As a huge fan of Leo LaPorte's old show the Screensavers, I knew who Kevin Mitnick was but really had no idea how much effect he had on my own life or what he had really done.
[Video. Kevin Mitnick uses a computer for the first time after his sentence of being unable to use a computer expires on the Screensavers with Steve Wozniak and Leo Laporte]
Cyber-enemy #1: Arrested February 1995
I missed his arrest in 1995 because I had just had my first child and was on maternity leave but I had been working for telephone companies since 1991 for one of Kevin's targets: GTE, then, the nations second largest phone company. But now, I understand a lot.
Mysteries Explained
Kevin Mitnick's book explained so many of the things that the "engineers wouldn't tell us" that I am glad I read it. I am only beginning to put things together of what must have been shaking the telecommunications business to the core and still does, but I wasn't at a high enough level to really know about in detail.
Questions like:
- Why were telephone CO (central offices) so secure? (We weren't allowed to tour them.)
- Why weren't more features on switches enabled and used? (call waiting/ caller id)
- Then, when I worked on the cell phone side: how did people clone the ESN's (electronic serial numbers) and why was fraud so ridiculously high? How did that work? When I went on trips, why were such subjects taboo among engineers and not even talked about over dinner?
- As market manager of a major city, I wasn't allowed into the company cell sites. I had a valid reason at one point but engineering and operations were very separate to the point of it being odd. Why?
- When we asked questions about fraud why did the engineers go silent?
- Why did that smart guy who could write in binary get hired and why did he work late into the night? The engineers said he had "special skills" but wouldn't explain them. Why did the engineers have secret meetings and not tell those of us in marketing and sales even what they were about? What was going on?
It makes sense now.
COULDN'T PUT IT DOWN
Like the motor cycle accident, I couldn't look away.I really wanted to.
I feel like good people are being hurt with this book.
Now that I have said that, I know that Kevin himself says he is glad he is no longer breaking the law, but my biggest problem is that he seems to still be doing harm.
Much of Kevin's ability to steal the source code of the prominent operating systems of the 80's and 90's comes from his uncanny ability to "social engineer" or gain people's trust through deceit to get them to tell him passwords and share whole files. He shares the real names and phone numbers of many of these "nice" people in the book.
People Behind the Pain
I think the thing that bothers me the most, though was when I tweeted about reading the book, a close friend who has been at a major software giant for a very long time dm'd me on Twitter.
"Read the book, but don't make Mitnick out to be a hero. I owned a computer hacked by him in the 80's."
I wanted the back story and reached out. He worked for DEC programming the operating system (OS) when Kevin stole a copy of their code.
In the book, Kevin asserts that his hacking didn't cost the companies any money. He is wrong. According to my friend, DEC's development calendar was delayed over a month while the 70-person OS team audited every line of code of DEC's operating system.
"Just because a hacker says he just copied the code because he could, doesn't mean we could afford to believe him. We had to audit every line of code because as a company we had to make sure that our product was safe."As a person hired to find and help fix security breaches, Mitnick should know that breaches, even if a person doesn't do something, cost money. Hacking cost companies money. I feel like he marginalizes the harm he caused.
I don't buy that people who hack in this way really help make us safer or provide benefits of any kind. (Note: There are many "white hat hackers" who do us a service through protecting us. I am talking here about the hacking described in this book before he began his security business.)
Mitnick's mutiny- a last revenge.
Kevin was truly sorry for the pain he caused his Mom and Grandma. Early in the book he mentions that he has an uncanny memory.
He names names and phone numbers in this book of the "nice" and gullible people who gave them their passwords and data files. The "nice" government officials that he conned into giving out social security numbers, addresses, phone numbers, tax records, and all kinds of personal information relating to his targets including how he hacked voice mails. (Sound familiar?) This was in the 1980's until 1995: just a few years, later these people are still around.
What is social engineering?
Social engineering is another word for conning or lying. Period.
The thought of good people losing their jobs because they were duped and now those good people having the whole world know they were duped because Kevin used their names in his book...that makes me feel like he is still doing harm. Some may not even know it until the book comes out.
What good comes from your reading this book?
So, in this book, he embarrasses people and companies by relaying phone numbers, names, and exposing security flaws for major companies like Pac Bell, GTE, DEC, OKI, Nokia, Microsoft, the IRS, the Department of Motor Vehicles, government agencies of all kinds and more?
Why should I read this book, Vicki?
If we need something to make us more paranoid, this is it. If you are in charge of an IT department or security, you need to understand what Kevin did and that every Mitnick-wannabe will probably be trying this in the future.
I will never view any phone conversation the same ever again. I will never even view any open wifi connection the same again. One of the top tweeters, Ashton Kutcher had his wifi device hacked and fake tweets posted to his account, for goodness sakes.
You know, we know that hackers are there, but this book makes them real. It makes me paranoid. Maybe that is a good thing.
What do I feel?
I really don't know what to do with this book. I see the man who just had his nose rubbed off by the pavement looking out at me with blood pouring out of the hole where his nose used to be.
This is probably the first disgusting thing like that you've ever seen me write. But it is the only way to tell you what I feel.
I know that because this book inhaled me and I read it in 4 days that other people will look too, but I am horribly in pain for those Kevin has double hacked by putting their naivety on display. I am sorry.
I don't know what to think except that we all need to wise up and teach our students to have secure passwords that they don't write down and they never share with each other.
It is time to grow up and realize that bad people are out there and just because a nice guy calls on the phone doesn't mean we need to be helpful. I just don't know how I like living in a suspicious world but I guess that is where we are.
I just wish Kevin Mitnick would rethink the harm he could do to nice people. I guess us nice people are dumb and he is so smart that we dumb nice people deserve to be humiliated but I just don't buy it. I don't think the names and phone numbers were really necessary.
Nothing nice to look at. I don't even like the fact I am reviewing it in some ways. I feel sick.
Why didn't someone engage his talent in a positive way?
I have to also be upset by the school system that didn't give him access, the people more interested in "catching him" than giving Kevin a positive way to use his talent. In another conversation, I learned how a computer science teacher found a kid who had started hacking and he put him in charge of school security. Now he runs security for a major university.
Sure, Kevin bears responsibility for his action, but I think that it is our job as educators to help talented people like Kevin use their talents in positive ways.
So, as I fly to Microsoft headquarters to one of Mitnick's former hideouts and finish up this post on my iPad (ok, I know the irony, it is ok.) I have time to think over this before I hit publish.
I keep seeing the guy on his face in the street.
It is going to be an important and much discussed book in all IT circles, an unpleasant journey but one that is going to attract interest no matter what we do.
UPDATE:
I feel like if I don't write about it someone else will and perhaps deify Mitnick's story. Maybe he will read this post and comment he did change some names and numbers, but here it is. The ugly truth about a book I wish was fiction but if it was, I'd accuse the author of writing sci-fi.
With friends like Kevin Poulson (another former hacker) , Steve Wozniak (author of the foreword of this book) and Leo Laporte, a lot of buzz will circulate about this book whether my 2 cents goes in or not and I bet movies and headlines will hit as people begin to doubt the security procedures of the tech companies who dominate our lives.
- Posted using BlogPress from Vicki's iPad