Ask Kevin Mitnick 285
The hacker with perhaps the most famous first name around, Kevin Mitnick, has gone from computer hacking of the sort that gets one on the FBI's Most Wanted list (and into years of solitary confinement) to respected security consultant and author, helping people minimize the sort of security holes he once exploited for fun. His new book is called Ghost in the Wires: My Adventures as the World's Most Wanted Hacker; it's his first since the expiration of an agreement that he could not profit from books written about his criminal activity. Kevin's agreed to answer your questions; we'll pass the best ones on to him, and print his answers when they're ready. Note: Kevin also answered Slashdot questions most of a decade ago; that's a good place to start. Please observe the Slashdot interview guidelines: ask as many questions as you want, but please keep them to one per comment.
Do you own a Guy Fawkes Mask? (Score:4, Interesting)
Do you own a Guy Fawkes mask, or have an opinion of Anonymous' activities?
Is it cool any more? (Score:5, Interesting)
You have gone from hacker/cracker to security consultant via quite a difficult route. If you just wanted the money, there would have been far easier ways.
Today, the most well-known kiddies tend to do something high profile but requiring little technical brilliance and move quickly to "legitimate" jobs. The majority of "security consultants" don't really have much technical knowledge at all, being more public relations/ass-covering types.
With this in mind, what advice do you have to people who like to study security for its own sake? Should they keep quiet about what they do, developing an academic career so they can research to their heart's content without commercial pressures?
Or does everyone clever sell out in the end?
What if they had not cought you? (Score:5, Interesting)
How do you think would have happened in a scenario where you managed to escape the FBI and the hackers that helped them?
As a professional white hat... (Score:4, Interesting)
What would you recommend to organizations to curtail the sort of social engineering break-ins for gaining unauthorized entry?
Responsible Disclosure? (Score:5, Interesting)
cybersecurity (Score:4, Interesting)
What cybersecurity threats do you see as the most dangerous to the Internet now?
In the end... (Score:4, Interesting)
Security-Convenience tradeoff (Score:5, Interesting)
Would you agree that mostly there exists a tradeoff between security and convenience? If so, how much security (or convenience) do you think is worth sacrificing for the other?
Anon & Lulzsec (Score:5, Interesting)
What are your opinions on the actions of groups like Lulzsec & Anon? Do you feel that they will, in the end, expand freedom on the net or just help government tighten the noose on internet restrictions?
Hi, Kevin. I'm one of your victims. (Score:5, Interesting)
Hi, Kevin. I was told that my credit card information was among the thousands you stole from Netcom, way back in the day.
I won't ask you what you did with the credit card info you stole, that might cause problems with self-incrimination. I wouldn't want that, oh no.
So let me ask this: How does it feel to be a 'respected' member of the security community now, after having frightened and hurt so many people back then? How does it feel to have the hacker community regard you as a hero when you've done some of the most amoral and harmful acts in modern computing history? I guess what I'm really asking is, how well do you sleep at night? Honestly.
Computer Setup (Score:5, Interesting)
What is your computer setup? I mean hardware, OS, software you use to work.
A question & follow-up (Score:4, Interesting)
What is the primary purpose of hacking? Has this purpose remained constant over the decades, or has it changed from your rise as a hacker up to today?
Why wait? (Score:5, Interesting)
TFA Asserts that "Mitnick has agreed that any profits he makes on films or books that are based on his criminal activity will be assigned to the victims of his crimes for a period of seven years following his release from prison." The summary asserts that this is the reason you chose to wait before arranging for the publishing of a personal autobiography.
Given you had the opportunity to publish a copyrighted work and sell it for a profit prior to the release of your "official autobiography" under the pretense that the profits would be sent to the victims of your crimes (a number of which included theft of trade secrets and violation of copyright), why have you chosen to wait until the end of the agreement so that you could personally profit from this? And in a related question (unless you have answered it in the first), do you believe all of your crimes were vitcimless, some were, or perhaps none were?
Re:Colbert Report (Score:5, Interesting)
Kevin Mitnick was recently on Colbert Report to promote his book. Here is the link [colbertnation.com] if anyone's interested.
Yeah, thats the "7 digit UID new school /."
The old school 5 digit UID and below /. crowd would have reported that Kevin was on 2600 / off the hook "recently" to promote the book. Which show was it? I donno, probably one of these:
http://www.2600.com/offthehook/2011/0811.html [2600.com]
I listened; it was a fairly interesting interview.
Somewhere in between old school and new school, he was on some TWIT network show recently too, apparently this one:
http://www.twit.tv/show/triangulation/21 [www.twit.tv]
The twit network is generally a little too non-technical / mass market for me, although they certainly easily are more interesting than TV. I think it would be hilarious if Leo purchased the "tech tv" trademark from whoever owns it using his apparently voluminous petty cash fund (if you've seen his new studio, you'd know what I mean)
Now someone else chime in with his Dr. Phil episode for that / newbie tone. thats what the 8 digit UIDs watch, or so I hear.
Re:Hi, Kevin. I'm one of your victims. (Score:5, Interesting)
As soon as I was told about it I canceled the card. Which was a hardship for me, considering I had just gone through a divorce and I was in bad financial straits at the time. He didn't hurt me much, but he frightened me plenty. There are others who were hurt far worse.
It frosts my chaps that this guy is treated as a hero by the hacking community. But I suppose people get the heroes they deserve. I was just wondering how Kevin feels about that.
Re:What has changed (Score:3, Interesting)
you are a pinhead, with no knowledge of either history or computer science. observe
- What made kevin great what this up this point most errors that were exploited were what were known as fencepost errors, tedious to find and with unpredictable behavior once exploited. Kevin was a pioneer in looking for how to leverage the functionality that made computers worthwhile against them. The man in the middle attacks that exploits a three way handshake is elegant and sophisticated because it puts the defending system in a position of lessened value (that in order to defend against it the computer would be unable to complete a three way handshake). Coupled with the ability to social engineer, this mindset is what is dangerous, this level of clanking balls and imagination.
Your question is asinine. This man hacked networks and systems. You want to know if he can compromise a fucking home pc?
Can a brain surgeon remove a fucking wart? Kevin didn't teach people how to hack, he taught people how to think like hackers
http://www.pogostick.net/~pnh/ntpasswd/ [pogostick.net]
or just go to fucking bugtraq
Re:As a professional white hat... (Score:4, Interesting)
Training....
... And strict enforcement of visitor policies.
You can train people all you like but if they're too scared or jaded to challenge visitors that training isn't going to count for much. Everyone at every level, especially upper management, needs to learn to understand and accept that yes, they might be called on their credentials and that this is actually a good thing.
Re:Hi, Kevin. I'm one of your victims. (Score:3, Interesting)
So I assume that your credit card info getting into Kevin's hands caused you grievous financial harm? Oh, it didn't? Well then.
I've yet to hear about any truly harmful acts Kevin Mitnick ever "perpetrated". Maybe I just never heard about something truly terrible and destructive, but I have my doubts.