I, Mitnick

After a Year in Solitary Confinement, the World’s Greatest Hacker Has a Lot to Say

So maybe you were not a great hacker in the strict sense? I don't think I was the best hacker in the world. If I had been, I wouldn't have been caught. There are people out there who have been hacking as long as I was and were never caught. I know of one, I know him by his code name only, who has technical skills far superior to mine and he's never been caught. If it's a him; it might be a her.

Did Internet security improve after they got on to you and other hackers? With Digital Equipment, I was in their network for eight years, and their security improved but it didn't improve to the point they could keep me out. The problem with any big corporation is there's an outside threat and an inside threat and the inside is much more onerous. The insider knows the operation, knows the passwords, might have physical access and knows the vulnerabilities.

Did you ever use physical access to hack a system? I was at a DECUS (Digital Equipment Computer Users Society) convention years ago, I must have been in my teens or maybe twenties. A guy from Massachusetts offered $300 if anybody could break into his system. My friend and I, we breached it. There was a flimsy lock to reboot, we picked the lock with a paper clip, and when the guy came back his jaw dropped. He had to pay us. Also at a university I used physical access.

What about last week's DoS attacks? Do they have anything to do with your type of work? It's apples and oranges. A DoS attack is analogous to crashing a system. In all my hacking, I never crashed a system or damaged a computer. That's just being destructive. In fact, I don't consider the people behind the DoS attacks to be hackers. A hacker is a computer enthusiast who intensely enjoys the thrill and challenge of circumventing security. These are just people who used a computer to commit a crime. Hacking is pretty simple nowadays because of the scripts available to exploit vulnerabilities.

Based on your experiences, what do you think will happen if they catch the culprits? They'll be in for a rude awakening.

Do you think hacking should be a crime, or is it the best way to explore the potential and vulnerabilities of the Internet? Is hacking a public service? I don't think I'd go that far. I think these companies I hacked were extremely fortunate it wasn't somebody from a foreign company or competitor who hacked them. I had the potential to cause them extraordinary harm. Company executives probably had a lot of sleepless nights over me. The problem is the Internet, and Arpanet before it, was designed for a group of university and Department of Defense people who wanted to work on projects. It was all about sharing information. The protocols were not for security. Now they're trying to build security tools on this weak foundation. They should build new protocols for a strong foundation.

How did the other inmates at Lompoc respond to you? They certainly wanted my knowledge, and I dare say they wouldn't be using it for the benefit of society. Especially the credit cards. When I left Lompoc, quite a few gave me their address and number, but most I left in the garbage can.

How do you feel about your newfound fame? The reality hasn't hit me yet. You should see the e-mails I get. There's this system, can you tell me how to get in? Can you teach me how to hack? That's one thing the government can't stop me from doing, write a book on how to hack. Not Son of Sam or any other law would apply. What's barred is discussing my unauthorized criminal conduct. I'd also want to write about how to prevent it from happening to you. It's still wrong.

What everyone wants to know is, will you hack again? Yeah, if I'm getting paid for it. You know now they're hiring these tiger teams to go in and test systems and if they're able to plug upholes, and it's legal. I'd have to consider it under a cost-benefit analysis. In the last round, I was doing it for fun. But I wasn't raised to be a cyberthief.

« Previous Page