Transcript
It was midnight on February 15, 1995, and the world’s most notorious hacker had just returned to his modest apartment in Raleigh, North Carolina.
After a long day at work and a brief stint on his computer, Kevin Mitnick took a break and spent an hour at the gym. He then grabbed some dinner at a twenty-four-hour diner, and headed back home, ready for another long night of poking and probing distant computer systems.
But as he sat down in front of the screen, a strange feeling crept over him. Something wasn’t right.
The night was still. The lights were off in most of the neighboring apartments, and no suspicious vans lingered nearby. He had a solid fake identity, and having shed a hundred pounds, he didn’t look remotely like the grubby, disheveled young man whose picture was featured on the front page of The New York Time. He was safe. Maybe he was just being paranoid. Being a fugitive, on the run for two and a half years, could do that to a person.
Mitnick restored his attention to the files and directories on the screen, but couldn’t shake the uneasy feeling. So he got up and went to the front door: It opened up to a corridor that gave him an excellent view of the parking lot. He peeked outside cautiously: nothing. It was just his imagination, that’s all. Mitnick returned to his computer.
He didn’t know it at the time, but it was this cautious peek that gave him away.
Intro
There’s little to no dispute that Kevin Mitnick was one of the best social engineers in history – perhaps even the greatest. His exploits and shenanigans are still being taught at cybersecurity training seminars as textbook examples of social engineering, despite the fact that the technological landscape in which Mitnick pulled them off – a world of landline telephony systems, fax machines and public pay phones – is very different from our modern one.
But whenever Mitnick’s name is mentioned in the context of hacking, it is usually accompanied by a caveat: Mitnick, it is often said, wasn’t a great coder. And it’s true: although he did know how to write code, that wasn’t his forte and he often preferred using tools written by other, more talented programmers.
In modern parlance, we have a name for hackers who don’t know how to write malware and use other people’s exploits – and it’s not a very flattering one: Script Kiddies. So maybe Mitnick wasn’t as great of a hacker as he is often portrayed in the media? Maybe it’s all just an exaggeration by the mainstream media who can’t tell the difference between a Script Kiddie and a “true” hacker?
Interestingly, that February night at Raleigh was the culmination of a clash between Mitnick and a nemesis who we can justifiably describe as a “true” hacker: someone who not only was an excellent coder, but also understood communication systems just as well as Kevin did. It was a showdown fit for a Hollywood blockbuster.
The First Hack
Kevin David Mitnick was born in 1963 in California. His parents divorced when he was little and his mother had to work double shifts to sustain the two of them, so Kevin was left alone for most of his waking hours. It also meant that he was free to explore the streets of Los Angeles on his own using, for the most part, LA’s public transportation system.
One day, when he was about 12, Mitnick noticed that the bus transfer tickets he was using were validated by a special pattern created by a paper-punch the bus drivers were using. An idea sprang up in his mind: if he could get hold of the pattern punching machine and some blank tickets – he would be able to travel anywhere he wished in the city, for free!
So next time he boarded a bus, he sat next to the driver. When the bus stopped at a red light, he asked him – “I’m working on a school project, and I need to punch interesting shapes on pieces of cardboard. The punch you use on the transfers would be great for me. Is there someplace I can buy one?” The nice driver, who never suspected that he was being manipulated by a twelve year old kid, told him the name of the store where such punches could be bought for 15$.
Now, he only needed to get his hands on some blank transfer tickets. Stealing them wasn’t an option: using violence was never Mitnick’s style, even much later in life. Instead, he followed the drivers around in the bus terminals, and noticed that many of them tossed their half-used ticket books into the trash bins. Fishing these books from the bins was a no-brainer, and before long young Mitnick was traveling all around LA for free. This was Kevin Mitnick’s first experience with hacking.
A few years later, when he was in High School, he befriended a student who was into ‘phreaking’ – i.e., hacking telephone systems. When Mitnick learned that one could use secret test numbers to make long distance calls for free, it reminded him of his bus exploits – and he was immediately hooked.
His friend showed him the ropes and introduced him to the simple Social Engineering techniques he was using to fool phone operators – but Mitnick didn’t need a lot of training. As the bus incident clearly shows, manipulating other people was something that Mitnick did instinctively from a very young age – which is why he was always fascinated, for example, with magic. As Mitnick recalled in his biography ‘Ghost In The Wires’:
“Once I learned how a new trick worked, I would practice, practice, and practice until I mastered it. To an extent, it was through magic that I discovered the enjoyment in fooling people. […] I saw how […] a roomful found delight in being deceived. Though this was never a conscious thought, the notion that people enjoyed being taken in was a stunning revelation that influenced the course of my life.”
Mitnick’s Most Basic Superpower
In almost no time, Mitnick surpassed his mentor’s social engineering skills. As a teenager, he used these skills mainly for pranks: here’s, for example, how Mitnick managed to get his phone company to give him the non-published phone numbers of various celebrities.
He started by calling one of the phone company’s business offices, and presented himself as Jake Roberts from the “Non-Pub Bureau”. “Did you get our memo that we’re changing our number?” he asked the representative on the line. “No, we didn’t,” answered the person on the other end of the line, “We still dial 213 320-0055.”
Now that he had the bureau’s phone number, he had to have a valid internal phone number of a “second-level” – the phone company’s internal lingo for a manager – who the bureau’s people could call to validate that he was indeed an employee of the phone company and authorized to receive such sensitive information. His next call, then, was to a different business office, where he was able to find such a mid-level manager to talk to. “This is Tom Hansen from the Non-Pub Bureau,” he introduced himself, “We’re updating our list of authorized employees. Do you still need to be on the list?”” Of course the manager still needed to be on the list, and so gave Mitnick his full name and internal phone number.
The last step was to place a temporary call-forwarding request on that manager’s number, which Mitnick did by posing as a repair technician in the field and asking the central office to do it for him. When the Non-Pub Bureau representative called the manager’s number to validate the information request, the call would be forwarded to Mitnick who would impersonate the manager and authorize his own request. Using this method, Mitnick was able to get hold of phone numbers of celebrities such as Bruce Springsteen, Roger Moore and others.
How was Mitnick able to hack the phone company? If you followed that story closely, you might have already picked up on one of Mitnick’s most basic superpowers: knowledge.
“I became absorbed in everything about telephones–not only the electronics, switches, and computers, but also the corporate organization, the procedures, and the terminology. After a while, I probably knew more about the phone system than any single employee.”
More than the technical knowledge, it was Mitnick’s familiarity with professional terminology and internal procedures that allowed him to convince the phone company’s employees to give him what he wanted. By using terms such as ‘Non-Pub’ and ‘second-level’, he convinced them that he was “one of them”, and it was this credibility that supported almost every other technique he used later on.
“At seventeen years old, I was able to talk most Telco employees into almost anything, whether I was speaking with them in person or by telephone.”
Stunts like obtaining celebrities’ unlisted phone numbers and hacking his school’s computer system got Mitnick noticed by the other phreakers around him. One of them, an older hacker, dared Mitnick to break into a computer system called ‘The Ark’, belonging to Digital Equipment Corporation (DEC).
“He told me, “If you can hack into the Ark, we’ll figure you’re good enough for us to share information with.”
Eager to join the prestigious circle of more experienced hackers, Mitnick took on the challenge. He called DEC’s development facility in New Hampshire, and pretended to be Anton Chernoff, one of DEC’s key developers. It was a brazen gamble that hinged on the assumption that although Chernoff’s name would be familiar to many of the Ark’s developers – only few of them actually met the man in person and could recognize his voice. It worked, and in no time Mitnick convinced one of the developers to create a test account on his – that is, Chernoff’s – name. The other hackers were positively stunned when Mitnick demonstrated to them how he’s able to log into the Ark with ease.
But it was then that Mitnick learned his first truly painful lesson. After he gave them the login credentials and the older hackers siphoned the software they were after – they ratted on him, and informed DEC about the hack and who was behind it. Apart from the disappointment he felt due to this betrayal, it was possibly the first time that law enforcement authorities became aware of Mitnick’s name. An FBI agent paid a visit to his home and warned his mother to make sure her son changes his way.
First Arrest
But Mitnick was too enamored with hacking to heed the agent’s warning. Together with a fellow hacker named Lewis De Payne they hacked Pacific Telephone, also known as Pacific bell: a phone company that provided telephone services in California. They were looking for technical manuals that would provide them with more in-depth information about the telephone system, and Mitnick figured they might find one in the trash bins next to a nearby Pacific Bell office building. He, Lewis and a mutual friend went dumpster diving one night – but when their search came up empty handed, they decided to break into the office building itself.
Posing as an employee of the company who wanted to give his buddies a tour of the building, Mitnick convinced the entrance guard to let them in.
The three roamed the empty corridors until they found the computer room they were looking for: there, in one of the cabinets, Mitnick found a sheet with all the access passwords they needed in order to hack the various telephony centers around the state. It was a fantastic find, ‘the mother lode’. They should have left right then.
But they didn’t, because a few moments later they came across the set of technical manuals they were looking for. The temptation was too great, and the group decided to smuggle the manuals outside, copy them and then return them that same night, before people came to work in the morning. “It was the most stupid decision of my early life,” Mitnick would later write in his memoir.
They took the manuals with them – the entrance guard never gave them a second glance – but of course couldn’t find any copy shop open at 2 a.m. Stupidly, they decided to keep the manuals.
Several days later, while driving back home, Mitnick noticed a car with three men following him on the highway. Suspicious, he decided to make a U-turn at the next exit to see if they were indeed trailing him: they were, and his U-turn probably let them know that their mark was onto them. The cops placed flashing lights on the vehicle’s roof, and sped up towards him.
Mitnick panicked. He briefly considered trying to escape, but wisely decided against a high-speed chase on the highway. He pulled over, and the three men stormed his car with drawn guns in their hands. Mitnick was so scared, he started crying.
First Conviction
In 1981, while still a juvenile, Mitnick was charged with theft of Pacific Bell’s technical manuals. The judge who presided over the case was baffled about Mitnick’s motives: he didn’t sell the manuals nor received payment for extracting them – why, then, steal the manuals in the first place?
It was a question that also puzzled the investigators who went after Kevin Mitnick in the following years. Even though Mitnick broke into tens or even hundreds of companies and stole huge amounts of classified software and documents – he never sold any of them or otherwise used them to make a profit. Remember when Mitnick hacked a phone company to get unlisted phone numbers of celebrity singers and movie stars? Even after he got the numbers, Mitnick says he almost never bothered to call them – because for him, harassing celebrities wasn’t the goal: it was the hacking itself which was the reward he was after.
“The truth was, I broke into the phone system for the same reason another kid might break into an abandoned house down the block: just to check it out. The temptation to explore and find out what’s in there was too great. Sure, there might be danger, but taking a risk was part of the fun.[…]
Some people get out of bed each morning dreading their daily work routine at the proverbial salt mines. I’ve been lucky enough to enjoy my work. […] All of this was really to satisfy my own curiosity, see what I could do, and find out secret information about operating systems, cell phones, and anything else that stirred my curiosity.”
The judge, who probably never encountered such an unusual motive for a crime, speculated that Mitnick might be suffering from a sort of addiction, and sent him to a psychological evaluation. Eventually, Mitnick was sentenced to six months in a youth correctional facility, followed by a few more months of probation. Mitnick describes his time at the facility as terrifying.
“I’ve never been so intimidated. The other kids were there for crimes like assault, rape, murder, and gang hits. These were juveniles, sure, but they were even more violent and dangerous because they felt invincible.”
But even this scary experience wasn’t enough to convince Mitnick to change his ways. After he was released from the correctional facility, he went to work for a company operated by an acquaintance of his family – and was again caught for hacking: this time, into the University of Southern California computer system. He was arrested, released, arrested again, released again – and then caught hacking once more.
The Youth Authority issued an arrest warrant against him for violating the terms of his probation period, and Mitnick was filled with dread: his attorney warned him that this time, he was destined to spend a long time behind bars. There was, however, a loophole: Although he was no longer a juvenile, Mitnick was still technically under the jurisdiction of the California Youth Authority, and if he could evade being arrested until his probation period was up – the warrant against him would be nullified. Mitnick, then, went into hiding: he went to live on a farm in northern California, laying low and avoiding any sort of technology – no computers, no modems. Waking up at 5 a.m. every morning to feed the chickens and the pigs wasn’t his cup of tea, to put it mildly – but he very much preferred it to the Youth correctional facility. Mitnick spent his days reading in the local library, and even signed up for a course in Criminal Justice at a local college.
In 1985, after four months in ‘exile’, his attorney notified him that his probation period was over and that the California Youth Authority no longer had any jurisdiction over him. Mitnick returned to LA.
A Somber Wedding
No longer a teen, 22 year old Mitnick started looking for a job – and in short notice learned that General Telephone was recruiting graduates from a technical school called the Computer Learning Center. For someone like Mitnick, who dedicated his teenage years to learning everything he could about telephone systems, the prospect of working for GTE was a dream come true.
Mitnick joined the Learning Center, and it was there that he met a cute girl with a beautiful smile named Bonnie. They soon became friends – but unfortunately for Mitnick, Bonnie was already engaged. However, one evening she told Mitnick that she suspects her fiance, who claimed to be very well off, wasn’t honest with her regarding his finances. Mitnick offered his help, and with Bonnie’s consent hacked a credit-reporting company and obtained her fiance’s credit report. Bonnie’s gut feeling turned out to be correct: her fiance was nowhere near as wealthy as he claimed to be. She broke off her engagement, and within a few weeks became Mitnick’s girlfriend.
Mitnick was elated with this new relationship – his first. He and Bonnie loved to go hiking in the nearby San Gabriel mountains, see movies together and eat Thai food: within a few months they were already talking about getting married. He felt she was the one best thing to have ever happened to him – but even then, the dark allure of his hacking obsession was too strong for him to resist.
In LA, Mitnick reconnected with a fellow hacker he met a few years back called Lenny DiCicco . He told Bonnie that he was attending evening classes – but instead, spent his nights at Lenny’s, the two of them engaged in a hacking battle against Pacific Bell, successfully breaking into and gaining control of multiple central-office telephone switches. They also hacked into a software company called Santa Cruz Operations, looking for a copy of Unix’s source code.
“On the nights when I didn’t go out, I’d sit at my computer in the apartment, using Bonnie’s telephone line for hacking while she read by herself, watched television by herself, and then went to bed by herself. […] I was in the thrall of a powerful obsession. ”
And so, while his successful hacks earned him the admiration of other hackers such as himself, Mitnick’s personal life was slowly but surely falling apart again. His hopes of working for General Telephone were dashed when his superiors learned of his past exploits: he was promptly fired after only nine days. A similar thing happened when he tried to get a job at a local bank, and to top it off – he and Bonnie were arrested after an alert system administrator noticed Mitnick’s suspicious activity inside Santa Cruz Operation’s network. Mitnick fully expected Bonnie to walk out on him, but she opted to stay and support him. He repaid her loyalty with a marriage proposal – but romance had nothing to do with it: it was only because as his wife, she couldn’t be forced to testify against him. The wedding itself was a somber and bleak event, with no family and the bride wearing pants, a top and flip-flops.
Mitnick was convicted of breaking into Santa Cruz Operation’s network, received only a small fine and a probation – and promptly went back to hacking. He and DiCicco spent most of 1987 hacking into the Digital Equipment Corporation (DEC), and after many nights of hard work were able to get their hands on a copy of the company’s VMS operating system source code, so they could learn its secrets.
Another Betrayal
At some point, both Mitnick and Lenny were working for companies who were using the VMS operating system, so the two hackers amused themselves with a friendly ‘capture the flag’ competition: each would try to hack into the other’s company’s network, while defending his own system. The loser would pay the winner 150$.
Unsurprisingly, Mitnick almost always had the upper hand, which frustrated DiCicco to no end – and at some point, he refused to pay Mitnick the 150$ he owed him. In retaliation, Mitnick called Lenny’s company accounting department and posing as an IRS agent convinced the lady working there to withhold Lenny’s paycheck due to a debt he supposedly owed. Mitnick thought it was a hilarious prank – but Lenny was furious.
A few days later, Lenny called Mitnick and asked him to come over to his office. Mitnick had an uneasy feeling: he thought that his friend sounded a bit off. But Lenny insisted, and so the two met in Lenny’s office building parking garage. Mitnick barely had a chance to step out of his car when the two were suddenly surrounded by cars that came at them from all directions, and a multitude of FBI agents who shouted at them to put their hands on the car.
At first, stunned Mitnick was sure that Lenny was pulling his leg, trying to scare him – but when the feds flashed their IDs at him, he realized that his “friend” double crossed him and helped the feds set up the sting operation. While Mitnick was being handcuffed and led away, Lenny was dancing in a little circle of joy.
Solitary Confinement
By this point, Mitnick’s reputation as a dangerous and skilled hacker preceded him, and so when prosecutor claimed that “[Mitnick] can whistle into a telephone and launch a nuclear missile from NORAD,” the magistrate didn’t see it for the a silly hyperbole it was, and ordered Mitnick held in solitary confinement without bail until his trail.
The weeks that Mitnick spent in “The Hole”, as the solitary continent of the Federal Metropolitan Detention Center in downtown Los Angeles was known, were some of the worst weeks of his life.
“[It was a] space about eight feet by ten, dimly lit, with one narrow vertical slit of a window through which I could see cars, the train station, people walking around free, and the Metro Plaza hotel, in which, seedy though it probably was, I longed to be. […] The loneliness was mind-numbing. Prisoners who have to stay in the hole for extended periods often lose contact with reality. Some never recover, living the rest of their lives in a dim never-never-land, unable to function in society, unable to hold a job.”
Mitnick survived his time in the Hole by reading books and magazines and listening to his Walkman radio.
But even there – he didn’t stop hacking. He was allowed to make phone calls to his attorney and family, but wasn’t allowed to call Bonnie at her work. A prison guard dialed the numbers for him and then, sitting five feet away, watched his every move while Mitnick was talking to the pay phone. Could he find a way to call Bonnie’s workplace after all? As always, Mitnick found the challenge irresistible.
While talking to his mother, Mitnick would pretend to scratch an itch on his back: he did this for a few days, so the guard would get used to this action. Then, one time, with his back to the pay phone, he again pretended to scratch his back – but instead held down the switch hook, and then dialed Bonnie’s number. The guard never noticed anything out of the ordinary. After two weeks of doing this trick, the prison’s wardens – who were monitoring his calls – finally noticed who he was really calling. They were never able to figure out how he did it, though, and as a precaution Mitnick wasn’t allowed to use the pay phones again. Instead, a handset connected to a twenty-foot cord was passed through a slot in the heavy metal door of his cell.
But whatever joy Mitnick managed to glean from fooling the prison’s management, soon turned to bitter disappointment.
At the trial, Mitnick was convicted of hacking DEC and sentenced to a year in prison and six months in a half-way home. Throughout this whole time, Bonnie kept supporting him and visited him as often as she could – but when a probation officer asked to inspect her home in order to approve Kevin’s future living arrangements after his release, she finally snapped. “You don’t need to inspect my apartment,” she told the officer, “My husband won’t be living here.” She filed for divorce a few days later.
“I was stunned. We had been planning to spend the rest of our lives together, and now she had changed her mind just as I was nearing release. I felt as if a ton of bricks had been dropped on me. I was really hurt, and totally shocked.”
Suspicious of Bonnie’s sudden change of heart, Mitnick hacked her answering machine.
“I heard Bonnie leave a message on her own phone, presumably from work. After the call had gone to the machine, some guy in her apartment picked up, and the tape recorded both sides of their conversation as she told him about “how great it was to spend time with you.””
When Mitnick learned of the other guy’s identity, he was stunned once again: it was none other than Lewis De Payne, his old friend and hacking buddy. According to Lewis, who confirmed the story to me, Bonnie and he never cheated on Mitnick.
“She had filed for divorce, and was officially separated. We started dating (as in openly – not a secret, not an affair). Eventually, we lived together. We’d have Kevin over for dinner, and we all remained friends.”
Rock Bottom
Mitnick was now at the lowest point of his life. Although he was now once again a free man, his rich criminal record haunted him and prevented him from finding a good job. His wife left him for his best friend, and he gained so much weight while he was incarcerated that he was now practically obese.
Perhaps it was a good thing, because it was also the painful wake up call he desperately needed. He decided to leave Los Angeles and relocate to Las Vegas to live with his mother. There he traded his hacking obsession with a different kind of addiction: he became a gym rat, and over a period of a few months, dropped a hundred pounds.
“That put me in the best shape of my life. And I wasn’t hacking. I was feeling great, and if you had asked me then, I would have said the hacking days were all behind me. That was what I thought.”
But one day, his phone rang: it was Adam, his half-brother from his father. “An ex-girlfriend of mine knows this big super hacker named Eric Heinz, “ Adam told him, “she says he knows some phone company stuff you might not know about, and he told her he really needs to talk to you.” Then he added, “Be careful, Kevin. I don’t think this girl is trustworthy.”
Once again, Mitnick could not resist the temptation. He called the number his half-brother gave him. Eric Heinz, it turned out, used to work with a hacker named Kevin Poulsen – a name Mitnick was very familiar with: Poulsen was another big name in the black hat hacker scene, his notoriety almost rivaling that of Mitnick himself. Judging by the stories he shared with Mitnick, Eric was obviously an experienced hacker – and if he did indeed work with Poulson, it meant that he probably knew some very interesting tactics that Mitnick could use.
Then, in one of their phone conversations, Eric recalled a nighttime visit he and Poulsen made to one of Pacific Bell’s central offices in West Hollywood. There they stumbled upon a room full of unusual computer terminals and tape drives which neither of them had ever seen before: “[It looked] like something from an alien planet,” as Eric put it. They then came across a manual which identified the strange system as a “Switched Access Service” unit, SAS for short.
Leafing through the manual, Eric and Poulsen learned that SAS was a line testing system, which meant it could connect to any phone line – and allow its user to listen in on all and every conversation in the entire phone network.
Mitnick felt the adrenaline rushing once again through his veins.
“The mysterious SAS was just what I had been lacking in my life: a puzzle to be solved, an adventure with hazards. It was unbelievable that in my years of phone phreaking, I had never heard about it. Intriguing. I felt, Wow, I gotta figure this out.”
And so, just like that, Mitnick was back to his old ways once more.
But what he didn’t know was that the real Eric Heinz was an infant who died in a car accident some thirty years ago, and the man he was talking to wasn’t the man he pretended to be.