Early life
At the age of twelve Kevin Mitnick used social engineering to bypass the punchcard system used in theLos Angeles bus system. After a friendly bus driver told him where he could buy his own punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information to include user names and passwords, modem phone numbers or any number of other pieces of data.[citation needed]
In high school, he was introduced by "Petronix" to phone phreaking, a method of manipulating telephones, which he often used to evade long distance charges. He also became handy with amateur radios; using radio equipment, he reportedly managed to gain unauthorized access to the speaker systems of nearby fast food restaurants.
[edit]Computer cracking
Mitnick gained unauthorized access to his first computer network in 1979, at the age of sixteen, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's computer network and copied DEC's software, a crime he was charged and convicted for in 1988. He was sentenced to twelve months in prison followed by a three year period of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. Mitnick fled after a warrant was issued for his arrest, becoming a fugitive for the next two and a half years.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail. Mitnick was apprehended in February 1995 in North Carolina. When arrested he was found with cloned cellular phones, over one hundred clone cellular phone codes, and multiple pieces of false identification.[2]
Confirmed criminal acts
* Using the Los Angeles bus transfer system to get free rides[3]
* Evading the FBI[4]
* Hacking into DEC system(s) to view VMS source code (DEC reportedly spent $160,000 in cleanup costs)[3][4]
* Gaining full admin privileges to an IBM minicomputer at the Computer Learning Center in LA in order to win a bet[3]
* Hacking Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens systems[4]
[edit]Alleged criminal acts
* Stole computer manuals from a Pacific Bell telephone switching center in Los Angeles[5]
* Read the e-mail of computer security officials at MCI Communications and Digital[5]
* Wiretapped the California DMV[5]
* Made free cell phone calls[6]
* Hacked SCO, PacBell, FBI, Pentagon, Novell, CA DMV, USC and Los Angeles Unified School District systems.
* Wiretapped FBI agents according to John Markoff,[5] although denied by Kevin Mitnick.[7]
Arrest, conviction, and incarceration
After a well-publicized pursuit, the FBI arrested Kevin Mitnick on February 15, 1995 at his apartment in Raleigh, North Carolina, on federal offenses related to a 2½-year computer hacking spree.[8]
In 1999, Mitnick confessed to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison in addition to 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into PacBell voicemail and other systems and to associating with known computer hackers, in this case co-defendant Louis De Payne.
Mitnick served five years in prison, four and a half years pre-trial and eight months in solitary confinement, because law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone".[9] He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially restricted from using any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet.
As per the plea deal, Mitnick was also prohibited from profiting from films or books that are based on his criminal activity for a period of seven years.
Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy.
[edit]Controversy
Kevin Mitnick's criminal activities, arrest, and trial, along with the associated journalism were all controversial.
Though Mitnick has been convicted of copying software unlawfully and possession of several forged identification documents, his supporters argue that his punishment was excessive. In his 2002 book,The Art of Deception, Mitnick states that he compromised computers solely by using passwords and codes that he gained by social engineering. He claims he did not use software programs or hacking tools for cracking passwords or otherwise exploiting computer or phone security.
This controversy is highlighted by the differing views offered in two books: John Markoff and Tsutomu Shimomura's Takedown, and Jonathan Littman's The Fugitive Game. Littman made four main allegations:
* journalistic impropriety by Markoff, who had covered the case for the New York Times based on rumor and government claims, while never interviewing Kevin himself.
* overzealous prosecution of Mitnick by the government
* mainstream media over-hyping Mitnick's actual crimes
* Shimomura's involvement in the matter being unclear or of dubious legality
The case against Mitnick tested the newly enacted laws that had been enacted for dealing with computer crime, and it raised public awareness of security issues involving networked computers. The controversy remains, however, and Mitnick is often used today as an example of the quintessential computer criminal.
Supporters of Mitnick have asserted that many of the charges against him were fraudulent[10] and not based on actual losses.[11]
0 comments: