Kevin Mitnick
Kevin Mitnik is probably the only hacker who is widely known even among people far from computers. The elusive computer genius, the thunder of computer networks - newspaper publications, the hero of which Mitnik became countless times, did not skimp on epithets. For millions, his name was associated with the image of an ominous, penetrating computer cracker that could bring down the full power of technology to people. In adolescents, on the contrary, he always aroused admiration. Throughout the 80s. Kevin penetrated the computer systems of almost all large companies. There was not one such defense that he would not be able to crack. But, easily coping with others, the legendary hacker could not cope with himself in time. Which ultimately led to a sad end.
Los Angeles
Like many phreakers of the 70s, Kevin David Mitnik was born into a dysfunctional family. His parents often quarreled, plates regularly flew in the apartment and swearing was heard. The birth of a child has not changed anything. When little Kevin turned 3 in 1966, his parents finally divorced. The mother took her son and moved to Los Angeles, where she got a waitress in one of the local beer bars. Her work day began early in the morning and ended late in the evening, all this time Kevin had to entertain himself. However, he did not have to miss. Almost every day, instead of a boring school, Kevin went on a journey through the streets of a big city. He was attracted by the lights of Los Angeles, the noise and bustle around. Often, he would take a bus and drive to a new area in order to explore all its nooks by evening.
For a young boy, such trips were expensive. For a while, Kevin was interrupted by money given out for lunch and pocket expenses, but soon this was not enough. Trying to solve the problem, he drew attention to tickets, on which it was possible to use public transport as many times as needed for a certain time. In appearance - an ordinary cardboard card, in which the term of its validity was recorded. Correcting the signature seemed simple, it remained to find a used travel card somewhere. Having rummaged in the trash can of the bus station, Kevin collected a full bag of these cards. And after minor editing, he was free to travel around Los Angeles, enjoying freedom. In a short time, he learned the timetables of all bus routes in the city and was so well versed in the intricacies of streets,
In the 70s, until personal computers were properly distributed, the telephone was the pinnacle of excellence in technological communications. And all the first hackers of the planet at the beginning of their "creative path" engaged in phreaking, that is, they called on the phone completely free of charge. From the age of 12, Mitnik entered the cohort of freekers. Acquaintance with Roscoe, with whom they will soon terrify all telephone and computer companies in the United States, turned out to be a landmark event in the life of a teenager. Together with Susan Sander, a girlfriend of Roscoe, who skillfully uses her charms to get the necessary information, and Steve Rhodes, they form a “private interest club” and soon become the most famous hackers of the Pacific coast.
Studying the “chips” of phreakers reminiscent of mastery of tricks, and Mitnik undertook to master this art with all thoroughness, and the desire to be the best in that activity, whatever he was engaged in, soon made him one of the best phreakers, and he already made some fun of his elders comrades.
The most common joke from Mitnik’s arsenal is the transfer of a landline telephone to the category of a street payphone. And when the unlucky friend picked up the phone to make a call, the polite voice of the operator said: "Please drop 20 cents."
With the advent of computers, a young passion swept the young man - now he spent hours in school classes studying modern technology.
From phones to computers
In 1980, Kevin accomplished his first hacking “feat”: he hacked into the database of his own school, gaining unlimited access to all information related to educational activities, including the “grades table” for academic performance. He could instantly become an excellent student, but did not do this, but only earned recognition in the emerging hacker environment.
What is noteworthy, many more times in his life Kevin Mitnik will have unlimited possibilities, but will not take advantage of them - he did not want illegal glory and pirate wealth!
At the computer courses that Mitnik graduated from after school, he found a vulnerability in the operating system and gained access to all privileges on the network. Nobody understood how he did it, but for the detected intrusion he was faced with a choice: either work to eliminate existing vulnerabilities, or “a children's police school”. Needless to say, Kevin chose the first.
Then he took the nickname Condor, from the movie of the same name by Sydney Pollack with Robert Redford in the title role. Condor easily manipulated telephones and people on movie screens, in the same way Kevin manipulated computer systems in life.
Having never used his skills to enrich himself, Kevin could not even afford an inexpensive computer, so he resorted to every opportunity to get on a computer network. For example, the Radio Sheek store, where anyone could work on the TRS-80, however, for a limited time. With his skills, it was not difficult for Mitniku to convince store staff to allow him to use these machines from opening to closing the store.
A year later, having made significant progress in hacking, he entered the computer system of the North American Air Defense Forces in Colorado. The generals only waved a finger, leaving this incident unpunished.
Although the authorities did not attach due importance to all the "exploits" of the boy, among the "colleagues" Mitnik received recognition and gained some fame.
Further more. In 1982, he made a loud theft of training materials for COSMOS and MicroPort at Pacific Bell. Having "chatted" with the guard, Kevin and his friends entered the main building of the company, although it was already well after midnight, and calmly left him with bags full of technical documentation on the phones. In return for this, Mitnik received three months in a California center for difficult teenagers and a conditional year. And a couple of weeks after the release, it hacked the Pentagon network ARPANet, which after some time became public and educational.
By that time, Kevin already had a lot of sins, which in total “dragged” to severe punishment, but, except for suspicions, the authorities had nothing to show him: Mitnik was very good at covering his tracks.
Kevin and the company passed Susan Sander. With her hacking skills, she made an indelible impression on the members of the FBI commission, and they agreed to turn a blind eye to her sins in exchange for evidence of guilt of more seasoned hackers - Roscoe and Mitnika. As a result, the first was given three months in prison, the second, then still a minor - three-month psychological courses.
Mitnik was no longer allowed on Radio Sheek, and Kevin found himself an affordable computer at the University of Southern California, where he posed as a student. Faking a student ID was no more difficult than bus passes. There he was caught breaking into a secret military network. They took him red-handed, a short trial and six months in prison were the price of “curiosity”.
After leaving prison, he got a job at Great American Merchandising, where he performed dust-free work, quickly coping with which, and began his new research on "forbidden" network resources. When suspicious colleagues turned to the appropriate authorities, Mitnika had already caught a trace. He was found only a year later, having previously removed all the incriminating evidence from himself in the police annals, and calmly entered the summer computer classes, where he married the dark-skinned girl Bonnie Vitello, the administrator of the well-known telephone company GTE, promising her that "never again ...".
Thus, from 1982 to 1987, Mitnik completely and completely plunged into ordinary family life in the provincial California town of Thousand Oaks.
But in 1988, the poet’s soul “could not bear”, and he set to work on the old and again got caught. For the theft of various software from the Santa Cruz Operation, he received three years probation. And then he was remanded in custody for downloading the new VMS operating system from Digital Equipment Corporation in Palo Alto. And here it was not without betrayal, it was "surrendered" by the closest friend and ally in hacking Lenny Di Cicco, in exchange having bought himself freedom.
Kevin spent a year in prison, of which as many as eight months in solitary confinement. In addition, he underwent compulsory treatment with a psychiatrist who spoke about his patient like this: “Hacking gives Kevin a sense of self-esteem that he lacks in real life. Greed and the desire to hurt nothing to do with it ... He is like a big child, playing in "Dungeons and Dragons".
He was released under public supervision demanding never to get close to computers with a modem. But all the materials on Mitnik’s arrest suddenly disappeared from the database of the court in Santa Cruz, and the account of the judge who was involved in the case quickly disappeared ... However, there was no evidence that this was the work of Kevin’s hands.
After the conclusion, Mitnik seemed to “change his mind” again: he began to provide IT security services, went on a diet, almost becoming a vegetarian and losing about 45 kg.
By that time, Kevin had already become one of the most famous hackers and all the “dogs” began to be hung on him: all cybercrimes tried to ascribe him to a genius, whether it was about hacking the Pentagon and the FBI networks or penetrating telephone companies. The FBI even ransacked his apartment in Calabasas, California; he was charged with hacking computers in the California Department of Vehicles, from which a $ 1 million bill came to Mitnik’s name. Kevin did not find anything better than to escape and disappear from the intrusive “ guardians ”for two whole years.
He was put on the federal wanted list, but he easily acquired new documents, which, with his talents, was always easy. They even arrested a man who looked like him, but could not find himself.
From 1992 to 1994, he calmly lived in Seattle under the name of Brian Merrill, working as a computer technician in one of the hospitals. “He was a very quiet, completely ordinary person,” said Sherry Scott, secretary of the department in which Mitnik worked. - He never talked about his personal life. He just came and went about his business. ”
It is believed that the baiting of Mitnik, arranged by the authorities, only pushed him to new hacks, and he no longer restrained himself.
Mitnik’s “handwriting” was already well studied, and the relevant authorities clearly defined Kevin’s involvement in intrusions into computer networks of such notorious companies as Motorola, Nokia, McCaw Cellular Communication Inc., Sun Microsystems and others. He was almost caught after the successful theft of the first Security Administrator Tool for Analysing Networks SATAN version of Dan Farmer. The creator of the “devil” tracked down Mitnik and turned to the authorities for help in capturing a hacker. But he managed to retire on time. As a result, the police got several cell phones, a large number of special literature on computers and phones, as well as ... a “police wave” scanner, with which Kevin simply tracked all the actions of the cops.
Battle of the giants
At the end of 1994, Mitnik, known not only for jewelry, accurately calculated, but also for “cavalry” attacks, was clearly one of the best IT professionals. But with whom else can you compete with forces ?! Professionals from telephone companies and government agencies, “sitting” on the salary, - the passed stage. Kevin found himself a worthy adversary in the person of Tsutoma Shimomura, a recognized IT security specialist. A grand confrontation began, now classic.
At that time, Shimomura actively collaborated with special services and, like Bill Gates, loved to “eat his dog’s bread”, so he set traps for hackers not so much to catch them, but to test his own security system once again.
Once, on a vacation going skiing in Nevada, Shimomura did not unplug his ultra-secure computer in Solana Beach (California). It even contained the "homework" of the samurai on secret military orders.
In fact, this was also just a decoy, not a single specialist would be allowed to do such work “at home”. Mitnik knew everything perfectly, but this was precisely the case when the excitement surpassed elementary caution.
All changes that occurred on Shimomura's computer were strictly recorded in logs and tracked on a remote computer by his work colleague, also an American of Japanese descent in San Diego (San Deigo Supercomputer Center).
And the mousetrap worked! Anticipating the prey, Shimomura urgently returned from his vacation. Although Tsutoma did not know who he was dealing with, he immediately realized that this was not a playful child (Mitnik left insulting voice messages for him), but an experienced hacker who managed to download a lot of secret code and put it on rarely used accounts of The company Well (California Internet Service Provider). In hot pursuit, the hacker could not be calculated, and Shimomura would have forgotten the misunderstanding if Kevin had not reminded himself again.
On December 27, he sent Shimomura several more escapades to him, of course, in a voice processed beyond recognition by a computer. The text was approximately the following: “Damn you (it’s better not to translate it). My technique is the best ... don’t you know who I am ... Me and my friends ... We will kill you! ”
Insulted to the depths of his soul, Shimomur, following the best traditions of“ bushido ”, vowed to take revenge on a hacker who questioned the competence of one of the most respected samurai IT security. The first thing Shimomura did was restore the entire course of the attack. The technology was really on the verge of fantasy.
Mitnik entered the computer at Laiola University in Chicago, who had access to Shimomura's home PC. As you know, when the operating system receives an access request, it sends a message confirming receipt to the sending computer. Mitnik conducted a blind game session, and could not see these messages, as he was in a completely different place, but still managed to unravel the sequence numbers and assign the corresponding numbers to his further requests, thus gaining access to Shimomura's PC. (The theoretical possibility of this was predicted by Steve Bellovin of Bell Labs back in 1989, but the Mitnik attack is the first known case of the practical application of this technique.)
But who is this elusive hacker who owns a really impressive hacking technique? Thousands of credit card numbers stolen from NetCom Inc. found on The Well accounts were a good argument for the FBI to intervene in this internecine war.
In the list of suspects, the name of Kevin Mitnik was one of the first. His passion for cell phones let him down: on the same accounts they found programs for manipulating cell phones, which was indirect evidence of Mitnik's involvement. The Fricker past leaves an indelible mark on the rest of my life ...
Shimomura more than took advantage of all the administrative resources provided to him. The intelligence services managed to isolate the search zone from which Kevin got in touch, and the police began patrolling the area.
A serious hunt for the "beast" began. The operation was even seconded by the infamous journalist John Markoff, who will soon write the book “Cyberpunk” with Mitnik in the title role, and then make a film about a terrible hacker. Together with Shimomura they will warm their hands pretty well on the history of Mitnik, having earned about a million dollars, and Mitnik - five years in prison ... and not a cent more!
Unlike the detention of inveterate gangsters, the arrest of a cybercriminal is not accompanied by heated skirmishes and rapid pursuits. The arrest of the chief hacker of “all times and peoples” was no exception to the rule and was also quite casual: on Valentine's Day 1995, a certain judge Wallace Dixon gave his consent to a search of apartment 202 in the Player Club in the town of Raleigh, occupied by a certain Glennom Thomas Keys . On February 15, Shimomura gave the go-ahead to the special services: “Our friend is in touch. You can knock! ”, At 1.30 in the night they knocked on the apartment, having a warrant in their hands. Door opened. “Bah! Yes, this is Mitnik! - the agents exclaimed joyfully. “Take it!” So Kevin was once again behind bars.
Shimomura and Mitnik met face to face at the preliminary hearing all in the same Raleich. The defeated Mitnik, squinting at Shimomura, said in the best traditions of Hollywood: “Greetings, Tsutoma. I admire your art ... ”The samurai nodded proudly, stomping a defeated enemy was not in the Bushido rules, but he did not refuse the glory of a modest superhero - he is still an American, even of Japanese origin.
Court
The trial of Kevin Mitnik was the most high-profile case in the case of hackers, and the authorities needed to make such a decision so that others would not be harassed. It always happens in life - a show trial is the most stringent.
Kevin was charged with 23 computer fraud charges.
Needless to say, Kevin didn’t have any access to computers and communications facilities, because these everyday harmless things in the hands of a famous hacker (or rather, in the eyes of the authorities) turned into a “deadly” weapon, but this was not enough : he was even restricted access to the library with paper books. In fact, deprived of the opportunity to defend himself properly, Mitnik surrendered and on April 4, 1999 pleaded guilty, agreeing to cooperate with the prosecution.
In its severity, the verdict exceeded all expectations, even murderers received milder sentences. But Kevin didn’t kill anyone, but he was more dangerous than any natural killer. In the case of Mitnik, the authorities faced a cybercrime, known to them only from fantastic stories. And everything new scares stronger than the worst, but known.
In his book “Outlawing,” Jonathan Littman very accurately noted: “The authorities can still understand the thirst for profit. But a hacker who uses his power for pure pleasure ... goes beyond their understanding. "
And Kevin was in a prison cell for a long time, without a computer and phone. And when his father died, he even had to write office memos to use the phone to contact his family.
Even Shimomura was dissatisfied with such a court decision: "I was counting on the US government to find a more elegant solution."
Los Angeles detention center No. 89950-012 during his stay there, Mitnika became the most famous and most protected in the world: there was a criminal there, whom the prosecutor offered to hide from society for two centuries!
In fact, Mitnik urgently began to grow wealthy as private investors, like Markoff, and entire institutions. For example, in legal practice, firstly, a precedent was created for punishing a cybercriminal; secondly, Mitnik was the only federal prisoner in US history who was denied even a hearing on bail.
However, the hacker's accusers were enriched in the literal sense of the word, the Los Angeles District Attorney Buck Blomker became a fiction writer from the “Mitnik Case”, writing the book “Exciting Computer Crimes”.
Retired hacker
At the end of January 2001, the 36-year-old Mitnik was released from prison. During his imprisonment, the FREE KEVIN Foundation was organized, which made the necessary amount as a security for the early release of the famous hacker.
But Kevin gained freedom only physically, immediately becoming a lifelong slave to his recent victims: under the terms of early release, he will monthly transfer $ 125 to the accounts of Fujitsu, Motorola, Pacific Bell, Sun Microsystems, San Diego Supercomputer Center and other companies that did not fail to state. that they became innocent victims of a malicious hacker and demand the appropriate “annexations and indemnities”.
A good compensation is received for “... all the material damage that I caused, which came down to the cost of the phone calls I made at the expense of the telephone companies, the costs of fixing the security holes I discovered and several cases when the companies had to reinstall the operating systems and applications for fear that I made loopholes in their software and I will roam their corporate networks. But if I hadn’t found these holes, the companies would have continued to live with them and would have suffered much greater losses. ”
Nevertheless, it will still be necessary to return the money, and it’s not a sin to take advantage of our own popularity and still lost skills. Only having become famous, Mitnik decided to earn money on his own glory and experience.
But until recently, the whole world was in his hands, he could have become richer than Bill Gates, it was enough just to put his hand in the "pockets" of millions of people, but he did not use it. Then he only needed to feel his power. And this is in a society where everyone rules money. What is necessary to have an endurance so that, being in a room with "treasures of the whole world", not to touch a penny? Pass by millions and be satisfied only with the realization of the fact that "I can do this!" Indeed, computer geniuses are not typical people.
“I was driven by purely childish curiosity. I could go into your house, leaf through books from your library, look into your refrigerator, but I never took anything ... ”- said Kevin.
Thus, he went into the "house" of the notorious director George Lucas and flipped through the new Star Wars script, the first to know that everyone had yet to see many months later. Lucas would not even have known about this if Kevin had honestly not admitted his deed.
Previously, no one paid attention to the thick bespectacled man, who was bending down for days at the computer, except for those to whom he crossed the road. But now, his every word was worth its weight in gold. He even noted his return to the on-line with great scope and good earnings. In January 2003, TechTV hosted the broadcast of this momentous event, also inviting Napster founder Sean Fanning and Apple co-founder Steve Wozniak, who are also no less than Mitnik computer enthusiasts, but have personified the “bright side” of IT all their lives. However, it is reliably known that Woz (the nickname of S. Wozniak) was a freak ...
Then Mitnik went over to their side, namely to protect people from such personalities to which he belonged yesterday.
Together with Alex Casper, he created Defensive Thinking (Defense Thinking, recently renamed to Mitnick Security Consulting), an IT security consultancy.
“Someone made millions from my past,” Kevin says. “I got five years in prison.” Defensive Thinking for me is a chance to rehabilitate myself in front of the community, helping clients build reliable and secure information systems. At the same time, there remains the opportunity to do what you love: to study the intricacies of computing systems and human psychology. ”
The main problem of information security, according to Mitnik, is the notorious human factor, speaking of which, everyone somehow immediately forgets that people are also the main resource of states and corporations. He cites bold statistics, arguing that “if people just called back on the phone indicated by the hacker, this would solve the security problem by 80%.” In the matter of security, according to Mitnik, one cannot trust anyone: “Only God can be trusted. Everyone else is suspicious. ”
Mitnik became a public figure, he voluntarily got into the shoes of his recent vis-à-vis Shimomura, and now he will have to prove his professional suitability daily, and there are many who want to fight the greatest hacker of all time. But even an old woman is a bungle. So, on January 30, 2003, the BugBear hacker added his own page to Defensive Thinking, which contains white cubs with the inscription: “Welcome back to freedom, Mr. Kevin, it was fun and easy to break into your box ”(“ Welcome to freedom, Mr. Kevin, it was fun and easy to crack your box. ”) Of course, a lot of time has passed since the last “communication” of Mitnik with the computer, and the technology of hacker attacks has become much more sophisticated, so Kevin reacted, as usual, they say, the human factor is to blame:
Despite the fact that Mitnik was forbidden to use his story for personal gain until 2010, in October 2002 he published a book co-authored with William Simon “The Art of Deception” (“The Art of Deception”). Moreover, it is quite possible that fictitious stories hide their own “cases from life” of the main hacker. By the way, the introduction to the book was written by Steve Wozniak himself.
Another interesting point, a chapter was written for this book, which is a brief autobiography of Mitnik. Kevin did not dare to publish it “on paper”, mindful of the 2010 ban above. However, all this only worked for the legend of Mitnik. Of course, the article was found and published ...
Later, Mitnik’s second book, “Art of Intrusion” (“The Art of Invasion”), was also published. They say that Kevin honestly paid $ 500 each to hackers who shared his most high-profile hacks with him.
If you believe the proverb that "the best cops are former thieves," then perhaps Mitnika will succeed in a new field. One thing is for sure: Kevin can teach a lot of IT security professionals.
And again the question arises: who will be the next king? In principle, we already know the algorithm: for this you need to have an impressive list of victories, but not to use them for personal gain, to defeat Mitnik himself (there are plenty of those who want to challenge him, as he once was Shimomure) and ... be sure to get caught!
Source Number One
Source Number Two