The Godfather of Hacking
Kevin Mitnick is jet-lagged.
The 48-year-old security consultant, once known to America as the world’s most notorious computer hacker, has finally returned home to Las Vegas after a three-week vacation in Spain—his first in 11 years—and there’s no time to reboot.
In town this weekend are 14,000 other hackers, IT professionals, and corporate-security specialists (his estimate) attending Def-Con, which he calls “hands down the biggest security conference in the world.”
The Daily Beast caught up with the notorious hacker as he took a break from the action, to get the scoop on his latest book, Ghost in the Wires. Mitnick, who in photos looks like a cross between Jeff Goldblum and Rick Moranis, describes the fast-paced autobiography as "kind of like a Catch Me if You Can,” referring to the 2002 comedy-drama about the fugitive exploits of con artist Frank Abagnale Jr.
It’s a fair comparison.
In the 1990s, Mitnick went on a “countrywide hacking spree" that made him one of the FBI's most wanted computer criminals. According to a news article at the time, Mitnick "was alleged to have hacked into computers, stolen corporate secrets, scrambled phone networks, broken into the national defense warning system and caused millions of dollars in losses."
Ghost in the Wires
By Kevin Mitnick
432 pages. Little, Brown. $25.99.
He was eventually sentenced to 46 months in prison—a portion of which was served in solitary confinement a result of the government’s overblown fears that he could whistle nuclear-missile launch codes into a phone—and ordered to pay thousands of dollars as reparation.
Today, all seems to be forgiven.
Corporations hire Mitnick’s security company, Mitnick Security Consulting, to do what he does best—hack their computer systems—and report back. “Companies hire me to break into their networks and systems and find their vulnerabilities so they can fix them,” he says of his current life. “I actually get hired to do what got me into a lot of trouble many years ago.” The only difference between his hacking days breaking systems all around the world and what he does today, Mitnick says, is one word: authorization. “Now I have permission to do it. Instead of breaking in and getting an endorphin rush, I’m breaking in and have to fill out a report.”
In recent months, hackers have been making headlines around the world. Groups like Anonymous, which burst onto the scene by famously taking down banks and online services that refused to do business with WikiLeaks last fall, followed soon thereafter by LulzSec, which spent the early summer months on a rampage hacking the systems at Sony, AT&T, and the CIA. From behind faceless avatars from unknown locales, they taunt their targets, the media, and the feds.
As authorities cracked down, scores of awkward-faced teenagers were paraded through courtrooms around the world. One of them was Topiary, an alleged leader of the LulzSec group. The 18-year-old teen was wearing Matrix-style dark-tinted glasses. He looked like a teenage Kevin Mitnick.
The only difference between Mitnick and the current generation, he explains, are the motives.
“I was never after the media attention when I was doing hacking. I didn’t want to be detected, to be honest with you, being caught,” he admits. “When I was in my juvenile years I never spoke to the media about it. These guys are loving the media attention, they have a completely different driver, and I don’t think it's curiosity or intellectual challenge. I think it’s media attention, and the love, for a better word, to fuck with people.”
But still, Mitnick is impressed: “They have a lot of balls.”
“These individuals were hacking into highly respected targets—the CIA, Sony, and what not—and being very open about it, very upfront about their civil disobedience.”
He continues: “I was interested in watching, I was like wondering, ‘Are these guys going to get caught? How far are they going to take it?’ And they took it quite far.”
No stranger to the follies of the criminal-justice system, Mitnick believes the feds are after the wrong guys. “I don’t really think they caught the major players,” he says. “I think they caught the factions, because they get these kids that think, ‘Wow, this group Anonymous is getting all this attention, this is so cool, I want to create my own little faction,’ and [you] get your buddies together, and they’re not technically astute. They’re getting the drug mules in the drug trade.”
If he and the teenage hackers were in touch, Mitnick would encourage them to use their skills in a more “socially acceptable” way—because after the attention dries up, prison’s a bitch. “I’d hate to see them go through what I had to go through,” he says, mentioning the years in solitary confinement, being imprisoned as a national-security threat, and the pain of the federal criminal-justice system. “It screws up their lives.”
Asked about today’s main focus of the security industry, Mitnick points to the silent threat that lies quietly in our pockets and purses. “With respect to the threats these days, I really think it's mobility,” he explains. We should be less worried about teenage hacktivists knocking servers offline than about the vulnerability of our smartphones. “A lot of individuals out there carry a lot of proprietary information on their mobile devices, and they’re not protected,” Mitnick says, comparing the vulnerabilities in mobile computing to unprotected computers in the 1980s. “It’s a very target-rich environment.”
Back at Def-Con, the security conference where mobile security is a hot topic, there are reports of hundreds of not-so-secret government agents trawling the floor. They are looking for talented people. I asked Mitnick if that’s outside the norm.
“Well, yeah. I think they were recruiting before this year, but it wasn’t as open as it is now,” he explains. “Apparently they’re looking for talented people, because they obviously can’t find them within the federal government, because those aren’t attractive jobs. They don’t pay high salaries like the private sector, so obviously they’re trying to recruit talented people.”
I ask if the government is panicking. “Well, yeah, I think they’ve realized they’re behind the game,” Mitnick replies, “but [it's] like a totally 180-degree issue here. The attacks on Google, the attacks on Lockheed Martin, the attacks on RSA—now, those are sophisticated attacks.” The hacker looks at LulzSec and the like as “kids gone wild.” He sees attacks like the one on Google and thinks, “Oh, wow, that’s scary.”
But for Mitnick, who capitalizes on the security concerns of governments and corporations, this new fear may lead to more business.
And business, at the end of the day, is fun.
“It’s almost not like work to me. I love solving puzzles, I love finding my way around obstacles, and I love learning new things about technology,” he says. “It’s like, wow, it feels the same as it did when I was hacking as part of the fugitive game.”