Ask Kevin Mitnick

Okay, Kevin Mitnick is getting back online and can start taking email tomorrow, January 21. We've spoken with Kevin by phone, and he agrees that a Slashdot interview is a fine way to help celebrate his return to the Internet, especially since he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.) One question per post, please. We'll email Kevin 10 of the highest-moderated questions, and post his answers shortly after he gets them to us.

Re:How about....

[Rushmore]

He'll be accessing the Internet for the first time in 8 years live on the screensavers on techtv tomorrow.

Re:Life Without the Internet

[Ninja Programmer]

He answered the question on the radio show Off The Hook [2600.com] (see the 10/16/02 show.)

Although he cannot use the internet himself, he is allowed to observe other people who are using it, and talk about the webpage as they view it. Technically he has not been allowed to direct the persone browsing the web, but they sort of work around that via a series of "yes-no" questions.

My rights to my intellectual property

[Theovon]

If memory serves, one of the things you got into trouble for was that you broke into computer systems owned by certain big corporations and downloaded proprietary code and/or documents. I've heard your justification for this which is that since you didn't remove anything from their systems, and you didn't sell it for profit, then you didn't really harm them.

An analogous situation would be where you had a Xerox machine and your own paper in a backback, and you entered into the file rooms of a company where you copied files, and then put them back where you got them. You didn't actually remove anything, and you didn't sell the documents, but you have copies of something that they didn't want you to have.

In that case, it would be considered breaking an entering and/or espionage, and few people would question that you did something unethical.

I am an advocate of open source software and disclosure of scientific information which may enhance innovation. But my personal view is that there are certain bits of information about myself that I don't want other people to have. My salary is one such thing. There are open-source software projects I work on in secret before I consider them releasable, which I work on in secret, and I would not appreciate them being released prematurely. The basic idea is that people have personal information and personal inventions which they own and which they have the right to control completely.

This also applies to a corporation. If IBM pays money to engineers to develop an application, then they own it, and they have the right to control it 100%. That also means they have the right to prevent others from looking at it, even if some of those lookers wouldn't do anything harmful with it.

In addition, there's this basic idea of being nice and respecting people's rights. I can peek into my neighbors' house and watch them having sex without them knowing it, but out of respect for their wish to not be observed when doing that, I don't try to look.

Given these two intimately related ideas that people own their inventions that they should have complete control over, and that they have the right to not disclose them, regardless of whether or not you intend to use it for anything, how do you justify hacking into computer systems which do not belong to you and making copies of information which the owners do not wish you to have?

How is not not harm when you violate someone's personal privacy, even that of a corporation?

Re:Skill sets?

[Kevin Stevens]

IIRC, mitnick did not program. His skill was entirely in social engineering, and phone technology (which I presume meant he had a good amount of electronics knowledge). Buffer overflows and computer exploits as we know them today were not his thing. While he may have understood how OS's like Unix work, on a very detailed level, he did not code in C/C++.

Re:Prison Life

[Anonymous Coward]

I've been to prison. I can tell you that Hollywood is way off the mark.

It is mostly just massive amounts of boredom and repitition with idiots yelling and making noise all the time. It is never quiet.

As long as you don't call attention to yourself, as long as you don't act like a dumbass, as long as you stay away from gangs and drugs, people will usually leave you alone.

In my six months in the arizona penal system I never saw or even heard rumours of anyone being raped, although homosexuality was somewhat common.

I did see lots of fights but they were mostly among gang members.

Re:No Offense meant, but..

[Anonymous Coward]

"...and did not distribute

I suppose this makes what he did right?
Although what the feds did to him was a complete violation of his constitutional rights(which I believe he should have been set free on that basis alone), it doesn't change the fact that he DID break the law.

"You're the type of person who would ask Skylarov why he chose to come to the U.S. to speak at a technology conference."

Ahhh, but Sklyarov wasn't breaking any laws from his viewpoint, since the DMCA doesn't apply in Russia. Hell, he may have never even heard about it until he was arrested. However, Kevin was breaking the law and he knew it. He knew exactly what he was doing when he used social engineering to gain important password codes, and he knew what he was doing when he accessed and downloaded software from corporate systems.

Sklyarov was writing software for his company. Kevin was stealing it. Don't compare the two.

Re:Who exactly says he "trashed"?

[Jim Buzbee]

I actually took the time to read history.html, seems it wasn't that bad afterall. Especially since he did it "by accident".

If my recollection is correct after all these years, I think he did stupid stuff like "echo 'password entry' > /etc/passwd" instead of using ">>" to add an account. So he ended up trashing the password file, taking the system down until someone could restore the backup from tape. In addition, I think there were a number of other vandal type attacks that were thought to be from him, but could not be confirmed. The general consensus at the time was that he was just an classic "script kiddie". Anyone could get a free account to do whatever they wanted, but it wasn't enough for him. He had to take down a community resource just to prove he could.