Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick with William L. Simon
Kevin Mitnick is a man obsessed with other people’s information. In this autobiography, he details how he became the world’s most wanted hacker, breaking in to corporation after corporation, just because he could. He would steal source code, email and other software, setting himself up to make free phone calls on masked phones to cover his tracks. Why? He never used any of the things he stole to actually make money. He did use his vast telephone system knowledge to rig radio phone contests so he would win. But, all he did with the valuable things he stole was stash copies in various places on the Internet. Most of the time, he didn’t even use the software. Occasionally, he would study it to see how he could exploit it for the next target. It was obvious throughout the book, Mitnick is mystified why others consider this a crime. In his mind, no harm was done other than to show companies the vulnerability of their security from someone who truly would steal it. Now, out of prison, he make incredible money ‘legally’ hacking into companies as a security consultant, having leveraged his fame into a lucrative business.
There are those who agree with Mitnick. I am not one of those. I do agree the government, in his prosecution, went way beyond the mark and strayed into illegalities. He was held without a bond hearing, just because (according to Mitnick) she had decided beforehand there was no way she would grant his release. He was barred from seeing the evidence against him because the information was all electronic and the court was afraid to even let him look at a computer, believing he could somehow hack systems without touching a computer. He was denied the use of a telephone because they believed he could “whistle into the phone can launch a nuclear missile strike from jail.” Granted, he could manipulate the phones to do amazing things, but launch missiles from systems not even connected to phones? Really? Do your homework, people.
What scared me the most was Mitnick’s accounts of how he would social engineer the information. Social engineering is getting people to give you information that can be used to gain access. He would call up someone in a targeted company and say, “This is Frank over in engineering. We are doing an audit of the passwords on the VMX system. We have your pin code as 1234. Is that correct?” More often than not, the person would reply, “No. it is 4854.” Duh… I would like to think most people wouldn’t fall for that, but they did time after time. This is a real problem for corporations even today. People try to be helpful and end up giving away information that is then used to hack into the computer systems. Mitnick’s greatest contribution by writing this book is to show just how easy it is. Perhaps knowing this account will make me more aware of the attempts that happen on a daily basis all over the world. Any little tidbit of information is useful to a hacker, who often piece together enough innocuous pieces of information over time to create the entire picture. Minick, hero or villain, at least showed me that much.