Having just completed “Introduction to Technology” at the University of Arizona taught by Trevor Smith, my senses are on high alert when I see anything related to technology. So when I was channel surfing and came across Kevin Mitnick on BookTV, I paused to listen. He is promoting Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (Little, Brown & Company, 2011) and, as part of his lecture, he demonstrated some of the more pedestrian techniques he used to gather information. Thanks to Trevor, I knew basically what he was talking about, even when he used “words” like RFID, FTP, etc.
Kevin spent most of his late teens, 20s and 30s hacking into systems to view source code, accessing networks and reading private e-mails, obtaining passwords without permission, and making free calls. He was apprehended the first time in 1988 and spent 12 months in prison; near the end of his probation, he hacked into the Pacific Bell voice mail computers and a warrant was issued for his arrest. Kevin was a fugitive for 2.5 years and, when finally apprehended in 1995, he was sentenced to 5 years in prison. For 8 months he was placed in solitary confinement because, according to Kevin, law enforcement thought he could “start a nuclear war by whistling into the phone.” Since his release, he has run Mitnick Security Consulting, a computer security consulting company, testified before Congress about hacking and advised the FBI.
There are several aspects to his stories that I find very interesting:
1) when he was in high school, he became obsessed with the inner workings of the telephone company’s switches and circuits, a hobby know as “phone phreaking”, popular during the 50s, 60s and 70s. Practitioners spent a lot of time trying to figure out how the phone system worked, including Steve Jobs and Steve Wozniak. It is clear that, like them, Kevin was bright, loved the thrill of discovery and was very persistent – I wonder what he might have accomplished if he had channeled his energies into computer hardware or software development?
2) Kevin took the term “social engineering” that had been associated with the social sciences and applied it to computer sciences. It is commonly understood to mean “the art of manipulating people into performing actions or divulging confidential information” (Social Engineering, Wikipedia, retrieved 12/20/11) and Kevin used it brilliantly, getting people to share passwords and other information that should have remained confidential. His success is one of the reasons we are constantly admonished to be careful when asked to share personal information.
3) during his presentation, he stated several times that he was only interested in the thrill of the chase, not in destroying computer systems, stealing secrets for financial gain or to exact revenge. For example, he had many opportunities to steal credit card numbers and ignored them – he was looking for computer code so that he could understand how a particular system worked or gaining access to win a bet. He spent time in prison with former Wall Street trader Ivan Boesky and told him “I didn’t do it for the money; I did it for the entertainment” (Biersdorfer, 2011).
Kevin is an “old-school” hacker now using his considerable knowledge, experience and expertise to help protect us from folks whose motivations are not as benign as his. Class begins on January 11 and I am taking Ethics for Library and Informational Professionals. I am sure that we will have many lively discussions regarding the use of technology within that setting. Who knows - maybe even Kevin's name will come up!
If this topic is interesting to you, in addition to Kevin’s book, you might want to check out Phil Lapsley’s website, The History of Phone Phreaking.
No comments:
Post a Comment