Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
I was once the world’s most notorious hacker, now I do the same thing I did years ago – but I do it with my client’s permission.
IN THE SPACE of 10 years, hacker Kevin Mitnick went from being on the run from the FBI, to spending five years in prison, to spearheading his own Fortune 500 company that probes online security, and ironically, hired by some of the companies that he had attacked himself a decade previously.
Since his teenage years, he had been using tricks to game the system, starting with free bus rides and working out his teacher’s password; eventually evolving to stealing powerful people’s passwords and emails by probing the defences of both corporate and federal websites.
Now, after spending several years in prison for those crimes, he’s hired by companies to test their defences against the increasing barrage of cyberattacks.
Ahead of his appearance at the BT Mindshare tomorrow, which takes place during the BT Young Scientist & Technology Exhibition at the RDS, Mitnick spoke to TheJournal.ie about the greatest threat to companies’ security – its employees.
He also spoke about the major security risks in an increasingly-automated world, how he’s not angry about the “harsh sentencing” he received for his past crimes, and how he became involved in hacking in the first place – it all started with a magic trick on a mobile phone, and a teacher who encouraged his mischief.
Now you see it, now you don’t
When we think of what the internet and other technologies of the Digital Age have been able to make possible in such a short space of time, it’s quite extraordinary.
A video pinged across the world in seconds, huge amounts of money disappears in one account and appears in another; voice controlled-activations, driverless cars, and the prospect of machine-learning.
Similarly, 13-year-old Mitnick was awestruck in high school by the tricks his friend was able to do with a mobile phone.
“What drew me into hacking was my love for magic.” he said. “So as a young boy, I used to ride my bicycle over to the magic store after school to watch the salespeople perform these tricks over and over and over again.
“And then when I ended up in high school, I met this kid who could work magic with a telephone and he did all these tricks – he was able to get my mom’s unlisted telephone number.
He did all this crazy stuff where he’d call another number, he’d get your tone, he’d put in the secret code and you could dial anywhere in the world for free.
This art of manipulating or experimenting with phones or other communication devices is called ‘phreaking’, and gained popularity in the 1960s and ‘70s. As phones became more digitised, the often illegal practice of phreaking became closely associated with hacking.
In the early 1970s, Apple co-founder Steve Wozniak invented a device that allowed them to make free calls anywhere in the world by using certain tones in the telephone system. After a series of pranks, Wozniak’s friend and the famous co-founder of Apple Steve Jobs started thinking of ways to monetise the illegal devices, and invented the ‘blue box’, which were sold during the 1970s. It was from the proceeds of this ‘phreaking’ phone device that Jobs and Wozniak were able to fund their first creation – the Apple One.
“So Apple computers started from the phone phreaking stuff, and me I was also a prankster. I used to use my phone phreaking skills to change the [messaging service] on a friend’s home phone to a pay phone. So I remember when he or his parents tried to make a call it said ‘please make a deposit of 25 cents’.”
He says that as phones became more computerised in the 1970s, he upskilled in order “to pull pranks on friends and family”. So he decided he wanted to take a computer class, which had just become an option in his high school. But because he didn’t have the required prerequisites, he wouldn’t be allowed to take the class. So his friend suggested Mitnick should “show him what you can do with the phone”.
After obtaining the teacher’s wife’s number from the classroom phone, connected through the dial-up modem, and a few other tricks, the teacher allowed Mitnick to take the class.
His teacher continued to encourage Mitnick; even after he neglected the first task he was given in favour of creating a code that revealed the passwords of his classmates and teacher.
So the first programme that I ever wrote in my life was a log-in simulator, similar to a modern-day phishing programme.
Kid’s stuff.
FBI Most Wanted
Between the age of 16 and 32 (the age at which he was arrested by the FBI) Mitnick had copied software at the Digital Equipment Corporation, had hacked into the Pacific Bell voicemail computers, had gained access to dozens of computer networks for access to passwords, emails, and private information.
But despite Mitnick’s desire to keep a low-profile, and who hacked systems “for the pursuit of knowledge and adventure” and not for personal profit, he was labelled as the bad guy. In a book published in 1995, Cyberpunk: Outlaws and Hackers on the Computer Frontier, authors Hafner and Markoff labelled Mitnick as a ‘darkside hacker’. Afterwards, USA Today published a picture of Mitnick’s face superimposed over an image of Darth Vader.
This came just before his arrest in February 1995 after a high-profile pursuit by the FBI. He was charged with and pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, and served five years in prison.
Eight months of that sentence were served in solitary confinement, Mitnick says, because a prosecuting lawyer told the judge that he could use a prison payphone to communicate with a NORAD modem by whistling, which would launch nuclear missiles.
Mitnick says he responded by laughing, but the judge seemed to take the suggestion seriously, and agreed to putting him in solitary confinement, a decision that Mitnick cites as an example of the depth of their misunderstanding.
While on the run from the FBI, he repeatedly tricked agents using cloned cellular phones to hide his location, which Mitnick told TheJournal.ie is the reason he received such a hard sentence.
“They had egg on their face,” he said, adding that former FBI agents who he’s met since have agreed with him that he got a harsh sentence.
Today’s threats
Today, Mitnick says that although there are more ways of hacking into people’s accounts, and accessing private information, the number one way in which “the bad guys get in” has stayed the same since the ’70s – through talking people into giving up private information.
He calls this technique ‘social engineering’ (think Leo DiCaprio in Catch Me If You Can).
“Social engineering is using manipulation, deception and influence to get a target to comply with the request, usually to give information or to click on an attachment in an email. And once the victim opens up the attachment and follows the instructions of the attacker, the computer is compromised.”
He says that some nationalities are more skeptical to these types of approaches by phone – Russia and China, for example, while in countries like Japan and Australia people are more likely to trust a caller and accidentally give away security information.
He also expressed concern about how the Internet of Things (IOT) might increase the number of cyber attacks over the next few years because of the increasingly interlinked systems and weak passwords.
“What hackers do is find flaws in code. So developers make flaws in their code, or they don’t think ahead, and what hackers do is find these flaws and exploit them. As complexity is built into operating systems and applications, it usually breeds vulnerabilities.
“The big threat of today is the Internet of Things, so you can buy a toaster today that’s built into the internet, and so an attacker could compromise your toaster for example, and even install malware onto it so that they could break into other systems and devices.
The Internet of Things is like the Wild Wild West. A lot of the IOT devices out there have default passwords like ‘adminadmin’, or ‘password’; or some of them you can’t update, so if there’s a security flaw you have to throw it away.”
He’s also concerned about the fanfare around artificial intelligence and the limitations with that: yes you can use machine-learning to build ‘smarter’ products, but those with more nefarious intentions can also use them as attacking systems.
“It’s kind of like a hammer, you can use a hammer to build a house, or you can use a hammer to destroy a house.”
On his first visit to Ireland, Kevin Mitnick will appear in the RDS at 5pm tomorrow to perform a ‘live hack’ – or a demonstration of how easy it is to gain access to private information as part of the BT Mindshare event.
If you’d like to register for the event, click here.
To embed this post, copy the code below on your site
This is not a one size fits all situation. The world is trying to get itself back to as normal as possible. If certain kids can go back to school safely let them. If it is a thing that some can’t for whatever reason come up with solutions… instead of moaning about it!! Just get on with it. All these bloody whinge bags. I’m sick and tired of it. Life isn’t fair in general. Get on with it.
@Caoimhín O’Cheallacháin: well said. This expensive state whinge bag is paid for by me and you.
@Caoimhín O’Cheallacháin: why can’t the look at Cambodia or Vietnam and bring half in the morning and half in the afternoon ah silly the teachers won’t agree to that
@Eileen Downing: You can’t compare us to Vietnam, huge man power, huge contact tracing, a military dictatorship. Also your comment on teachers is uncalled for, any proof teachers have said no to split classes, timetables? I’ll answer for you. No you don’t have proof, you just have issues with teachers. Teachers have said time and again they would do what’s needed. Some schools have already planned for split timetables, without any guidance from the department. So shove your snide cynical remark.
@Eileen Downing: You’re right. We should do exactly as Cambodia are doing. So we’ll keep schools closed until November shall we?
@Eileen Downing: this bullshit again ” the teachers” like they are some kind of enemy .like the title of a horror movie…The teachers!!!. Teaching staff give a shit about kids that arent theirs…and then go home and give a shit about their own kids.
@Eileen Downing: Eileen no disrespect but I’d prefer just to concentrate on Ireland. We have produced highly educated graduates in the last 50 years even before the advent of technology. We can adapt and change and get on with things as Irish people. I have my gripes about technology and my main one is it has prevented people thinking freely for themselves. We nearly need to get permission from Google to do things these days. But that’s another story…. We just need to put our heads down work hard and everything will come out ok the other side. I’m just really tired of living in a society that has no resilience and wants everything handed to them just because it was handed to Johnny up the road!
@Caoimhín O’Cheallacháin do you have kids yourself Caoimhín, I do and I’m very weary of advice from a constant stream of contradicted advise from a bunch of scapegoats giving advise in fairness on c19 but full portfolio in an economic society with the Dr’s safest advice doesn’t work
@Agenda21: yes I am a parent… We don’t need advice. We need people to make decisions for the best interests of the people. I would be happy personally if we had a leader who was strong enough to make decisions going against possibly the “best advice” of it was explained his reasoning and why. But I feel mob rule wouldn’t allow for that and would offend too many snowflakes
According to our constitutuon all children are entitled to an education and all children are to be treated equally
@a politicians promise is as good as a lie: according to our constitution I am free to associate with whomever I choose, travel freely, worship publicly etc. Extraordinary times and emergency measures and all that jazz.
@Gordon Comstock: What worth is the Constitution if you are denied the ability to use it, in court, against laws that clearly break it?
@Tony Humphreys: Or if you’re stuck in ICU on a ventilator and aren’t free to go wherever you like?
@a politicians promise is as good as a lie: that didn’t happen before Covid 19
@Tony Humphreys: no rights are absolue, even the right to life can be superceeded by self defense…most clauses end with ‘save n accordance with law’…. eg Article 40(4)(1) No citizen shall be deprived of his personal liberty save in accordance with law. Article 40(5) The dwelling of every citizen is inviolable and shall not be forcibly entered save in accordance with law… Article 40(6) The State guarantees liberty for the exercise of the following rights, subject to public order and morality…(ii) The right of the citizens to assemble peaceably and without arms…Laws, however, may be enacted for the regulation and control in the public interest of the exercise of the foregoing right. etc etc
Not discrimination… this is a health and safety issue, ….. If your child is not allowed to attend school for their own Health & Safety and you are a parent that feels your child is being discriminated against then, you would be an I.D.I.O.T
Any measures will be temporary…
@Paul O’Sullivan: 6 months is NOT temporary
In a pandemic, good trumps perfection! Try get as many kids back as soon as possible on as equal a basis as possible.
Open the schools earlier so. Everyone gets a decent amount of school time while still leaving some room for shutdowns in winter due to second wave/flu season. Safer in summer anyway cos kids can spend more time outdoors.
@Thomas O’ Donnell: Would be something but the government doesn’t consider allowing something on a smaller scale yet..
On another hand… if you are removing the summer holidays you don’t have to open the tourist sector ever again. They depend on people staying in the country and still visiting it. That won’t be possible otherwise.
@Thomas O’ Donnell: You presume that schools have the outside space to do so. The DES went on record today to say that there isn’t any provision for extra funding for PPE or extra cleaning , who pays for it ?
If the impact for children with special needs is twice as bad the lads have to come up with some concept until September.
@8-Bit-Relic: July Provision is apparently being considered.
@Bríd Uí Mhaoluala: but they’ve yet to give a single detail about it. Am sure it’ll be released at 4:55 on a Friday to start the following Monday.
@Graham Manning: 4.55? I’d say 17.55.
Such a confusing statement and article. Saying that it is discrimination if some children get to go back and others don’t makes some sense. Then says that some children need to come back earlier? Seems to be two contradictory statements! When the schools are open parents will make their own choices about returning or using their right to teach their own children. It’s not’ discrimination’ if parents choose not to bring them to school.
In order to protect a child with for example very frail health and susceptibility to complications related to Covid-19 that child is asked to stay away from school a little longer when it reopens than children in more robust health until we have a better handle on the public health situation.
It may be more complicated and it may take a bit more time to come up with solutions for children who due to circumstances beyond their control need more assistance with dealing with the probably temporary new realities.
How is that discrimination ? To me it appears to be the simple fact that one solution will not fit all and it will simply take a bit more time to solve more complex needs and associated practicalities. As long as solutions are being worked on and implemented as soon as possible I do not believe there would be a case to argue that this amounts to discrimination.
Something FFG would sign off on…
Does this mean my kid’s school will be getting hot water and soap in their toilets?
have your say