“Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker,” by Kevin Mitnick with William L. Simon
Review of Kevin Mitnick's new book by the Washington Post
Sep 07, 2011
Washington Post
By Jeffrey Rosen
Sept 1, 2011
The revelation that reporters for Rupert Murdoch’s now-defunct tabloid the News of the World hacked into the phones and voicemail boxes of British politicians and members of the royal family, as well as the parents of a murder victim and the victims of the July 7 London bombings, has brought the practice of phone hacking into global disrepute. Now comes Kevin Mitnick, who describes himself as “The World’s Most Wanted Hacker” and wants a medal for engaging in some of the same conduct. Mitnick served over five years in prison in the 1990s after pleading guilty to a variety of computer crimes, including wire fraud (conning people into sending him Sun Microsystems’ source code) and the interception of data communications (installing network sniffers to grab passwords).
Although the Feds also found more than 20,000 credit card numbers on his computer, taken from Netcom’s customer database, Mitnick stresses that he never attempted to use any of them; nor did he sell the source code he intercepted and copied. Instead, he hacked for the thrill, not for the money. “Hacking was my entertainment,” he writes. “You could almost say it was a way of escaping to an alternate reality — like playing a video game.”
Mitnick began hacking young — he started by tricking phone company workers into giving him the unlisted numbers of celebrities — and then figured out how to divert calls so that people in Rhode Island dialing directory assistance were connected instead to him. He was first arrested for hacking into the phone company and stealing company manuals and passwords, and spent his 18th birthday in a California juvenile detention facility. After his release, he violated the conditions of his probation so repeatedly that a psychological counselor called his hacking an “addiction.”
Mitnick’s most significant efforts focused on Pacific Bell, where he found he could “trace lines, create new phone numbers, disconnect any phone number” and more. Mitnick says he “never made any use” of his “immense control and power over the phone system of much of the United States” but hacked merely for kicks. Later, he figured out how to make cellphone calls disguised as someone else (“I had achieved invisibility”) and talked employees into giving him the source codes for the hottest new cell phones manufactured by Motorola and other companies. He briefly listened in on the conversations of agents at the National Security Agency, taking pleasure in “wiretapping the world’s biggest wiretappers.”
After the California probation department issued a bench warrant for his arrest, based on his hacking into the voicemail of a Pacific Bell security agent, he went on the lam, constructing a new identity for himself by choosing the name Eric Weiss, the real name of Harry Houdini, and then stealing the identity of a real Eric Weiss who lived in Portland by procuring copies of a birth certificate that he then used to apply for a drivers license. Even when the Feds finally showed up at his apartment, he continued to deny his real identity. Eventually, he was busted in the most low-tech way: The Feds found a pay stub in an old ski jacket made out to his real name. (In a coincidence Mitnick doesn’t notice, the assistant U.S. attorney who prosecuted him, Kent Walker, went on to become general counsel of Google.)
All this is entertaining enough, if you like James Bond movies, but the most useful part of Mitnick’s book is his revelations about how easy it is to con security officials at high tech companies and government agencies into turning over highly sensitive information. Mitnick calls this “social engineering,” which he defines as “the casual or calculated manipulation of people to influence them to do things they would not ordinarily do.” But, really, he was just an enterprising con artist, impersonating a variety of company employees and police officers to persuade other employees to give him information for free. The technique worked, he says, because “people . . . are just too trusting.” By doing his homework and deploying simple tricks (people won’t turn over sensitive information when asked directly, but “if you pretend you already have the information and give them something that’s wrong, they’ll frequently correct you”), Mitnick shows that the greatest vulnerability in any security system is human credulousness.
Read more
Sep 07, 2011
Washington Post
By Jeffrey Rosen
Sept 1, 2011
The revelation that reporters for Rupert Murdoch’s now-defunct tabloid the News of the World hacked into the phones and voicemail boxes of British politicians and members of the royal family, as well as the parents of a murder victim and the victims of the July 7 London bombings, has brought the practice of phone hacking into global disrepute. Now comes Kevin Mitnick, who describes himself as “The World’s Most Wanted Hacker” and wants a medal for engaging in some of the same conduct. Mitnick served over five years in prison in the 1990s after pleading guilty to a variety of computer crimes, including wire fraud (conning people into sending him Sun Microsystems’ source code) and the interception of data communications (installing network sniffers to grab passwords).
Although the Feds also found more than 20,000 credit card numbers on his computer, taken from Netcom’s customer database, Mitnick stresses that he never attempted to use any of them; nor did he sell the source code he intercepted and copied. Instead, he hacked for the thrill, not for the money. “Hacking was my entertainment,” he writes. “You could almost say it was a way of escaping to an alternate reality — like playing a video game.”
Mitnick began hacking young — he started by tricking phone company workers into giving him the unlisted numbers of celebrities — and then figured out how to divert calls so that people in Rhode Island dialing directory assistance were connected instead to him. He was first arrested for hacking into the phone company and stealing company manuals and passwords, and spent his 18th birthday in a California juvenile detention facility. After his release, he violated the conditions of his probation so repeatedly that a psychological counselor called his hacking an “addiction.”
Mitnick’s most significant efforts focused on Pacific Bell, where he found he could “trace lines, create new phone numbers, disconnect any phone number” and more. Mitnick says he “never made any use” of his “immense control and power over the phone system of much of the United States” but hacked merely for kicks. Later, he figured out how to make cellphone calls disguised as someone else (“I had achieved invisibility”) and talked employees into giving him the source codes for the hottest new cell phones manufactured by Motorola and other companies. He briefly listened in on the conversations of agents at the National Security Agency, taking pleasure in “wiretapping the world’s biggest wiretappers.”
After the California probation department issued a bench warrant for his arrest, based on his hacking into the voicemail of a Pacific Bell security agent, he went on the lam, constructing a new identity for himself by choosing the name Eric Weiss, the real name of Harry Houdini, and then stealing the identity of a real Eric Weiss who lived in Portland by procuring copies of a birth certificate that he then used to apply for a drivers license. Even when the Feds finally showed up at his apartment, he continued to deny his real identity. Eventually, he was busted in the most low-tech way: The Feds found a pay stub in an old ski jacket made out to his real name. (In a coincidence Mitnick doesn’t notice, the assistant U.S. attorney who prosecuted him, Kent Walker, went on to become general counsel of Google.)
All this is entertaining enough, if you like James Bond movies, but the most useful part of Mitnick’s book is his revelations about how easy it is to con security officials at high tech companies and government agencies into turning over highly sensitive information. Mitnick calls this “social engineering,” which he defines as “the casual or calculated manipulation of people to influence them to do things they would not ordinarily do.” But, really, he was just an enterprising con artist, impersonating a variety of company employees and police officers to persuade other employees to give him information for free. The technique worked, he says, because “people . . . are just too trusting.” By doing his homework and deploying simple tricks (people won’t turn over sensitive information when asked directly, but “if you pretend you already have the information and give them something that’s wrong, they’ll frequently correct you”), Mitnick shows that the greatest vulnerability in any security system is human credulousness.
Read more