Ask Kevin Mitnick 839
Okay, Kevin Mitnick is getting back online and can start taking email tomorrow, January 21. We've spoken with Kevin by phone, and he agrees that a Slashdot interview is a fine way to help celebrate his return to the Internet, especially since he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.) One question per post, please. We'll email Kevin 10 of the highest-moderated questions, and post his answers shortly after he gets them to us.
Comment removed (Score:5, Interesting)
Re:How about.... (Score:5, Funny)
Delete spam. Tons of spam.
Re:How about.... (Score:5, Funny)
Re:How about.... (Score:5, Funny)
I see it going something like this:
TechTV Host: Okay Kevin, here's your computer, you have the controls. You said you were thinking about browsing a few web sites?
Kevin: Yes. I think I'd like to try Yahoo.
Kevin: Ah. Here we go. Hmm. This is odd, it doesn't look like the screenshots I've seen in magazines...
Kevin displays shock and surprise.
Kevin: It looks like a hundred pages of CREDIT CARD NUMBERS! Hey, what's going on!?!
Cops bust through the doors, comedy ensues.
No Offense meant, but.. (Score:5, Insightful)
he has a book to sell and a consulting business to build. (Don't forget: Kevin hasn't been able to make much money for a number of years, and has a lot of lost time to make up for.)
Knowing all this as the result of your choice, would you choose this path again? If so, why?
Re:No Offense meant, but.. (Score:5, Insightful)
Did he choose to be the poster-boy of government corruption when it comes to prosecution of technology-related case? I don't think so.
You're the type of person who would ask Skylarov why he chose to come to the U.S. to speak at a technology conference.
Re:No Offense meant, but.. (Score:5, Insightful)
On the contrary, I applaud Dimitri Sklyarov and feel his work was construct, in the face of unjust legislation the USA exports and tries to exert on other peoples. It should be the choice of each sovereign nation to determine the extent of copyright/patent protection to inventors. One country, such as the USA, may attempt to hold all others in thrall as long as the life of intellectual property protection.
Besides, Kevin didn't attempt to bypass electronic IP safeguards, except as the DMCA may regard hacking. He revealed the swisscheese security of information systems in their infancy. He made people afraid, powerful people. We already, well most of us, are aware what sort of democracy-for-sale the Congress and Administration are, when their friends sneeze, they catch cold, and act within or without the law. It's a matter for the defendant to pry him/herself out of such a mess. As often as such examples play it's remarkable anyone wants to open themselves to such harrassment, particularly without alerting the ACLU or some group ahead of time that they intend to demonstrate how unjust the system is, in whole or part.
Anyone remember the 414's? A group of young men in the Milwaukee area who, when caught breaking into DEC systems wanted to sell movie rights? It wasn't too hard to figure how they did it, hell, I was admin on a DEC system and there were default passwords and field service passwords easy enough to guess. You just had to be bored and stupid enough to go trespassing.
I have plenty of sympathy for those treated unjustly, but those who go alone to spread fear among powerful interests are no more clever than a swimmer dogpaddling around in a shark tank.
Re:No Offense meant, but.. (Score:5, Insightful)
Actually (a little googleing reveals that) in many instances he DID - or rather his lawyers did. The trial kept getting delayed due to it's complexity - often at the request of HIS lawyers. Hiring and firing three different lawyers doesn't usually speed things up any either (though I'll grant you it is possible they were incompetant - but the real possiblity exists their client was part of their problem). As for being denied bail that whole time - well that is sort of a natural penalty for running & continuing to commit the same crimes while on the run - for some reason people just don't trust you not to it again. Wasting time in useless appeals to GET bail when no sane judge would give it to you is just another thing that drags out the time you spend waiting for trial.
I don't think he chose to have the software he downloaded (and did not distribute) valued at an amount way beyond reality because the Feds said to.
And they should have been valued at less because he & his lawyers said so? I have no idea what the real value of the damage he caused to various systems was or the value of the information he stole. I doubt HE knows it's value. I am sure his victims and the prosecution exagerated it's value. On the other hand it is not difficult at ALL to assume that the value was quite significant. Big companies worth many billions of dollars keep stuff on their computers that really do have multi-million dollar values to those companies. Those where the kinds of companies he liked to hack and the kind of information he liked to steal BECAUSE he wanted to be a big deal and make a big splash. Well he did.
I don't think he chose to have terms of his probation which kept him from using his First Amendment rights
While convicts have rights the whole point of being a convict is having certain rights taken away. As for his specifically first amendment rights - I don't know of any instance during his sentence when the government established a religion for him, forbade him to excersise his own, forbade him to speak, talk to the (or even run a) press, assemble peacably or petition the government to redress his greavances (this last I think he excersiced far more than most of us) Being forbidden to use a computer after being convicted 4 or 5 times (on multiple counts each time) of computer fraud & abuse is not much different from being forbidden to own a gun after being convicted of a gun crime. Being forbidden to use a tool that you only seem adept at using criminally seems appropriate and fitting not cruel nor unusual. Having himself argued in court before that he was compulsive and unable to control himself probably didn't help his case any on this point.
Did he choose to be the poster-boy of government corruption when it comes to prosecution of technology-related case
After being caught and convicted on numerous prior occasions and being dealt with fairly leniently by the courts at first - then doing the same thing again *while on probabation* - then running when a warrant is issued - then continuing to commit the same high profile crimes while on the run IS asking for it.
Yes, there are murderers that have been dealt with less harshly. That's a GREAT argument for harsher treatment of murderers IMO than for more lenient treatment of multiple offense fraud artist fugitives. All the time I hear on
What Really Happened (Score:5, Insightful)
What do you say? (Score:5, Interesting)
Priorities (Score:5, Interesting)
Anyone here who wouldn't be in trouble if every one of their computer and copyright related "offenses" came to light can throw the first stone. Ever downloaded an unlicensed MP3 plugin for Redhat 8? Ever renamed irc to emacs to violate a school policy on computer use?
Thoughts (Score:5, Interesting)
Or is is the old, I just gotta do this feeling?
Re:Thoughts (Score:5, Interesting)
http://www.defensivethinking.com/ [defensivethinking.com]
He's going to be spending some time explaining his methods -- as opposed to using them.
Life Without the Internet (Score:5, Interesting)
Re:Life Without the Internet - similar... (Score:5, Interesting)
Did spending an extensive period of time away from computers make you realize that you might just move away one day? or are you still fascinated like the first geek was?
Re:Life Without the Internet (Score:5, Informative)
Although he cannot use the internet himself, he is allowed to observe other people who are using it, and talk about the webpage as they view it. Technically he has not been allowed to direct the persone browsing the web, but they sort of work around that via a series of "yes-no" questions.
What's Different? (Score:5, Interesting)
-theGreater Ponderer.
Your finest moment in court (Score:5, Interesting)
Re:Your finest moment in court (Score:5, Interesting)
When you had your weekend radio show on KFI in Los Angeles, you had many stories that brought about changes in your tone, such as experiments with "drive thru"s involving intercepting and overriding the employees such that you could speak directly with the customer from a distance away. While many would argue (and I would certainly agree) that this isn't a technical marvel, it is pretty damn funny.
So, my question is: everyone knows the big things you've done that you've been punished for, what about the little things you've done that you look back on and smile about?
Yes? (Score:5, Interesting)
Do you feel... (Score:5, Interesting)
Skill sets? (Score:5, Interesting)
Re:Skill sets? (Score:5, Interesting)
(these skill having to do with computers - even though you have not had access to computers during this time)
Re:Skill sets? (Score:5, Informative)
How do you find it? (Score:5, Interesting)
What do you think of todays internet?
Re:How do you find it? (Score:5, Funny)
Re:How do you find it? (Score:5, Insightful)
The hot issue for many of us concerns the idea of Fair Use, copyright, and copyright enforcment. Government regulations have been changed and are changing in favor of the same kinds of large corporations that claimed huge damages against you during your less than ideal experiance with the Judidical System.
My question is this. What are your thoughts on the continued expansion of corporate copyright enforcement rights, including the legalization of some of the techniques you were convicted of using?
Do you trust corporate america to weild the tools you've used and helped pioneer and what if any regulation do you consider both accecptable and feasable?
Which OS? (Score:5, Interesting)
Hmmm, maybe you will try them all? You are a sneaky one.
So... (Score:4, Interesting)
Honestly, though. Do you think your return to the internet should be a 'celebration'? You -did- break the law, why should we be happy you are back on the saddle again?
Scapegoat Sweepstakes? (Score:5, Interesting)
How many of the charges brought against you were unfair? What do you feel would have been a fair set of charges to levy against you?
Re:Scapegoat Sweepstakes? (Score:5, Interesting)
Do you hold ill will towards the friend you had in the early days that you bullied into giving you mainframe access at his work? I read in the book Hackers that you not only bullied him into letting you into his workplace after-hours, but you would make him drive you around and buy you Fatburgers. How much of this account is true?
The more things change... (Score:5, Interesting)
Re:The more things change... (Score:5, Interesting)
The slammer (Score:5, Interesting)
Welcome back.
Re:The slammer (Score:5, Funny)
Re:The slammer (Score:5, Funny)
Advice (Score:5, Funny)
Simple as that
Your wrongs... (Score:5, Interesting)
Free Kevin! (Score:5, Interesting)
Was Your Penalty Fair and Will It Deter? (Score:5, Insightful)
Future vs Past (Score:5, Interesting)
How do you see yourself? (Score:5, Insightful)
In what light and or combination of these types do you see yourself now, is that different from how you were 20 years ago, and do you see yourself as a champion of these things in the future or do you intend to just mix back into society and get a "normal" life back (after your book of course)?
The speed of change (Score:5, Interesting)
As a side note, if you're interested in game programming, let me know!!
Prison Life (Score:5, Interesting)
still possible (Score:5, Interesting)
clueful authorities? (Score:5, Interesting)
>How clueful are they?
>In your opinion, how did the each party (prosecution, your lawyer, and most
>important - the judge) look when it came to their understanding of
>technology? Did they know every nook and cranny, or seem lost in a maze of
>confusion? Do you think an understanding of the issues in question was a
>significant factor in court proceedings?
I know you spoke of this briefly in that lost chapter of your book, in that the companies who said they were victimized significantly overstated their losses (and admitted to it), and the judge went beyond prosecution's suggestion for punishment. But I'm curious to know how competent you think the feds are in these types of legal matters.
For better or worse... (Score:5, Insightful)
Philosophical changes (Score:5, Interesting)
Have your recent law-related experiences (for lack of a more elegant term) brought about any major philosophical changes in your life ? By this, I mean not necessarily computer related changes, but in all aspects of your perception of the world.
Did you know you'd get caught? (Score:5, Interesting)
I guess what I'm most curious about is whether you knew the risks and took them anyway, or whether you thought you were covering your tracks and that the risks were minimal. It would be interesting to know if you knew you'd eventually get busted or whether you thought you were relatively "safe" from discovery.
question (Score:5, Interesting)
The Most Important Question of All (Score:4, Interesting)
What are your thoughts about TCPA Initiative / Palladium? Do you see it as a destructive force in the computing industry?
Seeing.. (Score:5, Interesting)
Was signing away your rights vs early trial (Score:5, Interesting)
I enjoyed your bio, it's a pitty it was cut from your book.
Can you tell me why it was better to stay in prison and sign away your rights, than to go to trial early with a less prepared lawyer?
Weren't you just keeping yourself in prison longer that you should have been?
Do you really think that you would have got an even worse treatment if you went to trial earlier?
Question about Trust (Score:5, Interesting)
I realize that you may have put your cracking days behind you but can you really address the question of trust in the computer security industry.
How has your move into the security industry been recieved by the establishment, and how have you been dealing with the obvious question of you being trusted in the very area you manipulated.
Poor guy (Score:4, Funny)
I guess he'd know better if he'd actually read any Slashdot interviews lately.
Social Engineering (Score:5, Interesting)
Do you think that social engineering still plays as big a part now as it did in your heyday? Moreso maybe?
So how has it all changed? (Score:4, Interesting)
How is the 'net different now from the last time and are you going to miss it?
Do you think this will affect your job potential? (Score:4, Interesting)
Yes, I know it's only supposed to be one question per post, but I think these are pretty well related.
Re-Educating yourself for today's tech world. (Score:5, Interesting)
Now can we settle it once and for all? (Score:4, Funny)
Is it "cracker" or "hacker"?
Published Stories vs. Reality (Score:5, Interesting)
What's it like? (Score:5, Interesting)
You are a notable exception. What's it like being a rock star, and how great is it that you'll now be able to fully capitalize on your fame in the financial sense? Would you be in as promising a position today had you not run afoul of the law?
Out of the Loop (Score:5, Interesting)
How did you/do you stay current on technologies without actual experience, and was it difficult without having an opportunity to put theory into practice?
Security Precautions (Score:5, Interesting)
Big question (Score:5, Funny)
Thanks in advance!
Re:Big question (Score:5, Interesting)
A half-serious question: "If the statute of limitations has expired, and/or your lawyers think you're safe from double jeopardy... What was the passphrase to all those files the DoJ couldn't (or wouldn't admit to being able to) decrypt after all these years?"
Social Engineering (Score:5, Interesting)
Do you have any stories about Social Engineering gone awry? That is, a situation where the mark saw right through your ruse and you just couldn't pull it off.
Welcome back Kevin (Score:5, Interesting)
There was a very interesting (and well balanced) program about you I saw in England a while ago, and in it it mentioned that you were put into solitary confinement (AFAIK) for 6 months, and weren't allowed to use (let alone go near) a telephone under the misaligned fear that you could "blow up the country with one call".
My question is: How does it make you feel when there are such ignorant and misinformed people who are in a position of authority (i.e. judges, police, government) and are there any ways in which you can use your experience to change these attitudes/problems for the good?
Did rehabilitation work? (Score:5, Interesting)
My question is therefore, "Did you learn that it is wrong to intentionally destroy others' work for your own amusement? If so, what part of the punishment was most effective? And, if not, what additional punishment might have changed your mind?"
This is a serious question. I'm not just trolling.
Do u have a keygen for Wind0zes xp? (Score:5, Interesting)
How Do You Plan on Getting Up to Speed? (Score:5, Interesting)
Don't get me wrong, but you can only advise people on social engineering and easy passwords for so long...what kind of knowledge did you already have on PKI, VPNs, Firewalls, IDSes? There seems to be so much that has changed that just a cursory understanding of the principles behind these technologies does not seem sufficient to serve as a consultant (or at least one I would pay for)
Since so much has changed radically in the last few years, how have you kept up or do you plan to keep up at the moment? I can't see just reading a book on the latest OS specs and administrative tasks and being able to consult on them without hands on experience, and in your case you have quite a few years of language, os, security, and other operational technology advances to get up to speed with, etc.
So basically....what's you game plan to get back to a modern day equivalent of the proficiency you had several years ago?
Time Flies (Score:5, Interesting)
Yours is a unique perspective - almost like a kid that has had full run of the candy store and was taken outside and forced to watch (face pressed to the glass). Now you're allowed back in to a drastically changed candy landscape. (Pardon the candy analogy, but I'm fond of sugary things).
In your opinion, what technology has changed the greatest since you were actively involved in the scene?
What will be your primary technology focus when you get back online - in terms of getting back up to speed?
Do you feel intimidated at the prospect of catching up on so many things? Are there areas that you will simply ignore out of necessity but would like to learn more about if you had the time?
Do you have any desire to hack just for the joy of hacking/discovery or have you been turned off of that in light of the consequences?
Thank you for your answers and welcome back!
public opinion (Score:5, Interesting)
Addiction (Score:5, Interesting)
Unauthorized? (Score:5, Funny)
Las Vegas and the PBX (Score:5, Interesting)
What was the story behind your part that trial? (And how much stuff do you have in storage?)
Do you still have skills? (Score:5, Interesting)
What were you thinking? (Score:5, Interesting)
During your escapades which eventually landed you in hot water, you used the EFF account at The WELL to hide the files you stole from T. Shimomura. I'm still trying to figure out why the heck you did that. A simple "last" would have shown you that that was an active account, and you could have guessed that the user was probably technically savvy enough to notice the sudden spike in disk usage. Was that just an act of hacker hubris, or were you just not paying attention? Ultimately, it's what led to your downfall (FBI monitoring your keystrokes, live tracing of IP's) so I am well and truly curious.
Technological Rip Van Winkle (Score:5, Interesting)
I've been a hardcore programmer for the past 10 years, and even I find it difficult to keep up with all these new technologies, terms, etc, and I spend around 3 hours a night after work just dedicated to investigating new technologies.
Where you able to keep up with technology during your incarceration and probation period by just reading books, or were you even allowed to read books? How soon do you think it will take you to re-absorb enough knowledge and, more importantly, experience to make yourself useful in today's world?
Is a Consulting Business Really a Good Idea (TM) (Score:5, Interesting)
To be quite blunt, why would a corporation hire someone with a criminal history who hasn't touched a computer in 8 years?
With all that said, I do wish you the best of luck.
Cracking for the government (Score:5, Interesting)
John Markoff (Score:5, Interesting)
How about your personal life? (Score:5, Interesting)
One last chance? (Score:4, Interesting)
And how would you do it?....
Remorse? (Score:5, Interesting)
(BTW, I think Slashdot should start having people answer more questions, such as, say, 20-25. I've seen a *lot* of interesting questions, and would hate to see them go unanswered simply because they're not in the top ten.)
power (Score:5, Interesting)
What do you have to offer (Score:5, Interesting)
What do you have to offer the security world after being in the clinker for so long. I do not doubt your oldschool skills in any sense, however tthe field of security and networking which you plan on consulting for has changed dramatically in the past few years.
What do you have to offer still? Despite your fame and being unargueably the cybercrime scapegoat, what skills do you possess that will benefit the security world in 2003? Have you had your relatives print 0-day exploits as well as your email? Do you have knowledge of current OS's and the security flaws they possess?
This is not a cheapshot at your abilities, however a simple question of how in the fast changing world of technology you have been able to maintain skills while not being able to touch a computer? By Moore's law you are way behind!
My rights to my intellectual property (Score:5, Informative)
An analogous situation would be where you had a Xerox machine and your own paper in a backback, and you entered into the file rooms of a company where you copied files, and then put them back where you got them. You didn't actually remove anything, and you didn't sell the documents, but you have copies of something that they didn't want you to have.
In that case, it would be considered breaking an entering and/or espionage, and few people would question that you did something unethical.
I am an advocate of open source software and disclosure of scientific information which may enhance innovation. But my personal view is that there are certain bits of information about myself that I don't want other people to have. My salary is one such thing. There are open-source software projects I work on in secret before I consider them releasable, which I work on in secret, and I would not appreciate them being released prematurely. The basic idea is that people have personal information and personal inventions which they own and which they have the right to control completely.
This also applies to a corporation. If IBM pays money to engineers to develop an application, then they own it, and they have the right to control it 100%. That also means they have the right to prevent others from looking at it, even if some of those lookers wouldn't do anything harmful with it.
In addition, there's this basic idea of being nice and respecting people's rights. I can peek into my neighbors' house and watch them having sex without them knowing it, but out of respect for their wish to not be observed when doing that, I don't try to look.
Given these two intimately related ideas that people own their inventions that they should have complete control over, and that they have the right to not disclose them, regardless of whether or not you intend to use it for anything, how do you justify hacking into computer systems which do not belong to you and making copies of information which the owners do not wish you to have?
How is not not harm when you violate someone's personal privacy, even that of a corporation?
What do you most want to get your hands on? (Score:5, Interesting)
I'm sure that there is something new that you just can't wait to get your hands on. What is it and why?
Hacker (Score:5, Interesting)
You are being watched (Score:5, Interesting)
What did you miss the most? (Score:5, Interesting)
I'm sure that, with all the things you were forced to give up being away from any contact with computers for as long as you were, there were plenty of things you quickly got used to being without, and things you probably even forgot existed. However, I'm sure there were some things you really missed.
Of all the things you had to do without, what one thing about computers and the Internet did you miss the most?
Are you free to tell us what you really think? (Score:5, Interesting)
How free are you to tell us what you really think about things, and how much is your freedom of speech being moderated by the terms of your parole? For example, if you felt that (this is purely hypothetical), in response to IP issues you believed in taking actions that might be interpreted as criminal, would there be reprecussions for you if you stated them here?
How have you stayed intouch with tech these years? (Score:5, Interesting)
This I'm sure will be the first question that will come to mind when anyone considers paying for your services as a security expert. i.e.: how can you help a company when you have been "out of the loop" all these years? I figure that since most security concerns are usually on the social engineering side that this will not be a big deal, but when it comes to other more technical aspects, how will you be able to help them?
Coolest Hacks you've ever done (Score:5, Interesting)
Re:What are the ten worst Windows vulnerabilities? (Score:5, Insightful)
"What are the ten worst Linux vulnerabilities to hacking, how would you attack such systems, and what has to be done with Linux to prevent such vulnerabilities?"
Surely you don't actually believe that Linux is unhackable? Wouldn't finding out what Linux's weakest areas are and fixing them before Linux becomes widspread enough on "Dumb User" hardware that it becomes the next great hacking target?
Re:Can't earn money? (Score:5, Funny)
Making that a question (Score:5, Interesting)
Mr. Mitnick:
There are some people who feel that it is unfair for you to use your reputation as an infamous cracker to sell books and build your new consulting business. They argue that you are being given a level of free publicity and exposure that other law-abiding citizens simply would not receive. How would you respond to these accusations? Do they concern you at all? Deep in your heart do you feel that it's unfair you are getting all this extra-special treatment but are willing to accept it anyhow because you need whatever help you can get? Do you feel that it's acceptable to accept some unusual help building your business because you were subject to equally unusual/extreme punishment?
Moderators: this is not a troll. I think this is a legitimate question that many people here would like answered.
When given lemons make lemonade (Score:5, Insightful)
Mitnick has knowledge and skills that will make him a productive part of society. The area he's promoting himself in is a legitimate legal business so why shouldn't we get behind him and support him. This would constitute a "regular job" - unless you mean flipping burgers or selling clothes at the gap, or maybe insurance salesperson. There are plenty of former criminals in areas of expertise that relate directly to their original crimes. Their knowledge is often very helpful in stopping future crimes and in showing how people can reform and rebuild their lives after having made mistakes.
Mitnick served out the punishment given by the state and now he should be allowed to live his life unencumbered by that "criminal" title. This includes seeking ANY gainful employment he can find.
I feel that society does have an obligation to help people who we've allowed to be mistreated.
The problem with the justice system today is:
1. They bend a little too much to the corporate will.
2. Punishment is never really centered around "correction" even though people are remanded to the "Department of Corrections".
3. There's no procedure for quick and fair correction of mistakes (i.e. false imprisonment, misshandling, etc.) Most compensation has to be gained via lawsuit. False judgements can stay with a person for life, damaging not only their mental health but their future job prospects and personal relationships.
4. Too much stock is put into conviction rates and not enough in to quality of prosecution and/or honesty in prosecution.
5. Justices allow stretching the word and spirit of the law in order to help prosecutions of people not exactly covered under existing laws. I.E. Some people get prosecuted under RICO when their crime has nothing to do with it.
6. Prosecutors withholding charges in order to pursue additional charges should they lose in the first round - an attempt to circumvent double jeopardy rules. (i.e. I murder someone during a robbery - the evidence is fairly thin, so I'm prosecuted for Murder (alone). When I'm acquitted the prosecution charges on attempted robbery, weapons charges or one of the many other charges that they can dig out that might have stronger evidence. The possibility of prosecution might loom for years, along with the stigma of "suspect".)
7. The ability to punish/pursue a suspect through (ab)use of the media. ("person of interest"). Placing pressure on a subject via media "leaks" or press releases that lead the public to believe certain things about a person. While not exactly lies we all know that it's the prosecution using the media to manipulate the public against a SUSPECTED criminal. (defense and prosecution should be barred (ethics) from using the media as a tool against the other side.) Remember INNOCENT UNTIL PROVEN GUILTY.
No he's been waiting for (Score:5, Funny)
I bet his email account is full! 100,000 spams just waiting for him to return...