Most Recent Articles In PeopleMost Recent Articles In People
- Ann Moore's Next Act
- Men of the Week: The Oscars Edition
- Bernard Arnault Receives MoMA's David Rockefeller Award
Once known as the world’s most wanted computer hacker, Kevin Mitnick has since changed his ways and now helps companies and government agencies protect themselves from the types of antics he pulled years ago. After being convicted of wire fraud, computer fraud, illegally intercepting a wire communication and other crimes, he served five years in prison, including more than eight months in solitary confinement because a judge alleged he could “start a nuclear war by whistling into a pay phone.” During his two-and-a-half years as a fugitive, the entirely self-taught hacker gained unauthorized access to dozens of computer systems, according to the U.S. Department of Justice.
Released in 2003, Mitnick, the former record holder for the fastest computer hack, struck a plea bargain that prohibited him from profiting from his tough-to-imagine tale for seven years. Now that that clock is up, he has detailed his deceitfulness in a new book, “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker” (Little Brown and Co.) The 48-year-old will demonstrate just how easy it is to dig up credit card and social security numbers at a reading tonight at Sebastian Junger’s bar The Half King in New York.
Already the subject of three books by other authors and the feature film “Track Down.” Mitnick said of his own tome, “I hope that people will realize I am really human. A lot of the articles and the books that were written made me into a character on TV or in a movie.”
These days, he is more apt to be found helping the Federal Bureau of Investigation, Federal Aviation Administration, National Aeronautics and Space Administration and other agencies and companies fight computer hacking through his firm Mitnick Security. The Las Vegas-based workaholic also globe trots 15 to 20 times a years earning $20,000 to $30,000 a pop for speaking engagements. But he said financial gain has never been his chief incentive.
“The book is kind of a cyber thriller — a ‘Catch Me If You Can’-type adventure that I lead. But it was never about money — it was about the intellectual challenge and curiosity,” he said. “I wasn’t out to profit or to commit crimes with my hacking. I did a lot of crazy things that people in their right mind would never do. I was just having these adventures, if you will, that were like being in a video game with serious consequences. In my life, I have always liked to put myself in dangerous situations and I try to figure out my way around the obstacles.”
Here, Mitnick talks with WWD about hacking, outfoxing the FBI, assuming a Harry Houdini-inspired alias and ordering comfort food in solitary confinement.
WWD: How did you get into hacking?
Kevin Mitnick: I was fascinated by magic as a kid — color-changing knives, disappearing scarves, the typical tricks you could buy at a magic store. At the same time, I was a prankster in high school. A friend introduced me to phone phreaking, where you could use a secret number and a secret five-digit code to call anywhere in the world for free. I thought it was the greatest thing in the world — not that I had anyone to call. I just thought it was a fluke in the system. I also got into the phone company’s system so whenever a friend tried to place a call from home, they would get the recording that said, ‘Please deposit a quarter to make this call.’”
I would hack into McDonald’s drive-thrus by using my car radio to overpower the headsets that employees used. I was 16 or 17, so you can imagine what I would say: “We don’t sell burgers anymore, only tacos.” In case someone ordered a soda, I would say, “Our soda is kind of warm today, but we have free apple juice.” Most people would say OK to that. Then we would play this recording that sounded like someone urinating in a cup and tell people, “Your apple juice is ready. Drive up.”
WWD: How did things escalate?
KM: I wanted to pull more pranks with the phone company. You know Steve Jobs and Steve Wozniak started Apple by selling blue boxes, which were devices that emitted certain frequency tones that allowed people to call anywhere in the world for free? When I was a senior in high school, I got involved with hacking before it was against the law. For an assignment in school we were supposed to develop a code to find the first 100 Fibonacci numbers and I developed a code to steal passwords instead. I was given a lot of “atta-boy’s.” Today if you did that they would have you arrested. When hacking was criminalized [in 1980 by the state of California and in 1984 by the federal government] I thumbed my nose and started getting bolder.”
WWD: What did you do in solitary confinement?
KM: I read a lot of books, listened to my Sony Walkman, slept a lot and ate a lot of comfort food. You could order from the commissary. I put on a lot of weight — Hershey bars and peanut butter.
WWD: Is there anything you wished you hadn’t done?
KM: A lot. A list that could fill your article. I regret causing the damages to a lot of companies. They had to spend a lot of money trying to figure out who was hacking them. Of course, I regret causing the pain and heartache I caused my mother and grandmother. I regret being a pain in the ass.
WWD: What did you do as a fugitive?
KM: I ended up living in Denver for about a year working for a major law firm in the IT department. And I moved to Seattle to work at a hospital in IT. I was not the typical thief who would rob a bank or use credit card numbers. I was applying for and working in legitimate jobs, but using different aliases.
WWD: What was your alias?
KM: I had so many. My favorite one was Erik Weisz. That was the real name of my favorite magician, Harry Houdini. It was kind of my tribute to him. Of course, by using it I thought I had a sense of humor but I found out the FBI did not have one.
WWD: How did you get caught?
KM: I used a [GPS] device to keep track in real time of the case agent who was investigating me. I was working as a private investigator and I walked into my office one day and heard a beeping sound. I thought I had put in the wrong code to enter the building but then I realized it was an alert from the locator device that the FBI agent was in the vicinity. I figured out they were about to do a search before they could issue an affidavit. So I cleaned up my apartment and went to Winchell’s Donuts. I got a big box of donuts and wrote “FBI Donuts” on the box and put them in my refrigerator.
WWD: What made you change?
KM: Growing up. After getting out of prison, Senators Joe Lieberman and Fred Thompson got me to assist the federal government to protect their computer system. I had to get permission from the federal government to help the government. Three months after getting out of prison the federal government asked me for my help.
WWD: What can designers, retail chains and major fashion brands do to safeguard their computer systems?
KM: It’s important to do security testing. Companies hire me all the time to break into their e-commerce sites to try to find the security holes. Credit cards are highly prized among hackers. There is a lot of personal contact information and financial information on those sites. Then there is always a risk that once someone gets into the storefront they will worm their way into the internal network where all the company’s financial information is stored. Companies need to find the vulnerabilities in their computer systems and wireless networks. Look what happened to TJ Maxx by a fellow by the name of Albert Gonzales [who is serving 20 years, one of the longest sentences for computer crime or identity theft.]
WWD: What else do you warn people of?
KM: Then there’s social engineering, which is basically tricking a human operator to do something they ordinarily wouldn’t do. It could be a matter of providing information as simple as a network password or opening a PDF file that exploits a vulnerability in the system. Depending on your version of Adobe, you could [unknowingly] give a hacker access to your computer. It’s basically a booby trap. You don’t have to be a rocket scientist to break into a system. You just need to set up the con and be very convincing.
WWD: What do you do when you’re not working?
KM: When I travel to other countries to speak, I try to take a few extra days to experience the different cultures. I just took my first vacation in 11 years. I went to Spain. I go to the movies a lot and I like to Jet Ski on the lake. The way my work is I spend a lot of time reading and researching. It’s not how many hours do I work but how many hours don’t I work.