Uncharted Waters

Jul 22 2014   4:24PM GMT

Wait a minute. What did Kevin Mitnick actually do?

Matt Heusser Matt Heusser Profile: Matt Heusser

Tags:
security

Picture of Kevin MitnickHe was arrested twice for computer crimes and wire fraud. At the time of his second arrest, he was on probation from the first, caught by a large multi-agency dragnet including the FBI.

The actual term in the FBI press release was “manhunt”; he has been called The World’s Most Famous Hacker.

Let’s review a few interesting facts about Kevin Mitnick:

1) Kevin stole computer programs, including the source code to VAX/VMS and an early portable phone system – for his own personal use. He did not offer the source code of VMS to Microsoft; he didn’t cut and paste multi-threading code to be used in a different OS. He didn’t create his own operating system, or even use his extended knowledge of VMS to offer his support services for the OS.

2) Mitnick did not destroy any software or systems; he didn’t inject any viruses or trojan horses into existing systems, there was no denial of service involve.

3) Mitnick did not financially benefit from any of his computer hacking. He did not steal any bank account numbers. To pay for room and board, he had traditional jobs, even when he was on the run. The only financial crimes I could find involved stealing phone calls from mechanical (not computerized) telephone switches, and, in his youth, stealing bus fare from a paper-punch card system.

So he didn’t damage anyone else, he didn’t steal money from anyone, and he didn’t use the code he stole from to generate revenue that belonged to someone else.

What did Kevin Mitnick do, exactly?

Known as the “World’s Most Famous Hacker“, Kevin broke in the Ark, the computer system Digital Equipment Corporation (DEC)  at the age of 16, in 1979;  he then downloaded their software, the source code to the RSTS/E operating system.

Sort of.

In an interview with the register, Kevin claimed that some friends at school had the phone number for the ark, but the login required a userid and password. So Kevin called the Ark (it was in the phone book) and asked for the system manager, claiming to be Anton Chernoff, one of the lead developers, and that he forgot his userid and password. Then he showed the login to his “friends”, who downloaded the source code and called the police, indicating that Mitnick had stolen the code.

The first bit of insight here is that Mitnick wasn’t a technical hacker; he didn’t cause a buffer overflow or SQL injection or upload an image that was really javascript. Instead he pretended to be someone who should have access and politely asked for a password reset, something that today we might call social engineering.

It seems a little strange that his own “friends” were socially engineering Kevin; you might argue that the whole story is made up to deflect blame. Still, the geeky computer kid who just wants to make friends sound familiar.  Mitnick never caused any material harm to the companies he hacked – just embarrassment.

Second Conviction

After conviction for the DEC incident, Mitnick was sentenced to twelve months in prison followed by supervised release. During his supervised release, he hacked into Pacific Bell voice mail, but you never read exactly how he did that.

It turns out a federal informant gave him the login information, posing as a ‘friend’ who was ‘tipping him off’ that government agents were spying on him in order to get a second conviction.

It was true, but the second conviction appears to be that he hacked into pacific bell voice mail.

Wait, what?

In his second conviction, Mitnick got 68 months in prison, for violating the terms of his previous release, by “hacking into PacBell voicemail” and other systems and associating with known computer hackers.

The first conviction was four counts of wire fraud — listening to people on the phone he should not have been — two counts of computer fraud, and one count of illegally intercepting a wire communication.

In other words, he violated the privacy of technology companies. He made them feel … violated.

Which is exactly what the NSA does every day.

By the time of Mitnicks second conviction, real criminals were stealing actual money, credit cards, and identities, causing actual harm. It seems strange that so much attention was directed at Kevin Mitnick. Yes, Kevins first crime was a real crime; but was it the best use of scarce law enforcement resources? Was the press justified? These question lead to more questions than answers.

There’s a lot more story here than I can fit into a blog post, but I hope, at this point, you agree that something strange is going on, with words and definitions that are carefully chosen to give impressions without substance.

For more details on the Mitnick case, you can watch his Google Tech Talk or purchase the video documentary on Kevin, “Freedom Downtime” from 2600 magazine.

Or you might google it and find it for free on a popular site that allows you to have a virtual tube.

But, you know, that would be stealing.

9  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Mccarthy
    What a very interesting analysis! I didn't realize Kevin never stole, damaged, or interfered with anything... Hmmm: 'Justice for Kevin' anybody?
    30 pointsBadges:
    report
  • Matt Heusser
    thanks! I think technical he stole some phone calls, as did Woz and Steve Jobs ...
    3,445 pointsBadges:
    report
  • MaceAyres

    I thought Mitnik used a syc/ack overflow to break out of the connection handshake, sort of a buffer overflow, with bogus source IP so the sequential incompletred connect attempts backed up

    35 pointsBadges:
    report
  • iancarr
    Kevin's involvement, according to his own self, would be just for fun to accss the security system! Not true, as I remember him taking control of AT&T due to his theft of the very books that described the ATT Cosmos operating system-Data Base- for most of the Entire USA when ATT had the monopoly for phone service! harmless, give me a break. pranks, give me a break. look at his property in Miami Shores today ! He enjoys giving others he has known a ration of shit every time he wishes. Only several days ago, like Oct 1, or 2, 2016, Kevin was in Tallehassee Florida at the Planet Fitness Gym across from the Mcdonalds Resturant in Northwood District on N. Monroe St. After a conversation there, Kevin contacted the Tallahassee Police to claim I had a gun in my music keyboard bag! Harmless you say, he again tried to cause me harm by the cops whom investigated to find NO gun in the bag in McDonnalds, by the way, a favorite place of Kevins to mess with or to hack! Just ask him for a sample of one of his 'Superbills'. See if'n he will not! He has had a Ilglioti press for a lng while, but does not have the Treasury paper to use for that purpose! What are those bills called by Secret Service? #PB14443 or close? Do your own research please to on the up side of a carear criminal! your turn, for a D7 Cat kevin, Trust me Kevin, it is now my to bust you ass, and I will! John, aka iancarr@gmx.us, over.
    50 pointsBadges:
    report
  • iancarr
    replying to my own post: Dr. John Munson PhD., Cal -Tech, Pasadena Ca.
    Kevin was not born in 1964! He has even hacked his own birthday change so as to be placed in the Cal. Youth Athority School rather than the Cal Dept. of Corr. on his first trouble in cal.
    He was, I recall, born in 1957 or 58! So in the summer of 1962, when I personally caught him and twelve other phone phreaks all on the SAME TELEPHONE CABLE PAIR! This was at the old 213 area code, 660-0000 to 669-9999 the Normandy Pac. Tel. Central Office for Hollywood Cal. where he lived with his mom and his younger brother. His mom was a contract employee for the AT$T Pac. Bell to prepare the food for break time and for a lunch at noon. These kithens are loated in the basement of most of the old AT$T local exchanges, including the Clinton-Capitol CO and then ALL Others including the downtown LA Switch, the Switching center for All of the western USA and a data center for MOST OF THE COUNTRY!
    more on the next post, John, aka iancarr at gmx.us
    50 pointsBadges:
    report
  • iancarr
    Next post of iancarr, aka John Munson PhD.
    Maybe not 1957, but 1954? To verify his real date of birth, one would have to ask the LA County Record Center, now in Norwalk Cal. for a non Certifed copy of the Birth Certificates (TWO, one for his brother and one for him) plus a copy of the PAGES of the real dates upon those birth certificates to pin the question down with more jitter!
    Some of the busywork of his moms access to ANY CO kitchen in ANY local CO, whether fill in for a vacationing close CO or the LA Switch, a four digit number had to be entered on a keypad near the door! What door codes Kevin did not see himself, he used the bus transfers to travel to other CO's to gain, a a boy, all door codes even the LA Switch's door code number! Once inside, dressed up like an adult, access to all floors and ALL offices and ALL Computer Main Frames there were "FREE OF CHARGE" to him and to his friends AT ANY TIME they wanted! (I.E. Including the 'Test Board' which was not manned at a 24 hour shift, as breaks for break and for lunches day afternoon and eving shifts etc..) called outside for a minute. be back. John.

    50 pointsBadges:
    report
  • Matt Heusser
    Thanks for the context, John. You've certainly added some salt to the story.
    3,445 pointsBadges:
    report
  • iancarr
    Latest post of john munsonmphd. it appears that kevin is still manufacturing counterfeit bills. the Secret Service has issued a number of just one of the "family' as #PB14443. PB stands for parent bill and the number is a designation number to the first "family of these Super Bills, they are 100 USD Bills with The large Picture of Ben Franklin. my spelling is AFU as a Music Savant, EH? however he is no longer a single plate, now the medical profession has created a new vehicle to print with, the medical forms that qa doctor will use toi pin point an insurance number for billing, etc lotsa trouble in Miami Shores, eh Kevin? It appears that someone got real tired of kevin's harassment and rent3ed a new Cat D7 Dozier and it will be, according to rumor, left where kevin's front room used to be! Oh so sad, a briloliqantkid sucked into the wrong side of everything good.! Kevin, there are 557 of us watching you plus the Secret Service. Have some fun with your remaining Free Time to waste messing with 'us'! in the funny papers, John Munson 1700 n Monroe St, Suite 11 Tallehassee Florida 32303.
    50 pointsBadges:
    report
  • iancarr
    There once was a very7 personable rock singer, her name was Janis Joplin. She died due to the dark side of singing. her song which relate to kevin could be "Bye bye bye Baby bye bye. Here is where we must insert the name 'kevin, Bye ..................................... So long for another day or so!
    50 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: