Ask Kevin Mitnick 839
Okay, Kevin Mitnick is getting back online and can start taking email tomorrow, January 21. We've spoken with Kevin by phone, and he agrees that a Slashdot interview is a fine way to help celebrate his return to the Internet, especially since he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.) One question per post, please. We'll email Kevin 10 of the highest-moderated questions, and post his answers shortly after he gets them to us.
No Offense meant, but.. (Score:5, Insightful)
he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.)
Knowing all this as the result of your choice, would you choose this path again? If so, why?
Was Your Penalty Fair and Will It Deter? (Score:5, Insightful)
How do you see yourself? (Score:5, Insightful)
In what light and or combination of these types do you see yourself now, is that different from how you were 20 years ago, and do you see yourself as a champion of these things in the future or do you intend to just mix back into society and get a "normal" life back (after your book of course)?
For better or worse... (Score:5, Insightful)
Hacker Icon (Score:3, Insightful)
Why are we helping him build his business? (Score:3, Insightful)
When I was 13 I thought that cracking into systems was "kool." Now that I am an adult, I see that once a system has been compromised - even if it's just so that a smart kid can look around - it costs a fortune to be sure that a) the holes are closed, and b) the kid didn't do any damage.
He broke the law. Should we help him "make up for lost time" by helping him profit on his life experiences? I don't think so.
Let me give an example. Let's say that I am pro legalization of prostitution. (I'm not)
Before the legislators became "enlightened" on this issue (while it is still illegal) someone is convicted of being a pimp - should I make that person a poster-boy? Should I work to build a "how to be a pimp" consulting business, or promote a "pimping for dummies" book?
Kevin broke the law, and did his time. Can't he just get a straight job like the rest of us and move on? Why must he be a hero? Why must
I don't get it. Let it go. Kevin, please get a regular job and live like an ordinary citizen.
Respectfully,
Anomaly
Modern day Robin Hood? (Score:2, Insightful)
Robin Hood stories are full of daring adventure, inhuman skill with a bow, and the addage of 'robbing the rich to give to the poor'. However, history tells us that if in fact he existed, he was another common thief who mugged women and kept the proceeds for himself.
In much the same way, there are tales of you sitting up all night, technically brilliant, controlling the machines from the inside in. But the truth tells us you sat on the phone like any other con man tricking people into revealing their passwords. And like Robin Hood, you kept the proceeds for yourself. Whether or not you did anything with them is irrelevant.
So why should anyone care who you are, what you think, or give you any more breaks than the next ex-con?
Re:Skill sets? (Score:3, Insightful)
Programming is largely like riding a bicycle. Once you understand the logic constructs, you rarely tend to forget them. Especially if you are a hacker genius.
However, learning to program in a particular language can take a day or two to learn the new syntax, but the basic programming memes are usually the same (OOP, for-loops, etc.).
Learning how to program in general is different than learning how to program in a particular language.
crime or condition (Score:3, Insightful)
Re:What are the ten worst Windows vulnerabilities? (Score:5, Insightful)
"What are the ten worst Linux vulnerabilities to hacking, how would you attack such systems, and what has to be done with Linux to prevent such vulnerabilities?"
Surely you don't actually believe that Linux is unhackable? Wouldn't finding out what Linux's weakest areas are and fixing them before Linux becomes widspread enough on "Dumb User" hardware that it becomes the next great hacking target?
Are you proud of what you did back then? (Score:3, Insightful)
What do you say to kids who think you're cool?
If the law were different many years ago... (Score:3, Insightful)
Re:How do you find it? (Score:5, Insightful)
The hot issue for many of us concerns the idea of Fair Use, copyright, and copyright enforcment. Government regulations have been changed and are changing in favor of the same kinds of large corporations that claimed huge damages against you during your less than ideal experiance with the Judidical System.
My question is this. What are your thoughts on the continued expansion of corporate copyright enforcement rights, including the legalization of some of the techniques you were convicted of using?
Do you trust corporate america to weild the tools you've used and helped pioneer and what if any regulation do you consider both accecptable and feasable?
Re:No Offense meant, but.. (Score:5, Insightful)
Did he choose to be the poster-boy of government corruption when it comes to prosecution of technology-related case? I don't think so.
You're the type of person who would ask Skylarov why he chose to come to the U.S. to speak at a technology conference.
Re:Life Without the Internet (Score:3, Insightful)
I think the question, in general, is a good one, but I don't think Mr. Mitnick will be able to give an insightful answer.
Civil Disobedience- (Score:3, Insightful)
If you believe in legalisation, then do promote that guy -- he was doing the right thing (and perhaps breaking the law, the two aren't always the same).
Although the circumstances/topics are different, the logic is akin to Ghandi, Martin Luther King Jr., and many other people who try to do what is right.
Henry David Thoreau talks about this type of stuff in Civil Disobedience [indiana.edu] (quoted below)
Unjust laws exist: shall we be content to obey them, or shall we endeavor to amend them, and obey them until we have succeeded, or shall we transgress them at once? Men, generally, under such a government as this, think that they ought to wait until they have persuaded the majority to alter them. They think that, if they should resist, the remedy would be worse than the evil. But it is the fault of the government itself that the remedy is worse than the evil. It makes it worse. Why is it not more apt to anticipate and provide for reform? Why does it not cherish its wise minority? Why does it cry and resist before it is hurt? Why does it not encourage its citizens to put out its faults, and do better than it would have them? Why does it always crucify Christ and excommunicate Copernicus and Luther, and pronounce Washington and Franklin rebels?
One would think, that a deliberate and practical denial of its authority was the only offense never contemplated by its government; else, why has it not assigned its definite, its suitable and proportionate, penalty? If a man who has no property refuses but once to earn nine shillings for the State, he is put in prison for a period unlimited by any law that I know, and determined only by the discretion of those who put him there; but if he should steal ninety times nine shillings from the State, he is soon permitted to go at large again.
If the injustice is part of the necessary friction of the machine of government, let it go, let it go: perchance it will wear smooth--certainly the machine will wear out. If the injustice has a spring, or a pulley, or a rope, or a crank, exclusively for itself, then perhaps you may consider whether the remedy will not be worse than the evil; but if it is of such a nature that it requires you to be the agent of injustice to another, then I say, break the law. Let your life be a counter-friction to stop the machine. What I have to do is to see, at any rate, that I do not lend myself to the wrong which I condemn.
Re:Can't earn money? (Score:4, Insightful)
I suppose the Rosenberg's were good spys and Dahmer was a good serial killer too huh?
In Mitnick's "line of work" as it were, being good means NOT getting caught.
I honestly don't see why so many people like us lift Mitnick up to some hero-like status. He was dumb. He wasn't a good hacker, and what he did hack he handled really stupidly. And that's what got him caught, plain and simple. He's now going to make a living on his name.
Re:No Offense meant, but.. (Score:5, Insightful)
On the contrary, I applaud Dimitri Sklyarov and feel his work was construct, in the face of unjust legislation the USA exports and tries to exert on other peoples. It should be the choice of each sovereign nation to determine the extent of copyright/patent protection to inventors. One country, such as the USA, may attempt to hold all others in thrall as long as the life of intellectual property protection.
Besides, Kevin didn't attempt to bypass electronic IP safeguards, except as the DMCA may regard hacking. He revealed the swisscheese security of information systems in their infancy. He made people afraid, powerful people. We already, well most of us, are aware what sort of democracy-for-sale the Congress and Administration are, when their friends sneeze, they catch cold, and act within or without the law. It's a matter for the defendant to pry him/herself out of such a mess. As often as such examples play it's remarkable anyone wants to open themselves to such harrassment, particularly without alerting the ACLU or some group ahead of time that they intend to demonstrate how unjust the system is, in whole or part.
Anyone remember the 414's? A group of young men in the Milwaukee area who, when caught breaking into DEC systems wanted to sell movie rights? It wasn't too hard to figure how they did it, hell, I was admin on a DEC system and there were default passwords and field service passwords easy enough to guess. You just had to be bored and stupid enough to go trespassing.
I have plenty of sympathy for those treated unjustly, but those who go alone to spread fear among powerful interests are no more clever than a swimmer dogpaddling around in a shark tank.
When given lemons make lemonade (Score:5, Insightful)
Mitnick has knowledge and skills that will make him a productive part of society. The area he's promoting himself in is a legitimate legal business so why shouldn't we get behind him and support him. This would constitute a "regular job" - unless you mean flipping burgers or selling clothes at the gap, or maybe insurance salesperson. There are plenty of former criminals in areas of expertise that relate directly to their original crimes. Their knowledge is often very helpful in stopping future crimes and in showing how people can reform and rebuild their lives after having made mistakes.
Mitnick served out the punishment given by the state and now he should be allowed to live his life unencumbered by that "criminal" title. This includes seeking ANY gainful employment he can find.
I feel that society does have an obligation to help people who we've allowed to be mistreated.
The problem with the justice system today is:
1. They bend a little too much to the corporate will.
2. Punishment is never really centered around "correction" even though people are remanded to the "Department of Corrections".
3. There's no procedure for quick and fair correction of mistakes (i.e. false imprisonment, misshandling, etc.) Most compensation has to be gained via lawsuit. False judgements can stay with a person for life, damaging not only their mental health but their future job prospects and personal relationships.
4. Too much stock is put into conviction rates and not enough in to quality of prosecution and/or honesty in prosecution.
5. Justices allow stretching the word and spirit of the law in order to help prosecutions of people not exactly covered under existing laws. I.E. Some people get prosecuted under RICO when their crime has nothing to do with it.
6. Prosecutors withholding charges in order to pursue additional charges should they lose in the first round - an attempt to circumvent double jeopardy rules. (i.e. I murder someone during a robbery - the evidence is fairly thin, so I'm prosecuted for Murder (alone). When I'm acquitted the prosecution charges on attempted robbery, weapons charges or one of the many other charges that they can dig out that might have stronger evidence. The possibility of prosecution might loom for years, along with the stigma of "suspect".)
7. The ability to punish/pursue a suspect through (ab)use of the media. ("person of interest"). Placing pressure on a subject via media "leaks" or press releases that lead the public to believe certain things about a person. While not exactly lies we all know that it's the prosecution using the media to manipulate the public against a SUSPECTED criminal. (defense and prosecution should be barred (ethics) from using the media as a tool against the other side.) Remember INNOCENT UNTIL PROVEN GUILTY.
Hackers = Terrorists??.. (Score:2, Insightful)
With more and more people getting caught up in the 'hacker = terrorist' retoric of late, especially those in high places, changing minds is more important than ever. I shudder to think of what would happen if your activities had occured a few years later (that whole 'whistle launch codes into a phone' thing...).
What do you think is the most important thing that the hacker community should do to make sure that cases like yours don't occur again, and that cases involving computer crime are treated fairly and not trumped up to terrorism?
Re:Scapegoat Sweepstakes? (Score:2, Insightful)
Re:Seeing.. (Score:3, Insightful)
Re:Why are we helping him build his business? (Score:1, Insightful)
combine that with the fact that he hasn't actually done any real work for the last eight years and I think there would be lots and lots of more qualified REPUTABLE and TRUSTWORTHY computer security consultants to hire.
I think the fact that he will never work in the security field as a trusted engineer is part of the punishment from the court, it's just not actually written.
Glorifying this ex-con is nothing worth bothering with.
Re:Life Without the Internet (Score:3, Insightful)
Re:power (Score:3, Insightful)
Re:No Offense meant, but.. (Score:5, Insightful)
Actually (a little googleing reveals that) in many instances he DID - or rather his lawyers did. The trial kept getting delayed due to it's complexity - often at the request of HIS lawyers. Hiring and firing three different lawyers doesn't usually speed things up any either (though I'll grant you it is possible they were incompetant - but the real possiblity exists their client was part of their problem). As for being denied bail that whole time - well that is sort of a natural penalty for running & continuing to commit the same crimes while on the run - for some reason people just don't trust you not to it again. Wasting time in useless appeals to GET bail when no sane judge would give it to you is just another thing that drags out the time you spend waiting for trial.
I don't think he chose to have the software he downloaded (and did not distribute) valued at an amount way beyond reality because the Feds said to.
And they should have been valued at less because he & his lawyers said so? I have no idea what the real value of the damage he caused to various systems was or the value of the information he stole. I doubt HE knows it's value. I am sure his victims and the prosecution exagerated it's value. On the other hand it is not difficult at ALL to assume that the value was quite significant. Big companies worth many billions of dollars keep stuff on their computers that really do have multi-million dollar values to those companies. Those where the kinds of companies he liked to hack and the kind of information he liked to steal BECAUSE he wanted to be a big deal and make a big splash. Well he did.
I don't think he chose to have terms of his probation which kept him from using his First Amendment rights
While convicts have rights the whole point of being a convict is having certain rights taken away. As for his specifically first amendment rights - I don't know of any instance during his sentence when the government established a religion for him, forbade him to excersise his own, forbade him to speak, talk to the (or even run a) press, assemble peacably or petition the government to redress his greavances (this last I think he excersiced far more than most of us) Being forbidden to use a computer after being convicted 4 or 5 times (on multiple counts each time) of computer fraud & abuse is not much different from being forbidden to own a gun after being convicted of a gun crime. Being forbidden to use a tool that you only seem adept at using criminally seems appropriate and fitting not cruel nor unusual. Having himself argued in court before that he was compulsive and unable to control himself probably didn't help his case any on this point.
Did he choose to be the poster-boy of government corruption when it comes to prosecution of technology-related case
After being caught and convicted on numerous prior occasions and being dealt with fairly leniently by the courts at first - then doing the same thing again *while on probabation* - then running when a warrant is issued - then continuing to commit the same high profile crimes while on the run IS asking for it.
Yes, there are murderers that have been dealt with less harshly. That's a GREAT argument for harsher treatment of murderers IMO than for more lenient treatment of multiple offense fraud artist fugitives. All the time I hear on
Have you thought of leaving the country ? (Score:3, Insightful)
Just calling it quits an moving somewhere else ?
I've only loosely followed your case (and the related civil liberties problems in the USA) since I first heard of it in c.a. 1997, but judging from todays "status quo", I can say that it hasn't improved at all.
What Really Happened (Score:5, Insightful)
question for kevin (Score:1, Insightful)
Does crime pay? Specifically, your crimes.
Re:No Offense meant, but.. (Score:3, Insightful)
The trial kept getting delayed due to it's complexity - often at the request of HIS lawyers.
Primarily because his lawyers were denied access to the information they needed in order to prepare for any trial. Personally, I'd rather wait in prison a little longer for my lawyers to prepare than go to court with a lawyer who isn't even sure what the charge is (I'm exaggerating there, obviously, but I think you get the point).
As for being denied bail that whole time - well that is sort of a natural penalty for running & continuing to commit the same crimes while on the run - for some reason people just don't trust you not to it again.
It wasn't just that he was denied bail, he was denied a bail hearing. From what I understand, no other defendant in all of American legal history has been denied a bail hearing. This doesn't strike you as a bit odd?
I doubt HE knows it's value ... On the other hand it is not difficult at ALL to assume that the value was quite significant. Big companies worth many billions of dollars keep stuff on their computers that really do have multi-million dollar values to those companies.
Actually, in some cases the values are quite clear. For example, one particular item of software he downloaded was available free to educational institutions, and $100 to anyone else. But that didn't stop the plaintiffs from claiming hundreds of millions of dollars in damages. Well, at least that was their claim in the courtroom. They made no such claim to the SEC or their shareholders. As far as I know, none of the "victim" companies reported a single lost penny as a result of Mr. Mitnick's actions. But the moment they stepped into the courtroom, suddenly it was all sob stories about the hundreds of millions in damages he had caused. I wonder if any of those guys went on to work for Enron.... ;)
That's a GREAT argument for harsher treatment of murderers IMO than for more lenient treatment of multiple offense fraud artist fugitives.
Agreed to an extent. Many violent criminals these days are treated far more leniently than they should. But, Mr. Mitnick got the shaft, big time. If he had received a 2-year sentence, you wouldn't hear a single voice speaking out on his behalf. In fact, based on things I've heard him say in the past, I don't think even he would speak out. He would say that he got what he deserved, and I think few would argue with that. He was a petty criminal, but was treated like he was the biggest threat to society at the time.
Did you sleep more easily while Mitnick was in jail, knowing that he was off the streets? Do you lose sleep now knowing that he's back out there? I doubt it. They went way overboard on his case.
Re:Priorities (Score:3, Insightful)
Seriously, it's people who set up critical system in such a way that their functionality can be influenced from a network designed for research and entertainment that should be charged with manslaughter. If a script kiddie tried to split IRC network and people died because of that, s\he should be just given grief counseling and not charged with anything.
On the other hand, people who purposely break car or air traffic control should of course be responsible. But someone maintaining a critical computer should first make sure that it can not be shut down accidentaly and provide ample warnings to potential tresspassers on why it should be left alone. It wouldn't do to have an obvious, conviniently located self-destruct switch. Or forward any packets from the Internet without strong encryption, if that.
Hmm... I don't remember all the facts. Is there any evidence that Kevin purposly tried to cause serious harm? Or that he even broke into any systems that did critical real-time control? I thought he was just addicted to getting control of a system, stashing away source code and so on. If you get down to basics of human motivation, real hacking is just another kind of science. Like Indiana Jones style of archeology. Risky, annoying, controversial but ultimately an unavoidable consequence of human curiosity.
Re:No Offense meant, but.. (Score:2, Insightful)