Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (60 page)

Read Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker Online

Authors: Kevin Mitnick,Steve Wozniak,William L. Simon

Tags: #BIO015000

BOOK: Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
7.46Mb size Format: txt, pdf, ePub

One of Sprint’s attorneys challenged my testimony: “Mr. Mitnick is a social engineer, lying was part of his stock-in-trade, and you can’t believe anything he says.” Not only did he absolutely deny that Sprint had been hacked or could be hacked in the future, but he pointed out that I’d literally written “the book on lying”:
The Art of Deception
(about which, more in a moment).

One of the PUC staffers confronted me, saying, “You have offered all these claims but haven’t offered a shred of evidence. Do you have any way of proving Sprint can be hacked?”

It was a long shot, but there was just a chance I might be able to prove it. During the lunch break, I went to a storage locker I had opened while in Las Vegas just before going on the run. It was crammed with cell phones, chips, printouts, floppy disks, and more—stuff I couldn’t take with me but didn’t want to lose and couldn’t risk leaving at my mom’s or Gram’s, where the Feds might show up with a search warrant and find it all.

Incredibly, in that big pileup of old goods, I found what I was looking for: a sheet of paper, by now tattered, dog-eared, and dusty, containing the CALRS Seed List. On my way back to the hearing room, I stopped at a Kinko’s and had enough copies made for the commissioner, lawyers, clerk, and staff.

Kevin Poulsen, who by this time had become a highly respected technology reporter, had flown to Las Vegas to cover the hearing as a journalist. Here is what he wrote about my return to the witness stand:

“If the system is still in place, and they haven’t changed the seed list, you could use this to get access to CALRS,” Mitnick testified. “The system would allow you to wiretap a line, or seize dial tone.”

Mitnick’s return to the hearing room with the list generated a flurry of activity at Sprint’s table; Ann Pongracz, the company’s general counsel, and another Sprint employee strode quickly from the room—Pongracz already dialing on a cell phone while she walked.

 

The fact that the two Sprint people were ashen-faced as they rushed out of the room made the situation clear enough: Sprint was probably still using the same CALRS devices, programmed with the identical Seed List, and Pongracz and her colleague must have recognized that I
could hack into CALRS anytime I liked and gain the power to wiretap any phone in Las Vegas.

Though I was vindicated, Eddie didn’t fare as well. Proving that Sprint could be hacked wasn’t the same as proving that the Mob or anybody else had actually done any hacking to reroute Eddie’s flow of calls and steal business from him. Eddie was left empty-handed.

In the fall of 2001, a whole new chapter started in my life when I was introduced to literary agent David Fugate. David thought my story was extraordinary. He quickly contacted John Wiley & Sons and proposed that I author a book on social engineering to help businesses and consumers alike protect themselves against the kinds of attacks I had been so successful at carrying out. Wiley showed enthusiasm for the deal, and David recommended a seasoned coauthor named Bill Simon to work with me in developing the book, which came to be called
The Art of Deception
.

For most people, landing an agent, a credited coauthor, and a legitimate publishing deal is the most difficult part of getting a book published. For me, the question was: how could I write a book without a computer?

I looked at the stand-alone word processors everybody used before the introduction of personal computers. Since they weren’t even able to communicate with other computers, I thought I had a pretty solid argument. So I presented it to my Probation Officer.

His answer was completely unexpected.

He dismissed the word-processor idea and told me I could use a laptop computer, so long as I didn’t access the Internet and promised to keep it secret from the media!

While Bill and I were writing our book, Eric Corley released
Freedom Downtime
, the documentary about the “Free Kevin” movement. It went a long way toward counteracting the gross inaccuracies of
Takedown
. It even contained footage in which John Markoff admitted that his single source for claiming I’d hacked into NORAD was a convicted phone phreak known for spreading false rumors.

When it came out,
The Art of Deception
quickly became an international bestseller, published in eighteen foreign editions. Even today, years
later, it’s still one of Amazon’s most popular hacking books, and is on the required reading list in computer courses at a number of universities.

Around February 2003, I was unexpectedly invited to Poland to promote the book. At my first stop in Warsaw, my host offered four security guys in suits with Secret Service–type headsets to handle security. I laughed, thinking it was ridiculous. Surely I didn’t need security.

They escorted me through the back of the building into a huge shopping mall. The chatter got louder and louder until we walked out into the mall, where hundreds of fans were pressed up against a rope. When they saw me, they tried to push forward, and the security staff had to hold them back.

Thinking they must have mistaken me for some international celebrity, I started looking around for the star myself. But amazingly enough, the crowd really was there for
me
.

My book had become the number-one bestselling book in the entire country, even beating out a new book by Pope John Paul II. One local offered an explanation: in ex-Communist Poland, if you beat the system, you were considered a hero!

After a lifetime of hacking, always working either alone or with one partner, with the main goals of learning more about how computer systems and telecommunication systems worked and being successful at hacking into anything, I was being mobbed like a rock star. It was the last thing I’d ever expected.

One of the most personally meaningful memories of this time, however, was when the book tour took me to New York and I finally got to meet the
2600
supporters who had cheered me through some of my darkest hours via the “Free Kevin” movement. When I was on my rough ride through the criminal justice system, it meant the world to me that there was an army of people working tirelessly to support me. It gave me more hope and courage than they could ever know. I can never express the true depth of my gratitude to these wonderful people.

One of the landmark moments in my life after prison had to be the day when I was finally allowed to use computers again,
eight years
after I was first arrested. It was a festive day filled with family and friends from all over the world.

A live cable TV show called
The Screen Savers
, with Leo Laporte and Patrick Norton, asked to televise my first interaction with the Internet.

On the show with me were Eric Corley, who had headed up the “Free Kevin” movement and repeatedly proved himself to be my staunchest supporter, and Steve Wozniak, cofounder of Apple, who had become one of my closest friends. They both came on to “help” me navigate online after so many years away.

As a surprise, the Woz presented me with a brand-new Apple PowerBook G4 wrapped in paper covered with a funny cartoon of a guy trying to reach a computer with a stick through the bars of his jail cell. In many ways, getting that laptop from the father of the personal computer was the moment I knew my life was finally starting to turn around.

It has now been eleven years since I walked out of prison. I’ve built a consulting practice that provides a steady flow of business. It has taken me to every part of the United States and every continent except Antarctica.

My work today is, to me, nothing short of a miracle. Try to name some illegal activity that, with permission, can be carried out legitimately and benefit everyone. Only one comes to mind: ethical hacking.

I went to prison for my hacking. Now people hire me to do the same things I went to prison for, but in a legal and beneficial way.

I would never have expected it, but in the years since my release, I’ve served as a keynote speaker at countless industry events and corporate meetings, written for the
Harvard Business Review
, and addressed students and faculty at the Harvard Law School. Whenever some hacker makes the news, I’m asked to comment on Fox, CNN, or other news media. I’ve appeared on
60 Minutes, Good Morning America
, and many, many other programs. I’ve even been hired by government agencies like the FAA, the Social Security Administration, and—despite my criminal history—an FBI organization, InfraGard.

People often ask if I’ve completely kicked the hacking habit.

Often I still keep hackers’ hours—up late, eating breakfast when everyone else has already finished lunch, busy on my computer until three or four in the morning.

And I am hacking again… but in a different way. For Mitnick Security Consulting LLC, I do ethical hacking—using my hacking skills to test companies’ security defenses by identifying weaknesses in their
physical, technical, and human-based security controls so they can shore up their defenses before the bad guys exploit them. I do this for companies around the globe, and have been giving some fifteen to twenty corporate keynotes a year. My firm also vets security products for companies before new items are released to the market, to see if they live up to the claims being made for them. My company also provides security awareness training primarily focusing on mitigating the threat of social-engineering attacks.

What I do now fuels the same passion for hacking I felt during all those years of unauthorized access. The difference can be summed up in one word:
authorization
.

I don’t need authorization to get in.

It’s the word that instantly transforms me from the World’s Most Wanted Hacker to one of the Most Wanted Security Experts in the world. Just like magic.

ACKNOWLEDGMENTS
 

From Kevin Mitnick

 

This book is dedicated to my loving mother, Shelly Jaffe, and my grandmother Reba Vartanian, who both sacrificed a great deal for me all my life. No matter what situation I got myself into, my mom and Gram were always there for me, especially in my times of need. This book would not have been possible without my wonderful family, who have given me so much unconditional love and support throughout my life. I am so fortunate to have been raised by such a loving and dedicated mother, whom I also consider my best friend. My mom is such an amazing person. She would give the shirt off her back to help out another person who needed it. My mom truly cares about other people, even to the point of sacrificing her own self-interest much of the time. My Gram is another truly amazing person. She taught me the value of hard work and preparing for the future, by teaching me proper money management like saving for a rainy day. For my entire life, she has been like a second mom to me, giving me so much love and support, and always being there for me regardless of my mischievous adventures.

In December 2008, my mom was diagnosed with lung cancer and has been suffering greatly from the effects of chemotherapy and the illness itself. I didn’t realize how much time I had wasted being away from my mom until this tragedy happened. As caring and compassionate people, both my mom and Gram taught me the principles of caring about others and lending a helping hand to the less fortunate. And so, by imitating their pattern of giving and caring, I, in a sense, follow the paths of their lives. I hope they’ll forgive me for dedicating so much time to writing this book, passing up chances to play cards or watch videos with
them because of work and deadlines to meet. I still feel deep regret for all the stress, nervousness, and aggravation I caused them while I was involved with my hacking adventures and the aftermath following my arrest. Now that I’ve turned my life around and continue to make positive contributions to the world, I hope this book will bring much happiness to my mother’s and grandmother’s hearts and erase some of the memories of the negative experiences described in these pages.

How I wish my dad, Alan Mitnick, and my half brother, Adam Mitnick, would have lived long enough to break open a bottle of champagne with me on the day my memoir appears in the bookstores. Although my dad and I had a difficult time living together as father and son, we had lots of great times, too, especially taking his boat out for fishing trips in and around the Channel Islands in Oxnard, California. More important, my dad provided me with love and respect and gave me a great deal of support while I was riding the rough road through the Federal criminal justice system. He joined other volunteers from
2600
magazine when they picketed several Federal courthouses to protest the government’s handling of my case. A few weeks before I was released from custody, he suffered a mild heart attack. Tragically, his health rapidly deteriorated after he acquired a serious staph infection during his surgery and then turned out to have lung cancer, as well. He passed away a year and a half after I was released. I didn’t realize how much time I had lost with my father until he wasn’t around anymore.

My aunt Chickie Leventhal has always been there for me, especially when I really needed her most. When FBI agents searched my apartment in Calabasas in late 1992 while I was working for Teltec Investigations, she contacted a close attorney friend of hers, John Yzurdiaga, who generously provided legal advice and eventually represented me pro bono, along with his partner Richard Steingard. Whenever I need advice or a place to stay in Manhattan Beach, she is always there offering her love and support. I cannot forget her longtime boyfriend, Dr. Bob Berkowitz, who has been like an uncle to me, always willing to talk with me whenever I need advice.

Other books

3 Mango Bay by Bill Myers
Slightly Settled by Wendy Markham
Marrow Island by Alexis M. Smith
Mortal Sin by Laurie Breton
The Emerald Duchess by Barbara Hazard