Kevin Mitnick was labelled a 'computer terrorist' after leading the FBI on a three-year manhunt for breaking into computer networks and stealing software at Sun, Novell and Motorola. He was also one of the first computer hackers to be prosecuted.
Known more for social-engineering his way into networks than hacking them, Mitnick frustrated law enforcement agencies by staying one step ahead. When he was finally arrested in 1995, Mitnick pleaded guilty to wire and computer fraud charges. He was released from prison in 2002.
His notoriety has helped him secure lucrative speaking engagements and launch a security consultancy, which involves him being paid for carrying out some of the actions that had landed him in jail.
ZDNet UK's sister site CNET News.com talked to Mitnick, now aged 45, about what got him interested in computers in the first place, the differences between hacking today and three decades ago, and whether it is wise to hire a former black-hat hacker to do security work.
Q: When did you start hacking?
A: When I was 16 or 17 years old, when I was in high school — 1979 time-frame, before it was even illegal.
How did you get into it?
I became very interested in phones. I was a ham operator, an amateur radio operator, for about three years and in high school I met this other student whose dad was a ham radio operator and this other student had a hobby of phone phreaking and he introduced me to it.
He was able to do amazing things with the telephone system. He was able to get unlisted numbers. If he had my number he could get the name and address. He could do all these magic tricks with the phone system. I also had an interest in telephony over ham radio.
He introduced me to phone phreaking, and when the phone companies started converting over to electronic systems from electromechanical systems they used front-end computers to control it. So the phone company was in the process of automating its processes. To further my phone phreaking, I needed to become familiar with the phone-system computers. So that was my foray into hacking.
So you went from phone phreaking into hacking?
Yes. The phone company had this computer system called Cosmo, which stood for Computer System for Mainframe Operations. My first hacking occurred as a student at Monroe High School in Sepulveda, California, in the San Fernando Valley. I met another student who was very heavily into computers and at this time it was the Commodore VIC-20.
They offered a computer training course for seniors but I wasn't a senior, so he introduced me to the professor. He wasn't going to let me into the class. So I did all these electronic tricks with the phone system and the teacher was amazed and he waived the prerequisites and let me into the class. I think he regrets that decision today.
What could you do with the phones then?
I think I demonstrated calling into computer systems. You could interact with them with your voice and control them by touch-tone. He gave me his name and the city he lived in and I was able to get his telephone number.
I was able to interface my ham radio with the telephone system and dial into computers and access them through the touch-tone pad. At that time it was pretty advanced because you didn't have voice response systems then as you do today.
What's the hacking activity you are most proud of?
Ethical or unethical [laughing]? You probably want to hear about when I was a hacker. I guess my intrusion into Motorola. I was able to call an employee at Motorola and convince her to send me the code for the MicroTAC Ultra Light cell phone.
Motorola had its whole campus protected by SecurID and I was able to use an elaborate social-engineering scheme by manipulating the telephone network and set up call-back numbers within Motorola's campus. So I convinced a manager in operations to tell one of the employees to read off his RSA SecurID code any time I needed it so I could access the network remotely.
That's how I was able to access the internal network and then I was able to use technical means to hack into the development servers for cell phones. I was able to find the source code to all the cell phones.
I was interested in the MicroTAC series because it looked like a Star Trek communicator. I wanted to understand how these phones worked, how the codes controlled the processor. I wasn't interested in selling the source code or doing anything with it. It was more about the challenge of getting it.
I had to breach four layers of security to get in. I'm not really proud of it because it was obviously wrong. I made a stupid and regrettable decision and decided to go after the source code.
When you say it was about the challenge of getting it, can you elaborate?
At the time I was a fugitive in Denver, Colorado, and one of my colleagues handed me a brochure of this phone and I thought it was ultra cool, like the iPhone...
