I, Mitnick

After a Year in Solitary Confinement, the World’s Greatest Hacker Has a Lot to Say

Kevin Mitnick, our nation's most famous hacker, is dressed in black drawstring pants and a 2600 Hacker T-shirt. We're talking a month after his five-year stay in the federal prison system. He was hit with a 25-count indictment charging him with hacking all across the U.S.A: He allegedly used Pacific Bell equipment to conduct illegal wiretaps, and copied source code from Motorola, Sun Microsystems Inc., NEC Corporation, and Novell, among many others. Now Mitnick's probation officer bars him from interacting with the electronic world, and for the next three years he can't even touch a 7-Eleven cash register.

What other conditions did the court impose on your release? I can't buy an organizer. I am restricted from using any computer with a modem, any TV with Internet access, or any device that might come out in the future. I have to live as if I was part of the Amish, and these restrictions even impinge on my freedom of speech: I can't advise any individual or group that is engaged in computer related activities.

Why were you reined in so tightly? The U.S. Attorney said I tampered with the records of a prior judge, erased a misdemeanor conviction from Santa Cruz, and hacked Security Pacific Bank. I did not do that.

I've heard that they put you in solitary confinement. Yeah, the Bureau of Prisons decided the only place they could put me was in the hole. I was under the same conditions as if I killed a prison guard or another inmate. The hole was a small little room, ten by six.

When was the last time you were on the Internet, and how drastically has it changed? The last time I was on the Internet was in February of 1995. I miss it. I want to get back and see all the new things now that e-commerce has boomed and it's become a tool for the exercise of freedom of expression. Technology certainly has advanced. Before I went in, the browser was Mosaic 1.0.

Several Fortune 500 companies have said they'd jump at the chance of hiring you for computer security. Would you be interested? They haven't made me any offers. I'd be good at it. I'm a natural in the field of circumventing computer security.

John Markoff, the New York Times writer who first covered you and wrote a book about your capture, has been quoted as saying that you don't appear to be accepting responsibility for your actions. Do you think you did anything wrong? What I really was, was a computer snoop. I accessed proprietary codes and I trespassed on other people's computers. It was a despicable invasion of privacy, but I don't believe it rises to the level of fraud.

Then why did you plead guilty to fraud and admit to inflicting $5 to $10 million in damages? U.S. District Court Judge Mariana Pfaelzer denied me bail. It was very clear to me in her court I didn't have the presumption of innocence. I believe I caused some loss, less than $250,000 for labor to restore computer systems and the long-distance cell charges I used to mask my location. The $5 to $10 million was a legal fiction. In the plea bargain, they came up with the number of months they wanted me to serve in prison and then picked the number from the guidelines for that amount of time, basically so they could use it for publicity value. They wanted to scare the heebie-jeebies out of other computer hackers, they're also screaming for more money for their computer crime budgets; this is ample justification. If the government succeeded in creating the cyber bogeyman they could convince the public to give up more rights to privacy in exchange for protecting them against people like me.

That's an interesting theory, but can we switch gears for a minute? I'd like to know why you hacked in the first place. I did it for the thrill, curiosity, knowledge, but mostly the intellectual challenge, like climbing Mount Everest. I've never engaged in any hacking activities for profit or harm. I knew it was wrong at the time, but I justified it in my mind because I just really enjoyed it. It's fascinating. You feel like you're in a Star Trek show. I don't like to use the word addicting, but you get so focused hours could pass.

Did you go after the sites with the toughest security? Yeah, to get into a system that's not protected is no challenge. If all the companies didn't have passwords, there would be no hacking. What would be the challenge? That's what they did at MIT: Onesystem's AI never had passwords and they never had hacking.

Some people have said you were not a great hacker, but rather broke into systems by "social engineering," like talking people out of their passwords, etcetera. Is that true? It depended on my objective. If I wanted to remain in a system stealthily, I would use a technical attack or very careful social engineering so it would never dawn on the person why I asked about their system. Let's say I wanted all of a system's modem numbers. I would call accounts payable and say I needed to check my billings; the computer department would never be clued in because accounts payable and computer information would be autonomous. Lying over the phone, coming up with ruses—private investigators use these techniques all the time; they call it gagging.

Next Page »