status, so that whenever they picked up the receiver a recorded voice asked them to deposit twenty cents. But the group seemed to have a mean streak as well. One of its members destroyed files of a San Francisco-based computer time-sharing company, a crime that went unsolved for more than a year -- until a break-in at a Los Angeles telephone company switching center led police to the gang.

The case was actually solved when a jilted girlfriend of one of the gang went to the police...

That break-in occurred over Memorial Day weekend in 1981, when Kevin and two friends decided to physically enter Pacific Bell's COSMOS phone center in downtown Los Angeles. COSMOS, or Computer System for Mainframe Operations, was a database used by many of the nation's phone companies for controlling the phone system's basic recordkeeping functions. The group talked their way past a security guard and ultimately found the room where the COSMOS system was located. Once inside they took lists of computer passwords, including the combinations to the door locks at nine Pacific Bell central offices and a series of operating manuals for the COSMOS system.. To facilitate later social engineering they planted their pseudonyms and phone numbers in a rolodex sitting on one of the desks in the room. With a flourish one of the fake names they used was "John Draper," who was an actual computer programmer also known as the legendary phone phreak, Captain Crunch, the phone numbers were actually misrouted numbers that would ring at a coffee shop pay phone in Van Nuys.

The crime was far from perfect, however. A telephone company manager soon discovered the phony numbers and reported them to the local police, who started an investigation. The case was actually solved when a jilted girlfriend of one of the gang went to the police, and Kevin and his friends were soon arrested. The group was charged with destroying data over a computer network and with stealing operator's manuals from the telephone company. Kevin, 17 years old at the time, was relatively lucky, and was sentenced to spend only three months in the Los Angeles Juvenile Detention Center, followed by a year's probation.

A run-in with the police might have persuaded most bright kids to explore the many legal ways to have computer adventures, but Mitnick appeared to be obsessed by some twisted vision. Rather than developing his computer skills in creative and productive ways, he seemed interested only in learning enough short-cuts for computer break-ins and dirty tricks to continue to play out a fantasy that led to collision after collision with the police throughout the 1980s. He obviously loved the attention and the mystique his growing notoriety was bringing. Early on, after seeing the 1975 Robert Redford movie Three Days of the Condor, he had adopted Condor as his nom de guerre. In the film Redford plays the role of a hunted CIA researcher who uses his experience as an Army signal corpsman to manipulate the phone system and avoid capture. Mitnick seemed to view himself as the same kind of daring man on the run from the law.

After he was released, he obtained the license plate "X HACKER" for his Nissan...

His next arrest was in 1983 by campus police at the University of Southern California, where he had gotten into minor trouble a few years earlier, when he was caught using a university computer to gain illegal access to the ARPAnet. This time he was discovered sitting at a computer in a campus terminal room, breaking into a Pentagon computer over the ARPAnet, and was sentenced to six months at the California Youth Authority's Karl Holton Training School, a juvenile prison in Stockton, California. After he was released, he obtained the license plate "X HACKER" for his Nissan, but he was still very much in the computer break-in business. Several years later he went underground for more than a year after being accused of tampering with a TRW credit reference computer; an arrest warrant was issued, but it later vanished from police records without explanation.

By 1987, Mitnick seemed to be making an effort to pull his life together, and he began living with a woman who was taking a computer class with him at a local vocational school. After a while, however, his obsession drew him back, and this time his use of illegal telephone credit card numbers led police investigators to the apartment he was sharing with his girlfriend in Thousand Oaks, California. He was convicted of stealing software from the Santa Cruz Operation, a California software company, and in December 1987, he was sentenced to 36 months probation. That brush with the police, and the resultant wrist slap, seemed only increase his sense of omnipotence.

In 1987 and 1988, Kevin and a friend, Lenny DiCicco, fought a pitched electronic battle against scientists at Digital Equipment's Palo Alto research laboratory. Mitnick had become obsessed with obtaining a copy of Digital's VMS minicomputer operating system, and was trying to do so by gaining entry to the company's corporate computer network, known as Easynet. The computers at Digital's Palo Alto laboratory looked easiest, so every night with remarkable persistence Mitnick and DiCicco would launch their modem attacks from a small Calabasas, California company where DiCicco had a computer support job. Although Reid discovered the attacks almost immediately, he didn't know where they were coming from, nor did the local police or FBI, because Mitnick was manipulating the telephone network's switches to disguise the source of the modem calls.

...he agreed to one year in prison and six months in a counseling program for his computer "addiction."

The FBI can easily serve warrants and get trap-and-trace information from telephone companies, but few of its agents know how to interpret the data they provide. If the bad guy is actually holed up at the address that corresponds to the telephone number, they're set. But if the criminal has electronically broken into to the telephone company's local switch and scrambled the routing tables, they're clueless. Kevin had easily frustrated their best attempts at tracking him through the telephone network using wiretaps and traces. He would routinely use two computer terminals each night -- one for his forays into Digital's computers, the other as a lookout that scanned the telephone company computers to see if his trackers were getting close. At one point, a team of law enforcement and telephone security agents thought they had tracked him down, only to find that Mitnick had diverted the telephone lines so as to lead his pursuers not to his hideout in Calabasas, but to an apartment in Malibu. Mitnick, it seemed, was a tough accomplice, for even as they had been working together he had been harassing DiCicco by making fake calls to DiCicco's employer, claiming to be a Government agent and saying that DiCicco was in trouble with the Internal Revenue Service. The frustrated DiCicco confessed to his boss, who notified DEC and the FBI, and Mitnick soon wound up in federal court in Los Angeles. Although DEC claimed that he had stolen software worth several million dollars, and had cost DEC almost $200,000 in time spent trying to keep him out of their computers, Kevin pleaded guilty to one count of computer fraud and one count of possessing illegal long-distance access codes.

It was the fifth time that Mitnick had been apprehended for a computer crime, and the case attracted nationwide attention because, in an unusual plea bargain, he agreed to one year in prison and six months in a counseling program for his computer "addiction." It was a strange defense tactic, but a federal judge, after initially balking, bought the idea that there was some sort of psychological parallel between the obsession Mitnick had for breaking in to computer systems and an addict's craving for drugs. After he finished his jail time and his halfway-house counseling sentence for the 1989 Digital Equipment conviction Mitnick moved to Las Vegas and took a low-level computer programming position for a mailing list company. His mother had moved there, as had a woman who called herself Susan Thunder who had been part of Mitnick's phone phreak gang in the early 1980s, and with whom he now became reacquainted. It was during this period that he tried to "social engineer" me over the phone. In early 1992 Mitnick moved back to the San Fernando Valley area after his half-brother died of an apparent heroin overdose. He briefly worked for his father in construction, but then took a job he found through a friend of his father's at the Tel Tec Detective Agency . Soon after he began, someone was discovered illegally using a commercial database system on the agency's behalf, and Kevin was once again the subject of an FBI investigation. In September the Bureau searched his apartment, as well as the home and workplace of another member of the original phone phreak gang. Two months later a federal judge issued a warrant for Mitnick's arrest for having violated the terms of his 1989 probation. There were two charges: illegally accessing a phone company computer, and associating with one of the people with whom he'd originally been arrested in 1981. His friends claimed Mitnick had been set up by the detective firm; whatever the truth, when the FBI came to arrest him, Kevin Mitnick had vanished.

His escape, subsequently reported in the Southern California newspapers, made the authorities look like bumblers who were no match for a brilliant and elusive cyberthief.

In late 1992 someone called the California Department of Motor Vehicles office in Sacramento, and using a valid law enforcement requester code, attempted to have driver's license photographs of a police informer faxed to a number in Studio City, near Los Angeles. Smelling fraud, D.M.V. security officers checked the number and discovered that it was assigned to a Kinko's copy shop, which they staked out before faxing the photographs. But somehow the spotters didn't see their quarry until he was going out the door of the copy shop. They started after him, but he outran them across the parking lot and disappeared around the corner, dropping the documents as he fled. The agents later determined that they were covered with Kevin Mitnick's fingerprints. His escape, subsequently reported in the Southern California newspapers, made the authorities look like bumblers who were no match for a brilliant and elusive cyberthief.

 

 

http://www.takedown.com/bio/mitnick.html

  • Administrators
Posted

Very interesting article Henry.

I remember reading about him a while ago. Thanks for the post :)

  • 4 weeks later...
Posted

I used to be absolutely obsessed with Kevin Mitnick when I was younger (yeah, I know - predictable). I was one of those tacky cybergeeks that always had some type of "Free Kevin/Free Mitnick" sticker on my backpack or a binder. His story is unique and rather interesting. There's actually a film out there that's called "Takedown" that illustrates Kevin Mitnick's capture and some of his well-known social engineering. It's a pretty good watch, if you're really all that interested in his story (and willing to sit through Ulrich portraying Mitnick). It's quite nice to have it 'resurface' after so many years. Obviously, as with all renown hackers (past and present), Mitnick is a security professional now. He's also been interviewed a handful (two or three?) times on Slashdot [a geeky technology website] - his last time having been about a year ago now (I think?).

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...