Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Kevin Mitnick Finally Meets His Mark

Kevin Mitnick Finally Meets His Mark

by Nikola Strahija on February 25th, 2002 Exactly ten years ago, Kevin Mitnick tricked a Novell employee into giving him access to sensitive corporate data. This week the legendary hacker and his unsuspecting target met for the first time.


"This is ironic," Mitnick told Reuters as he and Shawn Nunley shook hands and greeted each other like old pals at the RSA Conference on computer security. The two laughed and swapped stories about the days when they were antagonists. Branded a "computer terrorist" by the FBI, Mitnick kept the frustrated authorities on the hunt for three years, during which time he hacked into the networks of Novell, Sun Microsystems and Motorola, among others, in the early 1990s.

According to Reuters, Mitnick, now 38, lives in the Los Angeles suburb of Thousand Oaks, Calif., was finally arrested in February 1995. Held without bail for nearly five years, he served eight months of it in solitary confinement.

"I was the only person in U.S. history ever held without a bail hearing," he told Reuters in an interview Wednesday. Amid fears that he would not get a fair trial, he pleaded guilty in March 1999 to wire fraud, computer fraud and intercepting communications. He was on January 2001.

He is required to get government approval before traveling or using any technology until his probation is up in January of 2003. While permitted to carry a cell phone, Mitnick still can't use e-mail or surf the Web. Reuters reports that now authorities are trying to cut him off from the hobby he's had for 25 years, the ham radio.

Mitnick and Nunley's paths first crossed in 1992 when Nunley worked for Novell. At the time, Mitnick was interested in getting access to operating-system source code to see how computer users were authenticated. "I was interested in log-in programs, to find out where I could place back doors," Mitnick told Reuters.
Mitnick impersonated an employee who was on vacation and called Novell's wide-area networking department to ask for an account so he could dial into the company's network as any legitimate employee using a laptop would be able to do. The engineer on duty referred Mitnick to Nunley, who was the only employee at the time authorized to create dial-in accounts. So Mitnick called Nunley at home.

While Nunley agreed to do it, he first requested that Mitnick first leave a message on his voice mail at work as proof of the request. This in case his boss questioned it later. That voice mail was the evidence authorities eventually used to incarcerate Mitnick. Mitnick knew that Nunley would call the impersonated employee's voice mail to verify his identity, so Mitnick changed the employee's voice mail using his own voice after convincing someone in Novell's telecommunications department to surrender the password.

"At Novell, we felt violated and we wanted justice done," Nunley added, "We spent a lot of manpower cleaning up the mess he left." Reuters reports that soon afterward Nunley came to believe that prosecutors were exaggerating the damage estimates and trying to "make an example out of" Mitnick. "I went from being happy about Kevin being punished" to being angry about it, Nunley added. So he called Mitnick's lawyer to offer his help.

The two men have been in telephone contact since. Of the conference, Mitnick told Reuters that he was amazed by experts' statements regarding how insecure wireless networks are. "It's like the old days of war dialing," Mitnick continued, referring to a practice in which hackers would use a program to scan networks to get dial-up numbers from inside a company. "Now you just sniff," or eavesdrop, Mitnick added.

Mitnick is barred from profiting by telling his story until 2010. He can write about security if it's not a memoir. Reuters reports that he is writing a book tentatively titled "The Art of Deception." The book is about a common hacker technique he was notorious for: social engineering. Using social engineering a hacker dupes people into giving out information rather than using technology to get it, which Mitnick told Reuters is much harder to do.

"A lot of businesses overlook social-engineering attacks," Mitnick added. "Out of this whole conference there's not one session that talks about it." Nunley, who has seen Mitnick's skills as a trickster firsthand".
"It's a performance art." -he said.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »