Historic Hacks – Kevin Mitnick
This time on historic hacks, rather than concentrating on a specific hack or piece of malware, we’ll be looking at the hacker’s profile. In this case, we’ll be looking at some of the exploits of one of the most famous hackers: Kevin Mitnick.
Mitnick started hacking as a teenager. At just 13 years old, he had figured out how to abuse the punch card system for the LA bus system by finding unused tickets in the trash and punching them himself after getting a bus driver to tell him where he could get a punch similar to the ones the drivers used. Later, at 16, he broke into the Digital Equipment Corporation’s (DEC) network and copied software after obtaining a phone number for their development system from a friend. He was convicted of this crime in 1988, and given a year’s prison sentence followed by three years of supervised release.
Social Engineering
Mitnick specialized in a form of hacking called social engineering. This is the art of hacking people by convincing them that you are whoever you tell them you are, or who you need them to believe you are. These days, many firms train their staff for social engineering awareness, and to try to ensure that they can’t be fooled by imposters, in part due to the popularity of the methods created by Mitnick.
In 1993, while still on his supervised release from his previous conviction, Mitnick turned his attention to the Pacific Bell telephone network. Through a combination of research into the jargon, and learning how the network itself worked, he used his social engineering skills to impersonate staff at the company. Using these techniques, he was able to get hold of secret codes and phone numbers that allowed him to make free long distance calls, apply wiretaps and access unlisted phone numbers. After he was discovered, a warrant was issued for his arrest, and he went on the run.
For the following two and a half years, Mitnick remained on the run. Moving from state to state, and using his social engineering skills to create identities for himself, Mitnick continued his notorious crimes. Not only did he create these new identities, but he also managed to use them for the issue of legitimate government identification. He even managed to land jobs under his alter-ego at both a law firm and a hospital. It’s alleged that during this time he had hacked into computers belonging to Colorado SuperNet, Fujitsu, Motorola, NEC, Nokia, Novell and Sun Microsystems.
The End of the Line
Mitnick’s mistake, it seems, was hacking into the computer of Tsutomu Shimomura in 1994. A computer security expert and white hat hacker himself, Shimomura had previously testified to Congress on issues connected with mobile phone technologies. On discovering that Shimomura had developed tools to exploit weaknesses in mobile phone systems, Mitnick focused his interest on Shimomura. In response, Shimomura decided he would try and find the hacker. Tracing back the hack, he started talking to other companies who had been hacked by the same hacker and worked with them to gather more information about their hacks. Piecing all the information together, Shimomura was able to lead the FBI to Mitnick, and he was arrested on the 15th February 1995.
Almost five years later, on the 21st January 2000, Mitnick was released. He has since gone on to set up a security consulting firm, as well as writing books and giving talks on security and his exploits. As the details came out about what Mitnick’s exploits, it became apparent that he was the archetypal curious hacker, using his skills to see what he could break into, partly for fun, but also simply because he could.