[ISN] Legendary hacker Mitnick turns legit

InfoSec News isn at c4i.org
Fri Feb 24 01:52:20 EST 2006


Feb. 24, 2006 

As he kneeled down and fumbled around in one of his two computer bags
in search of extra business cards, Kevin Mitnick looked like your
typical scatter-minded computer geek.

Once found, however, his silver-coated card, designed to appear like a
miniature kit of lock-breaking tools, embossed with the name of his
company - Mitnick Security Consulting - told a different story: that
of a formerly notorious computer hacker turned expert on preventing

"I just thought it would be kinda cool," he said, handing the card out
Thursday at a conference on Internet security organized by the Israeli
branch of IDC, a company specializing in global research and

He weaved together anecdotes from his hacking days with an analysis of
what he calls "social engineering," which essentially means conning
people to get them to reveal passwords and other sensitive
computer-related information.

Mitnick, as he recounted during his lecture, began hacking as a
teenager in California, tapping into various telephone networks before
moving on to the kinds of corporate network break-ins that earned him
five years in a federal prison.

"Last night," he said at the beginning of his talk in his typically
wry, dead-pan manner, "I had dinner with the CTO of a security
company, and invited a friend to come along." When he asked his friend
later that evening if he had told their dinner partner where they had
met, the friend told Mitnick he had described them as "neighbors."

"That was partially true," Mitnick told the audience. "He was my
neighbor in federal detention."

Following his release in 2000, Mitnick - who is now in his early
forties - transformed himself from one of the world's most famous
hackers to one of its most sought-after on-line security consultants.

When he was released, Mitnick wasn't even allowed to use a computer.

Currently, he is completing his biography, which will be released in
2007 - the year the restriction placed on him by the US government,
which has banned him from profiting from his own story, expires.

In addition to writing and lecturing world-wide about on-line
security, these days Mitnick is hired by companies to break into their
computer networks, reveal their security system weaknesses, and teach
them how to better protect themselves. So far, he said, he has never
failed to break into any system whose security he was hired to assess.

"Social engineering," Mitnick explained during the first lecture he
has ever given in Israel, "is a form of hacking that relies on
influencing, deceiving, or psychologically manipulating unwitting
people to comply with a request. I run into a lot of companies where
you have the best technology money can buy - but all a hacker needs to
do is target one person who has no idea what information they are
giving out, and all the money spent on technology is useless."

"I used to get in a lot of trouble and which I now get paid for,"  
Mitnick said at the end of his lecture. "I regret having done it, but
I did it for the challenge and out of intellectual curiosity, and now
I am happy to benefit." Then he turned to his many admirers among the
Israeli computer specialists who attended his lecture, and wrote his
name on a detached phone receiver one man handed him - the
high-profile ex-hacker's version of signing a baseball.

Copyright 1995-2006 The Jerusalem Post

More information about the ISN mailing list