By Daniel O’Rourke

Within cybersecurity communities, the name Kevin Mitnick is synonymous with hacking, and for very good reason. Mitnick was responsible for some very large hacks over the course of his teen years and twenties. He found himself in and out of prison frequently, and, eventually, went on the run from the United States Federal Bureau of Investigation. The end result was five years in prison for Mitnick, although many contend that the government engaged in some questionable and unconstitutional activity during the tenure of his trial. Many people blame Mitnick’s “nemesis,” the author John Markoff, for this turn of events due to the exaggerations he would publish and the media storm he ended up creating. Additionally, Mitnick’s desire to never hack for financial gain led to a number of ethical questions arising. Was he really a computer terrorist? Or was he, as he claimed himself to be, simply a prankster?

Early Days of Hacking

Mitnick was born in Los Angeles, California, a city he would stay in until he eventually went on the run in 1992. He attended high school and college in Los Angeles, all the while hacking underneath everyone’s noses. Mitnick began this life of hacking systems at the very young age of 12, although his first hack wasn’t through a computer network like we envision hacking today. Rather, it involved him tracking down the building of a nearby bus company. He would then go rooting through their dumpsters and garbage cans until he retrieved unused bus punch-cards. Using this technique repeatedly over the years, Mitnick rode the bus for free without ever paying for a ticket. It was only four years later, once he had turned 16, that Mitnick hacked an actual piece of technology, after being taught a method known as phone phreaking from a friend. One phreaking technique he used involved recreating the series of tones that telecommunications companies use to signal long distance calls, giving Mitnick the ability to call anyone in the world for free. Another method that he used involved calling employees of the phone companies and manipulating them into providing their customers’ personal information. Only a teenager, Mitnick never really had any need for any of this information; he described the whole experience as him simply messing around or performing pranks. For example, around this time he hacked a McDonalds drive-through so that he could speak to the approaching cars, cracking jokes at the drivers from across the street. Indeed, over the years Mitnick never stole any information or attempted to profit off of it, despite the fact that he had access to a multitude of profitable material. If you asked him why, he would tell you that he never really cared about money; for him, it was all just a series of practical jokes.

It was a year later that Mitnick was arrested for the first time. At the age of 17, Mitnick was caught breaking into the Pacific Bell telecommunications company’s COSMOS center. This stands for “Computer System for Mainframe Operations” and served as a database for most phone companies to store all of their recordkeeping information. He and two friends grabbed computer manuals from the building after talking their way past a security guard. They also lifted a list of computer passwords, evidently to help in their phone phreaking efforts. Finally, in what proved to be a very arrogant move, they planted their phone numbers in the rolodex of a nearby desk. The appearance of the phone number is what caused Pacific Bell to grow suspicious and enlist authorities to begin investigating. Mitnick and his friends were eventually caught when a third party, an angry girlfriend, turned them in. Mitnick, still a minor, was sentenced to three months at a Juvenile Detention Center, followed by a year of probation. This arrest would prove to the first of many for the lifelong hacker.

The 1980s

The 1980s were a blur of arrests and releases for Mitnick. The first of these occurred when he was attending the University of Southern California in 1983. He was caught red-handed by campus police using the university computer lab to hack into computers. It was rumored and published by the journalist John Markoff that Mitnick was using these computers to break into NORAD (the North American Defense Command) and the Pentagon computer system. This is an accusation that Mitnick vehemently denies, and claims to be the first of a long list of fabrications that Markoff published. After this arrest, Mitnick stayed out of trouble for a while. It wasn’t until four years later, in 1987, that Mitnick was caught again, this time stealing software from the Santa Cruz Operation, a California software company. On this occasion he was only sentenced to 36 months of probation, the lightest sentence he would receive throughout his life. His final arrest of the 1980s came later that year, in 1987, when Mitnick and a friend launched a series of computer hacking attempts against a software company called Digital Equipment. For months the pair would launch modem attacks against the company’s computer system to gain access to it, their ambition being to obtain their operating system known as “Easynet.” Law enforcement attempted to track the attacks but they were left clueless for months. This was due, in large part, to Mitnick manipulating the telephone network’s routing switches to hide the source of their calls. Eventually, Mitnick’s accomplice grew tired of the constant pranks that he pulled on him and called the FBI to turn him in. He was quickly apprehended and taken to trial, where Digital Equipment controversially claimed that he had cost them millions of dollars in damages, leading to Mitnick spending another year in prison. As part of his parole, he was also required to complete six months in a counseling program, as his predilection towards hacking had been labeled as an “addiction.” Despite the government’s determination to cure Mitnick, this wouldn’t be his last run in with the law.

The 1990s

It was during this tenure in prison that Mitnick was first approached by the journalist John Markoff. Markoff was in the process of writing a book about Mitnick and wanted his collaboration, to which Mitnick bluntly refused. According to Mitnick, Markoff grew furious at his refusal, telling him that he would let secondary sources dictate Mitnick’s story and that he wouldn’t verify their information. Mitnick still wouldn’t budge though, refusing to cooperate if he wasn’t able to profit off of the book. Regardless, Markoff went on to publish his 1991 book, Cyberpunk, in which he labeled Mitnick as the “Dark Side Hacker,” and included a series of allegations that Mitnick claims were blatant lies. Shortly after the book’s release,  Mitnick was let out of prison and appeared determined to change…at least for a while. After being on parole for about two and a half years, two warrants were released for his arrest: one for being in contact with a hacker he knew from his teenage years and another for hacking into a phone company’s computer. The details are hazy around this time, but Mitnick claims that federal agencies were working to entrap him. However, the degree to which this claim is true is difficult to substantiate. Regardless, when the FBI raided his apartment in 1992, he had completely disappeared. Mitnick went underground and would remain on the run from the authorities for the next three years. During this period of time, in 1994, Markoff published another article about Mitnick, which Mitnick claims was full of unsubstantiated lies. Mitnick was horrified, but as he was both a criminal and on the run he was unable to defend himself. 
During his time on the run, the FBI believed that Mitnick was continuously hacking software companies, although they were unable to prove it. The allegedly hacked companies included Motorola, Nokia, Netcom, Supernet, and several other large corporations. Finally, In 1995 the cybersecurity expert Tsutomu Shimomura tracked down Mitnick to an apartment in Raleigh, North Carolina. Federal agents were notified of his location and quickly raided the apartment, capturing Mitnick. Very shortly after this occurred Markoff co-authored a book with Shimomura entitled Takedown: The Pursuit and Capture of America’s Most Wanted Computer Hacker.

Controversy Surrounding Imprisonment

At the time of Mitnick’s arrest, Markoff’s books were read as gospel. Unfortunately, it wouldn’t be public knowledge that these books were full of journalistic improprieties until years later. For example, it wasn’t recorded in Markoff’s second book that he and Shimomura had been friends for years, and had been actively attempting to catch Mitnick committing a crime as early as 1990. The book would have you believe that Shimomura was caught in the crossfire of Mitnick’s hacking efforts, and tracked him down in self-defense. It paints him as a character in the wrong place at the wrong time. In reality, tracking him down was a sort of obsession that consumed a large portion of Markoff and Shimomura’s time. The most damaging aspect of the book was the way that Mitnick was portrayed. Markoff painted a picture of an entirely dangerous and unstable individual, an agent of chaos seeking to cause as much as damage as possible. Unfortunately for Mitnick, the popularity of the book and the false information presented in it would shape the course of his trial. 

Once arrested, Mitnick was placed into solitary confinement for close to a year. This was due in large part to a technical misunderstanding that Markoff had proliferated in the mind of the public: the idea that Mitnick could start a nuclear war by simply having access to a telephone. Throughout his trial, Mitnick was repeatedly pressured to waive many of his constitutional rights. For example, he was only released from solitary confinement when he waived his right to a bail hearing, making him the first defendant in federal history to be refused a bail hearing. Additionally every few months a document would be presented to Mitnick that presented him with two options: waive his right to a speedy trial or go to trial with a defense attorney that was unprepared. Mitnick was forced to waive his rights every time, in a cycle that continued for years. In hindsight, the allegations made by the prosecution were inflamed and largely unsubstantiated, pulled mostly from Markoff’s writing. Nonetheless, the media circulated the allegations as the hype around the trial grew. A picture was painted in the nation’s mind of Mitnick as a criminal and extremely dangerous individual. When it came to actual damages, many companies estimated that he had cost them hundreds of millions of dollars. However, none were ever asked to justify these estimations, and none reported the apparent losses to the SEC. Based on these estimations, and inflated by the belief that he was a danger to national security, Mitnick was sentenced to a little more than five years in prison. At this point though, four and a half of the years were served before the trial. Thus, Mitnick was sentenced in 1999 and only had to serve eight more months in prison.

Many believe that Mitnick was treated extremely unfairly. At this point in time, when you look back at the list of abuses he faced, this is easy to see. For example, one needs only factor in the fact that Mitnick never damaged or destroyed any data, and never sold any of the software he pilfered. In that context, it’s hard to see how he would have possibly caused hundreds of millions of dollars in damage to any company. A lack of technological knowledge in the public and the media appears to be the real reason behind Mitnick’s mistreatment. In fact, it seems that the United States government was as caught up in the media hype as the public was. Federal officials had apparently instructed prosecuting attorneys to never provide any personal information during the trial in case Mitnick decided to “target them” afterwards. This suggested Markoff had the inclination and ability to destroy the lives of anyone who spited him.

At the end of the day the issue comes down to contrasting labels. Markoff, Shimomura, and the United States government had Mitnick clearly labeled as a “computer terrorist.” However, Mitnick’s own claims, and those of the supporting hacking community, instead depict him as a “computer prankster.” Indeed, when he began his efforts his activities weren’t really illegal. However, his repeated indifference to changing laws is what the government claims truly led to his extreme sentence. When asked, the U.S. attorney’s office stated that he had shown indifference to the law too many times and, due to that simple fact, his sentencing was more than fair. Mitnick’s undecided categorization as either a terrorist or prankster remains a point of contention; although, as time has gone on and several books have been released in his defense, public opinion has mostly rallied behind him.

Life Since Prison

Despite the controversy surrounding his arrest, Mitnick ended up doing very well for himself. After his five year tenure in prison, Mitnick was resolved to turn over a new leaf; however, he would need to wait another three years before he was allowed to operate any device related to technological communication. At the end of that period of time he decided to make the transition from black-hat to white-hat hacker. Since he had been labeled as a national security threat, he decided that the best path to redemption was in helping the companies he had once hacked; Thus, he decided to start a security consulting firm, Mitnick Security Consulting LLC. He is also a part-owner of KnowBe4, a company dedicated to providing security awareness training to different companies around the world. Most notably, and despite his many trials and tribulations, Mitnick’s sense of humor remained intact; the business card he uses to this day includes two detachable, functional lockpicks.

References

Mitnick, K. (2012). Ghost in the Wires: My Adventures as the World’s Most Talented Hacker. Boston: Back Bay Books. 

Markoff, J., and Shimomura, T. (1996). Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw. New York City: Voice. 

Greene, T. (2003). Chapter One: Kevin Mitnick’s Story. The Register. [online]. Available at  https://www.theregister.co.uk/2003/01/13/chapter_one_kevin_mitnicks_story/

Long, T. (2012). Feb. 15, 1995: Mitnick Arrested. WIRED. [online]. Available at https://www.wired.com/2012/02/feb-15-1995-mitnick-arrested/