Kevin Mitnick, sound familiar?
Kevin Mitnick is known as one of the world’s first cybercriminals, but before his infamous hacking career, he got his start in social engineering at only twelve years old. Living in Los Angeles, Mitnick used the bus system to get from place to place. Instead of paying for it, he used social engineering to bypass the punch card system used by the buses. He simply bought his own ticket punch, by recommendation from a driver, and used unused transfer slips from the garbage to ride any bus in LA.
His first official hack took place in 1979 when he was only sixteen years old. He and group of hacker friends broke into the University of Southern California’s computer system, known as The Ark. The system oversaw the operation of select administrative tasks. Kevin did this using a phone number for The Ark that one of his friends gave him. It was a dial-up number to the DEC computer system, but without a username and password it wasn’t much use. So, Kevin took it upon himself to call the systems manager, and pretend to be the lead developer. He convinced the manager that he had forgotten his password. Once he logged into the account, the friends he was with allegedly downloaded the source code for the system and then called in the hack, giving the company Mitnick’s name. He wasn’t charged with this crime until 1988 when he was sentenced to 12 months in prison accompanied by three years of supervised release.
Before his supervised release ended, he managed to hack into Pacific Bell, a telephone company that provides service in California. This incident echoes back to our post on phone phreaking, here Mitnick was doing a similar thing. This hack gave him the ability to access unlisted phone numbers and make long-distance calls without being charged but it also led to a warrant for his arrest. He evaded the FBI for almost two and a half years by constantly changing identities, cloning cellphones, and moving around the country. He spent his time as a fugitive hacking computer networks, copying software from telephone companies, and breaking into private email accounts.
Mitnick was arrested by the FBI in 1995 on charges related to computer hacking and wire fraud. He would later be charged with “obtaining access to computers of manufacturers of operating systems, manufacturers of cellular telephones, internet service providers, and educational institutions.” (Federal Communications Commission). His sentence was forty-six months in prison on top of a $4,125.00 restitution.
Before his release in January of 2000 there was the Free Kevin movement of 1997. Supporters claimed that while Mitnick’s actions were illegal, they didn’t result in losses that were adequate with his sentencing. They claimed that his hacking didn’t cross a line because it didn’t result in heavy damage, he did what he did out of curiosity and a desire for adventure. In December of 97’ Yahoo! was hacked by a group of these supporters. The directory service’s homepage displayed the message ‘Release Mitnick from federal custody or suffer a Net-wide catastrophe’. The hackers claimed that they had placed a downloadable worm on Yahoo! that would begin destroying networks on Christmas day unless Mitnick was freed. Yahoo refuted the claims, saying that no such worm existed.
Mitnick was released in 2000 and spent another three years with supervised release where he was not allowed to use any communications technology besides a landline. After his release he went on a bit of a redemption arc. He became a paid security consultant and spent the rest of his life speaking on security matters and teaching people how to be safe online. Mitnick wrote four books, some about security and some about his own experiences hacking. He eventually started Mitnick Security, a cybersecurity consulting firm. He claims that his motivation for hacking was never monetary, and he never went in with the intention to harm anyone. Mitnick sees himself as a “trophy hunter”, in it for adrenaline and adventure.
