Mitnick Speaks About Hacking 221
Rob_Warwick writes "I've just posted a one on one interview with Kevin Mitnick on Applefritter. In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes, and how social engineering can assist in making a technical exploit work. Mitnick speaks about which industries are at highest risk from social enginerering, and what types of workers are generally easier to talk into doing something for you. Kevin also talks about who his heroes were when getting into phreaking and computers, as well as a humbling moment when he was on the recieving end of some social engineering. The HOPE keynotes for both Kevin and The Woz are also available for download."
only audio??? (Score:3, Insightful)
How to garuntee a slashdotting (Score:2, Insightful)
Re:only audio??? (Score:3, Insightful)
love it (Score:1, Insightful)
The interviewer is on speed? (Score:4, Insightful)
Note to applefritter: take the drugs away from DBub.
Biometrics (Score:4, Insightful)
FUD, apply, lather, rinse, repeat.
Re:Biometrics (Score:5, Insightful)
Re:Mitnick stories... (Score:0, Insightful)
He's no hero, people. He's scum, albeit famous scum, and he's capitalizing on his notoriety to convince people that he actually knows what he's talking about so he can make some quick cash.
Re:Mitnick stories... (Score:4, Insightful)
To all you Anonymous Cowards: No he's not a hero
Did he suffer a misjustice? Maybe (I'm not a lawyer), but he put himself in that position. Play with fire and someday you'll get burned, it's just that simple.
Re:Didn't Mitnick go to jail? (Score:3, Insightful)
If there's a machine capable of identifying fingerprints, hand prints, face lay out or retina patterns there sure are one that can record and duplicate the same. Social engineering the new way will sure involve scanning of fingers, hands, retinas and so forth..
"Hi there Sir, how are you doing? (voice). Can you take (fingerpints, hand patterns, DNA) my picture? (face, retina)"
Re:Biometrics (Score:5, Insightful)
Aside from that, the implementation is icky. Half a year ago you could read about every single comersially available fingerprint-scanner being defeated by cheap and simple tricks such as for example blowing graphite-dust over them (sticks to the fat-traces from previous finger), and then pressing down on them with a piece of clear tape.
Also, in many situations they're just not useful, how could biometrics secure the login to your online bank ?
Authentication is based upon one or more of what you *know* (for example a password), what you *have* (for example smart-card or key) and what you *are* (for example biometrics).
Good, robust security uses a combination. For example, the combination of posessing a smart-card and knowing a code is used to authenticate to my online bank.
Even if someone convinced an account-holder to give up the password, that'd still not matter, aslong as they didn't *also* convince the person in question to hand over the smart-card.
Re:Mitnick stories... (Score:3, Insightful)
The sad truth of it all is that he's part of 'computing lore', he'll end up as a footnote in the computing equivilent of Bullfinches, placed there by his lame fanboys.
tips (Score:5, Insightful)
Re:Obligatory "It's Crackers not Hackers" post (Score:3, Insightful)
New name for an old practice. (Score:2, Insightful)
fraud NOT "social engineering" (Score:4, Insightful)
What Mitnick does is not "social engineering." Social engineering would be something like trying to convince a population of people to eat more healthily, or stop smoking, or something like that.
What Mitnick does is fraud. Alternatively, you can call it grift, or con. (As in, Mitnick is a con man.)
Using the term "social engineering" is playing into the hands of the con men. It's a term they invented to con you in to thinking that what they do is somehow more acceptible than it is.
Use the term, and you've been conned.
Argh (Score:4, Insightful)
What encryption and/or data protection schemes did he use that the FBI couldn't break?
Re:Mitnick stories... (Score:4, Insightful)
He's a criminal, a convicted felon plain and simple. Unfortunately till these damn wannabes grow up he's always going to have an audience of idiots waiting to pay for his next book.
Is it just me... (Score:5, Insightful)
Yes, I had problems with police imprisoning him with little recourse as they did.
Yes, Tsutomu Shimomura is a yahoo who did a lot of stupid and bad things. The greatest was probably his aweful book written with "journalist" John Markoff (I enquote that because as he was ghost writing with Shimora, he was also writing articles that were supposedly objective yet never mentioned doing a book with one of the particpants of the story).
[Shimomura was terribly impressed with his (own) computer security abilities, yet ran tools that had long been sources of security holes because it was convenient. ("I am a master of securing houses; all the world leaders come to me. So imagine my shock and outrage when I'd found that someone had lifted up my welcome mat and used the key I keep there to get in. I must hunt down this bastard and have my revenge.").]
I was appalled that national ISPs would so readily turn over logs and access to their networks and their users information to a vigilant/yahoo.
But no, I wasn't sorry that Mr Mitnick got his ass busted. He was no kiddie using youth as an excuse for poor judgement. He was a thief who rationalized stealing from people and companies by its electronic abstraction.
No, I don't think Kevin's "cool". That he is someone who would steal my personal information because the people I had to give it to are idiots about securing it doesn't make it ok to do so. And it's felony when he then uses that information to buy things. I don't want him in the room when I pull out a credit card. I don't want him in a hotel where I use a credit card.
Should the hotel be smarter? Sure. But the people who decry identity theft cannot also embrace Kevin Mitnick as one to be admired.
He's an asswipe.
Social Engineering is... (Score:3, Insightful)
Re:Mitnick stories... (Score:4, Insightful)
Kevin committed a string of crimes, he went to jail, how is that unjust?
Its not like Kevin didn't know he was doing something wrong, when he got busted last time it was not his first run in with the law, it was not even his second. He got chance after chance as a juvenile. Now he wants people to believe he has gone straight.
I don't beleive him, I think he is still using his social engineering skills and the rubes who think he got treated unfairly are only one of his targets.
Remember, its innocent until proven guilty, Kevin has been proven guilty - repeatedly. If you want to feel bad about people who got treated baddly by the US justice system there are plenty of examples of people who went to jail for much longer for doing far, far less.
Re:Is it just me... (Score:3, Insightful)
Re:Convicted? (Score:3, Insightful)
The second time around he was being held on the grounds that he absconded while on parole from his first criminal sentence (first as an adult).
If you commit a crime while on parole you go back to jail, if you abscond you go back to jail. The sentence does not 'time out' just because you absconded.
The feds did not need a charge because they already had a conviction.
From the DOJ: [usdoj.gov] Kevin Mitnick, who pleaded guilty to a series of federal offenses related to a 2½-year computer hacking spree, was sentenced today to 46 months in federal prison, United States Attorney Alejandro N. Mayorkas announced.
Mitnick, 37, pleaded guilty in March to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. Mitnick's prolific and damaging hacking career, which made him the most wanted computer criminal in United States history, was ended when he was arrested in North Carolina in February 1995.
Kevin made a plea agreement. He admitted he was guilty to much more than the four specimen charges he was sentenced for. He has never claimed that he was innocent. If the DoJ had gone to trial on the original charges Kevin would still be in jail and would not be getting out for another 5-15 years.
Exactly how is a 46 month sentence for a second offense unfair? Kevin caused hundreds of thousands of dollars of damage by all accounts
Aggression as a major component of ScoEng (Score:1, Insightful)
It never really occurred to me but you make a lot of sense. There's a new-age "boldness" to social engineering in the 21st century where you just have to re-affirm you're "right" enough times to break down the will (or objectivity) of the person you're dealing with.
With people becoming increasingly personally insecure, an aggressive stance can compensate for accuracy and integrity. Self-confidence has always been a foundation of social engineering, but as evidenced in the major media, aggression is an added component that makes people acquiesce. People are so hell-bent on avoiding conflict these days, this can make the difference between success and failure. This probably explains a lot of the fallacies that the public believes in light of the truth: those that promote the objectives come off stronger and more powerful than their opponents.. not necessarily right, but more aggressive, and as a result they "win" the argument.
Historically ScoEng scenarios have traditionally been based on inside knowledge of the mark or the industry. Not any more. You want a free pizza? You're better off calling the pizzeria as an irate customer, therefore putting them on the defensive. Want to socially-engineer information out of someone? Contact them and be confrontational.. they're much less likely to question your motives as they try to evade the conflict.
This seems to be the modus operandi in the media: Present a viewpoint. If anyone challenges it, instead of attacking the issue, attack them! Very effective nowadays.
Cut him some slack (Score:2, Insightful)
Is it just me, or do you really don't care about him anymore?
It's a bad dream that just wont go away, some people are so enamored with Kevin that they feel the need to post every story that includes his name.
He's a felon.
I'm not denying the legitimacy of your point, but it's hardly an argument worthy of justifying the lack of value Mitnick holds, represents or deserves within this community.
Our history is full of technical "bad guys" from Christopher Columbus to Robin Hood, that are respected in one form or another even though their acts may have been in defiance of historical or current standards of law. Everyone, whether they admit it or not, has a soft spot in their heart for the concept of a "rebel" who doesn't willingly conform to established rules. After all, the United States was founded by such rebels.
Mitnick did some dumb shit. I'm sure even he would admit that. But anybody would have a hard time proving that his actions really hurt people, much less caused the damages that the authorities claimed. Some feel Mitnick may have merely been one of the first public figures to be recognized for pulling the curtain exposing the true vulnerability of the Wizard of Oz. That being said, it's hard to be that sypathetic to him when he was a repeat offender. That is just dumb. By today's standards some might argue he'd be lucky to last as a script kiddie with such questionable judgement despite the talent. But IMO, that's beside the point of the real issue, which is whether or not his life or wisdom is worth respecting.
I think the main flaw of your rebuttal is that it implies that paying attention to Mitnick in some way serves to condone his dishonorable past activities. Many such as myself would strongly disagree. If anything, IMO, Mitnick's presence serves as a reminder and a deterrant in this respect.
Some might say the attention paid to Kevin and his incarceration is less an homage to him as it is payment on an insurance policy against more henious future injustices, and an attempt to make more people aware that not all hackers are the evil criminals some paint them as. Some also believe that Kevin's history underlines the ideal that it's not so much WHAT you do, but WHO you do it to, that can get you in the most trouble.
Mitnick is more a symbol to the community than an individual. He garners more respect than more talented, more insideous black or white hat hackers because despite his questionable judgement and history, he seems to epitomize the most idealistic part of the core of a true hacker, which is analogous to that which might drive a guy to traverse into hostile territory to climb the most challenging mountain.
Like it or not, Mitnick has the distinction of being one of martyrs/heros/rebels of the tech community. Whether he deserves it or not is secondary to ideal he represents at this point. The only thing that can screw this up are closed-minded judgemental people, or his acts embarassing the community which he represents. He seems to be holding his own these days.
IMO, I feel, to discount him as a "felon" and therefore not worth listening to is foolish and ignorant. What trials and tribulations have you gone through in your quest for knowledge, data and access? What risks have you taken? Do you have as much wisdom and experience to share because you boldly pirated Photoshop via Kazaa? Are you qualified to pass judgement on this guy's value to others merely because you weren't foolish enough to tear the tag off your mattress? Do all the heros of your life worth listening to have an impeccable record of pure lawfulness?
This guy has made a lot of mistakes. But he's an icon. He's generally respected now. Cut him some slack. He's not advocating criminal activities. He's serving a useful purpose in the community by "outing" a lot of issues. Yes, he's capitalizing on his infamous notoriety, but who wouldn't? It seems like a smart choice that's the result of making the best out of a bunch of bad situations.
With that being said, Kevin if you're reading this, do me a favor and don't do any more hacking of big corporate/government computers and make me look like an idiot ok? kPforward, tnx : )
Re:fraud NOT "social engineering" (Score:1, Insightful)
The problem is, that sounds like fraud too. I don't think the term social engineering is based on whether or not the objective is moral, ethical or lawful.