Kevin Mitnick was labelled a 'computer terrorist' after leading the FBI on a three-year manhunt for breaking into computer networks and stealing software at Sun, Novell and Motorola. He was also one of the first computer hackers to be prosecuted.
Known more for social-engineering his way into networks than hacking them, Mitnick frustrated law enforcement agencies by staying one step ahead. When he was finally arrested in 1995, Mitnick pleaded guilty to wire and computer fraud charges. He was released from prison in 2002.
His notoriety has helped him secure lucrative speaking engagements and launch a security consultancy, which involves him being paid for carrying out some of the actions that had landed him in jail.
ZDNet UK's sister site CNET News.com talked to Mitnick, now aged 45, about what got him interested in computers in the first place, the differences between hacking today and three decades ago, and whether it is wise to hire a former black-hat hacker to do security work.
Q: When did you start hacking?
A: When I was 16 or 17 years old, when I was in high school — 1979 time-frame, before it was even illegal.
How did you get into it?
I became very interested in phones. I was a ham operator, an amateur radio operator, for about three years and in high school I met this other student whose dad was a ham radio operator and this other student had a hobby of phone phreaking and he introduced me to it.
He was able to do amazing things with the telephone system. He was able to get unlisted numbers. If he had my number he could get the name and address. He could do all these magic tricks with the phone system. I also had an interest in telephony over ham radio.
He introduced me to phone phreaking, and when the phone companies started converting over to electronic systems from electromechanical systems they used front-end computers to control it. So the phone company was in the process of automating its processes. To further my phone phreaking, I needed to become familiar with the phone-system computers. So that was my foray into hacking.
So you went from phone phreaking into hacking?
Yes. The phone company had this computer system called Cosmo, which stood for Computer System for Mainframe Operations. My first hacking occurred as a student at Monroe High School in Sepulveda, California, in the San Fernando Valley. I met another student who was very heavily into computers and at this time it was the Commodore VIC-20.
They offered a computer training course for seniors but I wasn't a senior, so he introduced me to the professor. He wasn't going to let me into the class. So I did all these electronic tricks with the phone system and the teacher was amazed and he waived the prerequisites and let me into the class. I think he regrets that decision today.
What could you do with the phones then?
I think I demonstrated calling into computer systems. You could interact with them with your voice and control them by touch-tone. He gave me his name and the city he lived in and I was able to get his telephone number.
I was able to interface my ham radio with the telephone system and dial into computers and access them through the touch-tone pad. At that time it was pretty advanced because you didn't have voice response systems then as you do today.
What's the hacking activity you are most proud of?
Ethical or unethical [laughing]? You probably want to hear about when I was a hacker. I guess my intrusion into Motorola. I was able to call an employee at Motorola and convince her to send me the code for the MicroTAC Ultra Light cell phone.
Motorola had its whole campus protected by SecurID and I was able to use an elaborate social-engineering scheme by manipulating the telephone network and set up call-back numbers within Motorola's campus. So I convinced a manager in operations to tell one of the employees to read off his RSA SecurID code any time I needed it so I could access the network remotely.
That's how I was able to access the internal network and then I was able to use technical means to hack into the development servers for cell phones. I was able to find the source code to all the cell phones.
I was interested in the MicroTAC series because it looked like a Star Trek communicator. I wanted to understand how these phones worked, how the codes controlled the processor. I wasn't interested in selling the source code or doing anything with it. It was more about the challenge of getting it.
I had to breach four layers of security to get in. I'm not really proud of it because it was obviously wrong. I made a stupid and regrettable decision and decided to go after the source code.
When you say it was about the challenge of getting it, can you elaborate?
At the time I was a fugitive in Denver, Colorado, and one of my colleagues handed me a brochure of this phone and I thought it was ultra cool, like the iPhone...
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
Hey - presume you mean something that builds on Apple's existing TV device? Apple have already had a couple of runs at building Apple TV and it's...
5 hours ago by Andrew Donoghue on Google's TV timing may reveal more to come
Google, Sony, Intel may build TV project www.zdnet.co.uk/news/emerging-tech/2010/03/18/google-sony-intel-may-build-tv-project-40088359/
6 hours ago on Twitter by BVE2011
70,0000 to 90,0000 computers? A very small number considering some of these botnets are in the millions, and there are so many of them operating,...
7 hours ago by ator1940 on Microsoft says it decimated Waledac botnet I agree Roger, and why can't they write secure code? What will happen when they find stolen code in windows? They have a track record of...
7 hours ago by ator1940 on Microsoft lashing out at Linux, open source Do you think it will really take days?
7 hours ago by ator1940 on Microsoft previews Internet Explorer 9 with HTML 5 support
Wonder how many days it will take before somebody codes an exploitive hack for IE9?
19 hours ago by Xwindowsjunkie on Microsoft previews Internet Explorer 9 with HTML 5 support
There are some really good people in Microsoft and I wonder, how embarassing it must be for them to see how the organisation behaves from it's...
24 hours ago by roger andre on Microsoft lashing out at Linux, open source
Great new look for ZDNET UK web-site http://bit.ly/9R5eAA to check it out @ZDNetUK #zdnet
1 day ago on Twitter by ajclarke
Microsoft previews Internet Explorer 9 with HTML 5 support - zdnet.co.uk http://bit.ly/9FSh23
1 day ago on Twitter by feedfrog
We were just pondering on when IE will get HTML5 and CSS3 onboard! this is excellent
1 day ago by kencogold on Microsoft previews Internet Explorer 9 with HTML 5 support
RT @suziedaniels: relaunched www.zdnet.co.uk raises the bar yet again! its so fast it makes my eyes bleed.
1 day ago on Twitter by riptari This is brilliant - I borrowed one and straight away saw that a few AP`s were set up to the wrong country. It gives interference levels on each...
1 day ago by Bob Preece on Fluke Networks AirCheck Wi-Fi Tester
http://www.zdnet.co.uk/news/networking/2010/03/11/european-parliament-votes-down-acta-treaty-40085614/ (Where does this leave #Debill?)
1 day ago on Twitter by _SimonArnoldme
relaunched www.zdnet.co.uk raises the bar yet again! its so fast it makes my eyes bleed.
1 day ago on Twitter by suziedaniels
Redesign complet pour ZDNet UK et AU, Twitter au centre http://www.zdnet.co.uk/ http://www.zdnet.com.au/
1 day ago on Twitter by eparody
RT @eparody: Redesign complet pour ZDNet UK et AU, Twitter au centre http://www.zdnet.co.uk/ http://www.zdnet.com.au/
1 day ago on Twitter by cdutheil
Sharepoint 2010 in photo's http://www.zdnet.co.uk/reviews/communication-and-collaboration/2010/03/04/sharepoint-2010-screenshots-40070577/
1 day ago on Twitter by gerardv
Thanks for commenting and clearing that up, Richard. We look forward to seeing what the new clause, if it is not struck out due to protests and/or...
1 day ago by David Meyer on Rights holders vs digital rights activists - who wins?For multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
