"Hackers, Phrackers, and Crackers"
The true story of Kevin Mitnick - World famous Computer Hacker
By: J. R. Minor
You could almost write a new dictionary on the terms used these days to represent a new
generation of computer crimes. The word "Hacker" is the most commonly used to describe
an individual who is an avid computer-savy enthusiast, capable of manipulating a remote
computer. "Phracker", a term given to "phone freaks", who have, and use, the knowledge to
make unauthorized long distance phone calls using a variety of methods such as cards, codes,
and tones. Last but not least, "Cracker" is a breed of both hacker and phracker, with the
skills to break the access codes to sensitive corporate, and government networks.
The following is a compilation of a true computer crime case about a real individual,
Kevin D. Mitnick. One of which could read like a John Grisham spy novel...
Kevin D. Mitnick
Age 31: AKA "Condor"
Kevin began his computer escapades at an early age when he joined a small group of local
hackers in the suburbs of Los Angeles Ca. He demonstrated his skills to piers by breaking into
the Monroe High School computer and altering the grade point averages. His legal troubles
began when he hacked into the North American Air Defense computer system in Colorado at
age 17... the year was 1981. Shortly after, he had advanced into phone phreaking with an
insatiable appetite for telephone switching equipment. To obtain the classified information
he needed on the telephone switching computers, Mitnick broke into the corporate offices
of Pacific Bell and obtained computer manuals, and software, on the COSMOS and MicroPort
computer systems. Because of his young age, he had avoided sentencing this time.
Advancing his skills into the late 1980's, Mitnick evaded authorities until 1989.
FBI agents were collecting evidence that Mitnick and a friend named DiCicco, had stolen
highly secret software programs, and research manuals, from Digital Equipment Corp.
Also mentioned were 17 internal access codes owned by MCI long distance network systems.
Mitnick and DiCicco were arrested, and The U.S. Magistrate in LA ordered Mitnick held without
bail, stating that "when armed with a keyboard, he posed a threat to the community".
The assistant U.S. Attorney said "This person is very dangerous, and needs to be kept away
from a computer". Detective James K. Black, head of the L A Police department's computer
crime unit said of Mitnick "He is several levels above what you would characterize as a
computer hacker"
Now at age 25, Mitnick was sentenced to one year in a minimum security facility by judge
Mariana R. Pfaelzer of the U. S. District Court in Los Angeles Ca. DiCicco had turned witness
against him... the year was 1989. Judge Pfaelzer also ordered Mitnick to regularly attend
rehabilitation sessions, relating his addiction to computer break-ins to that of a substance
abuser. Federal prosecutors also obtained a court order restricting Mitnick's phone privileges
while in jail, for fear that he might get access to an outside computer. Harriet Rosetto, the
director of the rehabilitation facility said "hacking gives Kevin a sense of self-esteem that he
doesn't get in the real world, there was no greed or sabotage involved... He's like a big kid
playing Dungeons and Dragons".
One year later, Mitnick was released from the facility and assigned a probation officer.
Reportably, strange things began to happen... The probation officer's phone was suddenly
disconnected, and the phone company having no record of it. A judge's credit record at
TRW inc. was unexplainably altered. Records of Mitnick's arrest and conviction could not
be found on the Court's computers at Santa Cruz Ca. Mitnick jumped his probation and fled
the country to visit hacker friends in Israel... Once again, a man in trouble.
Returning to the U.S., FBI agents obtained a search warrant and closed in on his Calabasas
Ca. residence in September of 1992. Mitnick was suspected of violating his probation, and
hacking into the computers of the California Dept. of Motor Vehicles. Authorities also
believed that he was responsible for a cracking an Army computer system, and gaining
access to FBI records, another incident that coincided with Mitnick's technique. By November
of 1992, Kevin Mitnick had disappeared from the face of the earth... again, a wanted man by
federal authorities. Leaving a trail of clues close behind him for the next two years, the FBI
believed that Mitnick had simply created a series of false identities. Armed with his knowledge
and skills at cracking computer systems, this would be an easy task.
Bits of his presence began to emerge again in mid 1994 when Motorola's Cellular Division
reported that copies of their cellular control software had been taken from a breached
computer system. Dan Farmer, creator of the dreaded "SATAN" software program that
searches for weaknesses in network computers, said that someone had broken into his
computer system and stolen an early un-released version of the software. Techniques
of the break-in were typical of Kevin Mitnick.
On December 25th, Christmas Day, 1994, The news traveled fast to Tsutomu
Shimomura, a security expert at the National Supercomputer Center in San Diego Ca.,
who was vacationing in Nevada at the time. His personal computer system, linked via the
internet, to the Supercomputer Center, had been altered. How could this have happened
to one of the country's top experts on computer security?... the shame of it all!.
Shimomura's personal voice mailbox was also compromised on Dec. 27th, and an
erie disguised voice said "Damn you! My technique is the best... Don't you know who
I am?... Me and my friends... We'll kill you!". Almost sounding as if there were
two people on the voice message, another voice said "OK boss, your kung-fu pretty
good!" poking fun at Shimomura's nationality.
Newspapers worldwide were filled with stories of the newly discovered flaw in Internet
security called " Protocol Spoofing". Once Shimomura discovered how the intruder had
broken in, he immediately notified others of the technique. The intruder, (Kevin Mitnick,
of course) had first cracked a "trusted" computer at the Layola University of Chicago.
"Trusted" means that this particular computer was authorized to access files from
Shimomura's computer in California. File transfer commands were sent out from the
"trusted" source to access hundreds of highly secretive security software files from
Shimomura's computer. Once this had taken place, Mitnick moved the files into a
dormant account at "The Well", a large internet provider for the San Francisco Bay
Area in California. Also taken, and stored in "The Well" account, were 20,000 +
credit card accounts of NetCom, Inc., many belonging to silicon valley millionaires.
A systems operator at "The Well", on January 27th, 1995, noticed an unusually
large amount of data in an account that was normally almost empty. Bruce Koball,
a programmer for the Freedom and Privacy Group, one of the account's owners, was
contacted to inspect the contents of the data. Koball was shocked to find
Shimomura's files, and contacted him shortly after discovering the data.
Federal authorities were contacted when the credit card accounts were discovered,
and Shimomura was ready for revenge. The FBI's data base came up with a list of
possible suspects, but Kevin D. Mitnick was one of a few at the top. Since the break-
in had seemed to be only a "Power Play", and not for financial gain, the FBI began to
suspect Mitnick over others on the list. One of Mitnick's "rules of thumb" was never
to keep incriminating data on his own machine. Another clue that made Mitnick a
suspect, was the Cellular phone control software files, also found in the account.
Shimomura, personally insulted, and his reputation injured, began to set a trap for the
prowler. First, the intruder's voice was posted as a sound file on the internet for all to
hear... Shimonura knew that by intimidating him, his ego would finally bring him out into
the open. Next, a 24 hour monitoring computer was set up to record any unusual
activity at "The Well". Armed with a team of Federal authorities from the FBI and
National Security Agency, Shimomura would patiently watch as the bandit returned
again and again across the screen. The trap had worked and the bait was taken.
Another altered voice mail message was left on Shimomura's mailbox mockingly
saying... "Ah Tsutomu, my learned disciple, I see that you put my voice on the Net...
I am very disappointed my son...".
Carefully tracing each attack, Shimomura and his team of experts along with
Kent Walker, the U.S. Assistant District Attorney from San Francisco, obtained
subpoenas to wiretap calls. The intruder seemed to be in Colorado, but with skills
of this type it was hard to tell. As experts watched each break-in, it became clear
that the security of NetCom and "The Well" had seriously been compromised.
"The Well" has since updated it's server to a new Sun SPARC 100E because of
the incident.
By Feburary 14th, 1995, authorities had traced their suspect to Raleigh, North
Carolina. With the assistance of Sprint Cellular technicians armed with cellular
frequency monitors, a signal was traced to an apartment building at Players
Court near the Raleigh Durham airport. A Federal warrant was obtained for
it's resident... an alias of course... but still, Kevin D. Mitnick.
Mitnick was now a victim of his own ego. He was already wanted in California
from previous charges of breaking into the California Dept. of Motor Vehicles
computer systems. Surrendering peacefully to FBI agents in the middle of the
night, Mitnick was arrested on Feburary 15th, 1995. His computers, software,
books, notes, and cellular phone equipment, all seized for evidence.
Authorities awed in amazement as they uncovered the methods in which Mitnick
had slipped through their systems. A cellular modem was used to dial into a
Sprint Cellular site on the reverse channels, these are the channels usually
reserved for mobile to base communications. Mitnick then dialed into a GTE
switching office and re-routed his call to Colorado where he dialed into a
NetCom internet connection. This made tracing the calls almost impossible
to even to best of experts in the field. On the internet, Mitnick could then
connect to thousands of computer networks world wide.
As Shimonura and Mitnick met for the first time in a Raleigh North Carolina
Federal Courtroom, Mitnick looked at Shimomura and said "Hello Tsutomu,
I respect your skills", to which Shimomura reluctantly nodded his head.
At the Fifth Conference on Computers, Freedom, and Privacy, held on
March 28th, 1995, in Burlingame, Ca., Kevin Mitnick was a hot topic in
discussions on high level network security. Chairman Carey Heckman
said "Mitnick has created a Sputnik like urgency for higher computer
security. Comparing Mitnick's break-ins, and lack of better security, to
the Russians beating the U.S. in the 1958 space race with the Sputnik satellite.
Once called a "Computer Terrorist" by the Dept. of Justice, Mitnick has
been the subject of several books, articles, and movies including War
Games, and Hollywood's latest "Johnny Mnemonic".
On July 10th, 1995, Kevin Mitnick was to be tried on a 23 count
Federal Indictment charging him with crimes such as wire fraud, computer
fraud, cellular phone fraud, and using illegal telephone access devices to
divert toll costs. Already wanted for previously violating his probation,
Mitnick's violations included other charges covering six jurisdictions, and
facing a maximum of 20 years for each of the 23 counts.
John Dusenbury, Mitnick's public defender, has plea bargained an
agreement that may well save his neck for the time being. Signed in the
last week in June, 1995, the plea bargain agrees to charge Mitnick with
possession and use of 15 illegal access numbers to gain access to high
level computers. In turn, federal prosecutors will drop the other 22 counts,
and reduce the actual jail sentence to approximately 8 months. Ironically, the
worlds most famous hacker, phracker, and cracker, could be out of jail by
Christmas day, 1995...
- Copyright - 1995 - INTERZINE - by: J.R. Minor -
|