Kevin Mitnick, the world’s most infamous hacker, denies malicious intent behind his exploits, like NORAD whistleblower myths and $300M damage claims tied to stolen source code, instead framing hacking as a skill akin to lock-picking. His four-year pretrial detention—without computer access—highlighted legal overreach, while he now consults on security despite supervised release restrictions barring hands-on work. Mitnick’s upcoming book, The Art of Deception, focuses on social engineering risks, proving his shift from mischief to ethical defense. Though skeptical of AI self-awareness, he acknowledges future possibilities, underscoring how human vulnerabilities remain the weakest link in cybersecurity. [Automatically generated summary]
Do you think perhaps somewhere down in the bowels of the ship, you can imagine sort of creaky pipes and chains hanging around and dripping?
You know, no, of course we're not keeping them alive.
As a matter of fact, I understand that we are treating them as prisoners of war, including Walker.
However, are we above sending in guys in suits who will land in choppers on that ship who will privately ask them a lot of questions with prejudice?
I think not.
I think we're probably going to do that.
We'll learn a lot.
Al-Qaeda captives revolted on a bus en route to a jail Wednesday, killed their six Pakistani guards.
Then seven of the prisoners died trying to get away.
20 others remained on the run.
There is a hectic search going on right now.
Prisoners among 156 al-Qaeda members captured by Pakistani provincial officials since Sunday after the fighters slipped from Afghanistan into Pakistan.
Zacharias Musouri, the first person indicted in the September 11 attacks, appeared today in the suburban Washington courthouse where he'll face trial, sat silently, not so much as a flinch as the charges were read by the U.S. magistrate there,
33 years of age, charged with conspiring to commit acts of terrorism, aircraft piracy, destruction of aircraft, use of weapons of mass destruction, murder of U.S. employees, and destruction of U.S. property.
I would imagine that would carry with it the federal death sentence.
Looks like there's a siege going on in Argentina.
Did you know about that?
The president there declared a state of siege to deal with widespread rioting and looting sparked by a deepening economic crisis.
So when times get tough, the tough loot.
Anthrax.
This is interesting.
The anthrax investigation is focused on fewer than now a dozen laboratories that have worked with a deadly virus.
Investigators working to identify the genetic fingerprints of the anthrax that, you know, each letter used.
The goal is to match the anthrax used in the attacks with the anthrax at each lab site.
Apparently, the anthrax that was used by researchers for decades is present in at least a dozen labs across the country, and they've virtually said we know it's a domestic source now.
I've got a Washington Post article here that I'd like to read you in part, at least.
As you know, since I interviewed Pam, that wonderful lady last week, that had, again, I say it's such a profound influence on me, that whole interview.
It's just very profound.
I have email which, you know, says it can't be true.
It simply, absolutely can't be true.
There's something wrong with the story.
No, there isn't something wrong with the story.
The lady had an aneurysm, which was, you know, a balloon ready to go in her head, and they drained all the blood from her body, lowered her body temperature to 50 some odd degrees.
Her heart stopped.
Her brain activity stopped, and they were monitoring that.
This is at one of the more prestigious medical centers in the whole country.
All of this is extremely well documented, and she was dead, D E A D dead, no brain activity for an hour.
And of course, the whole night was in how she was able to detail what went on during that hour, and how could she do that, of course.
How could she possibly Do that unless she was detached from her body in what some laughingly refer to as a soul.
Well, look, these are, you know, this is not in question.
I mean, these are facts, folks.
Nevertheless, I get a lot of angry emails saying it's baloney.
Oh, no, it's not.
As I said, we will pursue her doctor and get her doctor on the air.
A 44-year-old man who had collapsed in a meadow was brought to a hospital, unconscious.
He had no pulse, no brain activity.
Let me repeat, no brain activity.
Doctors began artificial respiration, heart massage, and brought out the paddles.
A nurse trying to feed a tube down the man's throat saw that he was wearing dentures.
The nurse removed them, put them on a stand called a crash car.
The patient was then moved into intensive care.
Now, a week later, after the patient had recovered, bear in mind this is from the Washington Post, a week later after the patient had recovered, the nurse saw the man again.
The man immediately recognized the nurse.
Remember now, this was a moment when he had zero brain waves, nothing, dead.
So the man immediately recognized the nurse as the person who had removed his dentures and also remembered other details of what had happened while he was in a deep coma.
He said he had perceived the events from above his hospital bed and watched the doctor's efforts to save his life.
Now, the account might be standard fair in a supermarket tabloid, but last week it was published in The Lancet.
I remember I read that to you, a British medical journal.
It is the latest in a long series now of efforts to either document or debunk the existence of near-death experiences, something that for the most part has remained in the realm of the paranormal.
And it goes on and on.
This is a long article with more of the same people who have died.
And I'm talking about zero brain activity.
unidentified
No neural little neurons firing from one neuron to the other.
Now, the only possible explanation, the only possible explanation for this is that there is something within all of us which is, or at least in 18% of the cases, this has been true.
So in at least 18% of us, maybe only some of us have souls.
I don't know how you interpret that figure, but in 18%, people who are clinically, truly dead, no heartbeat, in some cases, no blood, no brain activity, absolute zero, are describing in intimate, accurate detail what's going on while they're dead.
It is one of the more interesting avenues that I imagine I could pursue, and I will pursue doggedly until I get some...
I really already have some answers.
Personal answers.
And for a good part of my life, I've had, what's the right word?
You know, I really don't want to say the wrong word.
I've had reservations about the concept of a soul.
I've had hopes and imaginings that certainly it seems as though all of this is, I don't know, created.
You know, it's not just a big accident of thousands or millions of years of evolution, depending on who you believe.
So, is there any bigger question in life than this one?
And we're beginning to get fairly close to some answers.
At least for me, and I'm a pretty tough nut when it comes to, believe it or not, I know a lot of you say, oh, yeah, right.
You believe all this stuff.
No, no, I don't.
I'm just like you.
I present things on the air.
And some I believe and some I do not believe.
What I do, however, is allow my guests to tell their story the best way they can.
And they're certainly going to do that by not tearing them apart.
So I don't tear them apart.
And because I don't, a lot of people conclude I automatically agree with or believe whatever I'm told that's absolutely inaccurate.
In fact, actually, I'm kind of tough not.
But on this question of the soul surviving physical death, I'm beginning to become convinced.
I tell you, I'm very close.
So the Washington Post now is printing articles on this.
They're getting interested too.
And you know, they should.
Keith should probably get this article up for you.
I'm obviously going to be on a kick here for a while about this.
I mean, how could you not be?
How could you have heard the interview with Pam Reynolds that I did?
I hope you heard it.
If you didn't, somehow I'm going to get that repeated.
Guarantee.
Guarantee I'm going to get that repeated for you.
And then one more little note here, and then we'll go to open lines until Kevin Mitnick.
Hotspots.
This is a very interesting article about hotspots in the Earth.
The headline is, Wandering Hotspots.
Wandering, mind you.
Wandering hotspots worry geologists.
This is by Betsy Mason.
Hotspots where plumes of molten magma break through the Earth's crust appear to be wandering across the planet.
Well, say what?
Wandering across the planet?
A discovery that undermines many of the accepted ideas about how the Earth's tectonic plates are moving.
Oh my goodness, could we be wrong about how the Earth's tectonic plates move and build pressure against each other and so forth?
Geologists thought that magnet plumes, such as the one that created the Hawaiian Islands, remain in place as the plates of the Earth's crust move over them.
For years, they have used these hotspots, so-called, as a fixed frame of reference to gauge the motion of the Earth's plates relative to the Earth's core.
The Hawaiian Islands and their underwater neighbors, the Emperor Seamounts, were used by geologists as a record of the path followed by the plate that makes up the floor of the Pacific.
The islands formed, you see, as the plume of upwelling magma erupted onto the surface of the floor, creating volcanoes.
But a new study by Robert Duncan of Oregon State University in Corvallis and his colleagues shows the Hawaiian hotspot has probably shifted.
The researchers measured the direction in which the minerals in the volcanic rocks of the islands were magnetized.
When the lava flows that formed the islands cooled and solidified, the minerals lined up with the Earth's magnetic field, providing a record of their location at the time.
So in other words, the whole finding will challenge ideas about how the plates have shifted in the past.
For example, a prominent bend in the Hawaiian Emperor, a seamount chain that occurred 43 million years ago was thought to have been caused when the Pacific plate suddenly changed direction.
And now some geologists are simply throwing that whole idea overboard in favor of a moving hotspot.
So many things that our scientists have thought are the case simply are not the case at all.
And by the way, the article I just read you by Betsy Mason in part is in New Scientist.
So even the most basic concepts that a lot of our scientists have had about the way things happen, they just may not be true.
And that's why so many of the things that you hear on this program, even though you must separate it from some of the BS, which inevitably arise, are also true.
And with time, turn out to be absolutely true.
And people say, oh, my God, you guys had that on the air a year ago.
You knew about that six months ago.
And now it's big breaking news.
Well, it shouldn't be a surprise.
Because we're always sort of out here on the edge.
And so inevitably, we stumble across things weeks, months, even years ahead of others.
Basically, because we have no fear.
I'm not having to worry about not being tenured as a talk show host, I suppose, or tenured in any other way.
And so I have no risk.
I have not published scientific papers, though I have written books.
And so I don't have to worry about staking my career on anything, because frankly, my career is built around presenting this kind of information that's out on the edge.
So very little risk for giving you guys what we consider to be the straight stuff at any given moment, may or may not be, but gee whiz, an awful lot of times lately.
It certainly has turned out to be dead on the money.
So the people who want to know what is going to happen listen to this program.
You know, cats do come down with things and pass it from one to the other.
Listen, dear, hold on a moment.
I'm at a breakpoint here.
Just hold on the line there.
You see, I understand that, Leigh.
I mean, if suddenly my cats, and I've got four of them, thank you very much, were to die.
And I thought it was, you know, something somebody had sprayed, I'd be after their asses big time.
Big time.
But I don't think we know it was that, exactly.
Not from what she said.
not yet.
unidentified
Well, I think it's time to get ready to realize just what I have found.
I have the only pair of one I am.
It's all clear to me now.
Responsible, practical, and delicious.
Show me a world where I could be so dependable.
Oh, clinical.
Oh, intellectual.
Cynical.
There are times when all the world is still.
The questions run to the end.
For such a simple mind.
Won't you please, please tell me what to learn.
I know it sounds absurd.
Please tell me who I am.
I said, what would you say?
I'll be calling you a radical.
A liberal.
Oh, a magical.
Criminal.
Call Art Bell in the Kingdom of Nye from west of the Rockies at 1-800-618-8255 East of the Rockies 1-800-825-5033 First-time callers may rechart at 1-775-727-1222 and the wildcard line is open at 1-775-727-1295 to rechart on the toll-free international line call your AT ⁇ T operator and have them dial 800-893-0903.
This is Coast to Coast AM with Arpelle from the Kingdom of Thai.
I don't want to go into the details, obviously, of what could be a legal case on the air.
But you trust me when I tell you, if you want to, you go find a veterinarian and you get a toxicology report, which isn't going to be all that expensive, and have an autopsy done if you can.
And if it was indeed something they did, go after their butts.
That's all there is to it.
And if that happened to my cats, you can bet I'd want to know what killed them.
Because there are diseases that can be passed easily.
You know, feline leukemia is one, and they'll waste away very quickly.
It's horrible.
Absolutely horrible.
So you're going to have to find out what really killed them.
And I know for at least a decade, probably 15 years, he's been researching a lot of this sort of thing by using what's called a single photon emitted computed tomography machine.
And it literally tracks the electrical waves that travel through the brain cell by cell, synapse by synapse, in real time.
Well, a lot of the subjects you've been talking about, I think the bottom line is this guy, he might be willing to go on your show, but I think he would have a lot of knowledge that he could add to these subjects that we're pondering.
The best way, I know a lot of people want guests on who think are going to be very good on one subject or another.
He sounds very good.
Well, get us some info we can track.
Publishers, names of books, that's good.
Any phone numbers you might have, even in the beginning contact, that's good.
Any leads you can give us, that's good.
And then happy to track somebody down, particularly on this subject.
But as far as I know, in one of the best medical surgical facilities in the United States, this woman's brain was dead.
No firing of their neurons we were just talking about.
No communication between from cell to cell.
Nothing.
Zero.
Flatline.
Just like when you turn off the power on your computer.
Gone.
History.
No electrons moving.
Now, if that doesn't go a hell of a long way toward proving that there is some sort of consciousness continuation after physical death, then I don't know what does.
And, you know, after being in here a couple months, we noticed weird things happening.
Like, you know, you put something one place and you'd get up the next morning to find it someplace else.
You'd hear people walking upstairs, you know.
And she would be sleeping peacefully on the footstool and all of a sudden she'd just perk up and just bolt and dash upstairs and hide behind the toilet in the hall bathroom upstairs.
And one night I was sitting here watching TV and she was on the footstool and she just perked up and she started hissing.
And she was hissing in my direction.
Right.
And I was kind of glad I was on the phone with a friend of mine when all this was happening because next thing I know, I told him, I says, this thing is around, whatever it is, whatever she sees.
And the next thing I know, it passed right through me.
The only way I can describe this, and this is going to sound kind of corny, okay, but take your most pleasurable, intimate experience and multiply it by 10.
And up until recently, I've been a huge fan of the X-Files, but I've been noticing that they've sort of been having some difficulty with the writing on the show lately.
So very quickly, I was wondering, have you been approached to be a consultant for paranormal and conspiracy-style stories for that show?
Number one.
And the second question is, I understand you had an interview with Chris Carter a while back, which is legendary.
I've never heard it.
Is there any chance that that might get rebroadcast sometime in the future?
People who are around the dying, you know, in various organizations that take care of people who are terminal, you will hear a million stories like this, just a million stories like this.
Something apparently happens, unless you're hit by a Mac truck and you don't know you're going.
As you get close to death, something begins to happen.
An adjustment begins to take place and you start seeing things that other people are not seeing.
This is all, you know, no single bit of this proof that we're beginning to compile, that I'm beginning to notice really heavily, is by itself going to prove that there is an existence on the other side.
But like court cases that are finally assembled on and convictions are made on circumstantial evidence, you know, an overwhelming amount of it, I think there's beginning to be no question that we're beginning to get the case, a case big enough to say, hey, folks, it's real.
There really is something after we go.
I think we're that close.
If we're not already there, and I think it's pretty exciting.
Mr. Kevin Mitnick graduated cum laude at computer systems and programming from a technical college in California.
Went on to successfully complete a postgraduate project in designing enhanced security applications that ran on top of a computer's operating system.
With more than 15 years of experience in exploring computer security, Kevin Mitnick is a largely self-taught expert in exposing the vulnerabilities of complex operating systems and telecommunications devices.
His hobby as an adolescent consisted of studying methods, tactics, and strategies used to circumvent computer security and to learn more about how computer systems and telecommunication systems work.
Now, there's a childhood for you.
In building this body of knowledge, Kevin gained unauthorized access, it has been said, to computer systems at some of the largest corporations on the planet and penetrated some of the most resilient computer systems ever developed by man.
He's used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and their inner workings and play with them.
He was invited to testify before the Senate Committee on Governmental Affairs to assist in their efforts to create effective legislation that would ensure the future security and reliability of information systems owned and operated by, on behalf of, the federal government.
In other words, they want to be sure they're safe and Kevin's got to tell them, right?
As the world's most famous hacker, Kevin has been the subject of countless news and magazine articles published throughout the world has made guest appearances on all kinds of TV and radio programs offering expert commentary on issues related to information security.
In addition to appearing on local network news programs, he's made appearances on 60 Minutes, The Learning Channel, Tech TV's Screensavers, Core TV, Good Morning America, CNN's Burden of Proof, Street Sweep, Talk Back Live, Canada AM, Marketplace, National Public Radio, and as a guest star on ABC's new spy drama, Alias.
Kevin also keynoted at numerous industry events, most recently at the Giga Information Group's Infrastructures for e-business conference, the Software Developers Expo 2000 conference, DEF COM Security Conference, and Spinnaker's Community Security Conferences.
He has written for, get this, Time Magazine, Newsweek, UK Guardian, securityfocus.com, and 2600 The Hacker Quarterly.
The Hacker Quarterly.
He also authored a monthly column for, what is this, Cuntville, Critiquing Commuter Magazines, Computer Magazines.
He hosted a radio show, by the way, on one of my affiliates, CAFIAM640 in Los Angeles, entitled The Dark Side of the Internet.
The New York Times once said that you, did you break into NORAD?
They said you broke into NORAD, which is, of course, our Matthew Broderick did war games, and a lot of people saw that, and so they kind of know what this is all about.
It ended up on the front page of the New York Times back in July of 1994, and there was a front page piece, and the reporter, a technological reporter by the name of John Markoff, reported that I broke into NORAD among other things that I didn't do.
And I think the story came actually from the movie War Games, and that act was attributed to me, and it kind of elevated the danger of Kevin Mitnick, if you will.
No, and I don't think it's possible because any type of government network, especially any type of computer systems that would control nuclear weapons, you would think that they would not be connected to any type of public network.
At least I hope not.
But no, I've never endeavored to break into any such systems.
It just seems like the myth of Kevin Mitnick and the reality of Kevin Mitnick has been so intertwined over the years, mostly at the hands of some irresponsible journalists, and it's created, there's a lot of stories about me that simply, yeah, but that's good and bad, right?
And they use this myth, if you will, to treat you in an inappropriate manner.
I recall a day in court when I was standing in front of a federal magistrate, and a prosecutor asked the magistrate to put a special condition on my phone usage when I was held in custody.
And the reason for this restriction was the prosecutor claimed that I could merely whistle into a telephone and launch nuclear missiles.
And of course, I kind of looked at the prosecutor and I looked at the judge and I said the judge couldn't, you know, would never consider this to be true.
And yet the judge, you know, found that, I think the quote was, when armed with a keyboard, I was a danger to national security or the world.
And I ended up being held in a federal detention center for eight months in solitary confinement.
I kind of like, oh, oh, the judge isn't going to believe this.
Their credibility is going to go out the door, and yet apparently when a federal prosecutor or federal law enforcement speaks, apparently the judicial system believes them 100%.
Well, I mean, if they believed that, your time would have, not only would they not have let you near a phone, you'd have had to have been gagged full time so you couldn't whistle, you know?
Yeah, it was strange because as soon as I agreed to some of the government's demands, it seemed that all of a sudden I didn't become this, you know, this danger to national security, if you will, and they let me out of solitary confinement after about eight months.
When I was a juvenile back in, I believe it was 1981.
I was 17 years old.
And I was arrested for actually physically going into the telephone company.
And myself and a couple of friends of mine, we went into the phone company to basically look, you know, we were interested in looking around and looking at where all the different computer systems were.
And we did a really stupid, stupid thing.
And we didn't have time to sit there and read the manuals to study how to transact commands on the computer.
So what our plan was is we were going to go to an all-night copy shop and copy some of the manuals.
We were scared kids, and we couldn't bring them back, and we figured we didn't want to, you know, obviously get caught with them, so we threw them away.
But because of my reputation and because the phone company kind of knew who I was because of my reputation, it was called phone freaking at the time.
And so I was their number one suspect, and also there was another person that was involved in our group, if you will, that knew about this, and I believe they called up Pacific Bell Security and told them.
Maybe not even a watch that has a computer built into it that would have extra functionality.
A cable television that has the ability to hook up to the Internet.
And get this, is any device that could act as a computer or that can access a computer.
Now, I have these, I mean, broad conditions where I can't really possess devices of technology, but it's all subject to the discretion of the probation department.
So the probation department, when they feel that it's okay, they can allow me to possess or use any of those devices.
Because if somebody, you know, for instance, a bank robber robs a bank, do you put a condition of release that they can't use money?
Or a forger cannot use a pen?
I mean, that's, that's, it gets to be, it gets to be a little bit absurd.
But I think the real reason, you know, I did stuff that was wrong and I deserve to be punished.
But in my case, you know, it's been my sincere belief that the punishment and the crime, because in my exploration of, you know, computer systems, you know, I learned some things, you know, that, you know, that the government, I think, would rather that I didn't learn.
And I think based on, on, on the, on this knowledge that I obtained that they, they treated me in a very harsh fashion.
Yes, I, I, I, I think I, I, I coined the term, I, I, I have won the, uh, scapegoat sweepstakes, if you will, is, you know, I deserve to be punished for, you know, crossing the line and breaking the law.
But I was really punished as if I committed, you know, some sort of espionage against the country or industrial, industrial espionage.
And, and how they got to that number is, remember that I, i looked at the source code to these different you know cellular phone technologies, and I was interested in looking at the source code to different operating systems to figure out how they worked.
I'm trying to see if I can pay it off as restitution.
No, just anyway, where the $300 million figure came to play is because I was kind of the government's example, the Uber hacker.
The figure was the amount of money that these companies, that I looked at their source code, that they spent on research and development to develop the product.
And even though I never intended nor did I ever use or disclose any of the information I looked at, it was the government's theory was that if you copy or you access the information, you are essentially stealing that information.
So under the federal sentencing guidelines, it's the value of the property.
Yeah, but don't you have to prove damages to some degree?
In other words, yes, maybe you have the information, but let's say you had used it or given it to a competitor or something like that, then where are the damages?
And of course, the government and the phone company's position is, oh, with this information, a malicious person could take down the emergency 911 system, which was the furthest thing from the truth.
It was kind of the same thing about launching nuclear missiles by whistling into a telephone.
But in any event, the government alleged that this group caused thousands and thousands of dollars in damage that the cost of the computer, get this, the mini computer that an employee wrote the document on, the full cost of that computer, the full cost of the staff that operates the computer.
It came out to something like $100,000 of damages that the government was claiming.
And what ended up happening is their whole case fell apart when the defense attorney was able to find that anyone, anyone in the public or simply ordered that document by calling an 800 number out of some Bell journal, and the cost was $13.
Well, I really think, in my opinion, I think you really have to look at what the person's intent was and what damages that are really caused rather than really go on the fear of being...
Because in my case, I really felt that I was kind of punished for my potential rather than the actual deeds that I have done.
Yeah, but what I'm doing these days, I'm taking my background, my knowledge, and experience, and I'm using it to help people protect themselves against the people that want to intrude on their computer systems.
And it's really the same challenge.
So what I'm doing in today's world is I'm taking a negative and making it into a positive.
Well, again, the government prosecutors convinced the judge that I was such a danger, even if I was in custody, that to really control me, that they would have to put me in solitary confinement.
And I think a lot of it had to do with, you know, about, you know, the, you know, stuff that I learned, you know, stuff that I learned about, you know, our government, stuff that I, you know, stuff that I, you know, it's kind of difficult for me because I'm not really at liberty to talk about certain things because, you know, to be honest with you, I'm kind of, you know, fearful that if I were to disclose certain things, you know, jail might be a pleasant experience compared to, you know, what could happen.
Do you know things that if were made public, the public would be frightened of or would not approve of, you know, things that our government is pursuing, things they're pursuing and doing?
There is truly a dark side out there and not, not particularly, not particularly our elected government, but there's, I don't know, like in the, in the, in the, in the fictional, like spy drama alias, you have the CIA and you have SD6 and SD6 is like the evil government faction that really, you know, works and does underhanded stuff that the public doesn't know about.
I guess that would be the closest analogy without getting into too much detail that were, that might get me in some trouble.
And at the best, and it's kind of risky for me to even talk about such things, especially since I'm still really under the government's control.
In the, in the federal system, you, they don't, they have a thing called good time, but you could earn up to 54 days a year maximum, unless you cooperate with the government and become an informant.
You still have, you, the, the, the federal statute gives the federal judge power to impose a condition of, impose terms and conditions of supervised release even after you did all your time.
And the, the system that everyone is really familiar with, which was called parole, which they don't have in the federal system, is where you're sentenced to, say, five years.
You do three and you, you get out and you do two under supervision.
Right.
In the federal system, you get sentenced to five years.
You do four years, four and a half years, and you still get three extra years of supervision.
And, and interestingly, if you violate a term or condition of supervised release, even after you did all your time, the judge could actually have the power to impose a new prison sentence.
And then when you get out, give you another term of supervised release.
Wow.
It's a very interesting system that the, uh, the public is probably not aware of.
It's a, it's a, it's a way of thinking, like out of the box thinking.
And the, the term originally, I guess, was coined back in the, uh, 60s era with, uh, MIT, people that were computer enthusiasts that you have, uh, back then, you know, memory, you know, computers were much more expensive.
You didn't have as much memory or, and, and all the technical innovations we have today.
So computer programs, you know, one of the things like a, a hacker would do is try to write a program that would be more efficient than another, or do things that the hardware wasn't intended.
intended to do.
I guess a good analogy would be is if you're, if you like tinkering with cars and you're a car enthusiast and,
you're able to rebuild the engine or get more performance out of that engine by doing some you know by doing something that wasn't meant to be done that's what I call hacking that's my definition and I think it's an accepted definition by others and then I also include in hacking is thinking and getting around obstacles,
you know, circumventing computer security measures, not to cause harm or to profit, but it's kind of like, you know, a lot of hackers that I know are also for fun.
I mean, that was the reason that I was involved, and it was purely for the fun and for the thrill and the intellectual challenge, not for any malicious type purposes.
And it's kind of like, like I was going to mention a second ago, is hacking is kind of like a sense of lock picking.
A lot of hackers that I know are also interested in being proficient at picking locks, not to break into people's homes, but just to, hey, it's something you're really not supposed to be doing.
It's, you know, I'd like to learn how it's done, how a lock works, how to take it apart, how to defeat it, just because you want to know.
We have the internet going strongly today, and when somebody like yourself discovers something, it is then quickly, of course published on the internet somewhere and then a million people who are not really skilled hackers but script kiddies just grab on to what you have written and posted and now you have a gazillion people out there doing serious damage well that's that we're going to get into the debate this is called what they call the full disclosure debate in other words when
And there's vulnerability researchers, people that either get paid or they have a hobby of figuring out certain security vulnerabilities within operating systems or applications.
What has been done in the past is these vulnerability researchers were reported to, like there was one organization that is well-known called CERT, a computer emergency response team that's run out of Carnegie Mellon University.
And what CERT would normally do is be the liaison between the vulnerability discoverer and the company whose product has the security flaw.
And what ended up happening is the software manufacturers would either bury their head in the sand and not fix the problem or take forever to fix the problem or just say, oh, it's theoretical.
It really doesn't exist.
And what ended up happening is all these computer systems out there would be vulnerable except to the people that knew how to exploit the vulnerabilities.
So what ended up happening is...
you know there became a full disclosure uh movement that when a vulnerability is discovered it's immediately posted to like a mailing list such as bug track which is available on securityfocus.com right and and what it does is it kind of forces the manufacturer to the software manufacturer like one of the biggest ones is Microsoft of course to fix the security problem sure and because if you try to get you know information just always has a way of becoming free but
When you publish information, especially when it comes to security vulnerabilities, if that vulnerability, well, the good thing is, hopefully the people that are the security staff or the system administrators are exercising some watch over their systems.
I think what they do, I think what the majority does is they send it to the manufacturer and give them a week.
And if there's not a fix-out, they'll post the vulnerability in hopes that either the poster will post a workaround or it will be released to the world, if you will.
So a workaround could be released into the manufacturer.
quote from msnbc.com uh quote scores of websites have been altered by sympathetic attackers to include calls for his your freedom notably the new york times website unicef and yahoo uh home pages so uh you had an army of people out there sympathetic to your plight and they were plundering in your name uh did you know that was going on when you were in prison well i knew about it when i when my attorney
No, I wouldn't call it an army of malicious hackers.
There was a few bad apples out there that decided that they would go ahead and deface a website in my name, which I, you know, never condoned or appreciated it, you know, because it kind of gave, you know, hacking, well, hackers more of a, you know, a malicious tone.
Like, oh, all these, all hackers do bad things with computers.
They destroy stuff.
They deface websites.
And that really, and when these individuals did this, of course, it, you know, gave the media the fuel they needed to, you know, take that position.
But I was really in no control.
You know, I was in federal, you know, custody again for, you know, years even before trial.
So I really had no control of what other people did.
But I, I do recall having, asking my attorney to put out some notice that, you know, asking these people to, you know, stop doing such things in my name.
I'm really good at thinking uh my way around obstacles and i'm i'm whenever i put my mind to doing something i i i do a stellar job at it so uh i became the uh stellar you know i was kind of a stellar hacker if you will um and what talent is that i mean it it just it's got to be more.
To the wind, the sun, and the rain We can be like day Come on baby Don't feel the reverb Take my hand and feel the breath as she rises through her apology.
Everybody else would surely know Who's watching her grow Just a word who believes He sees The wise man has a power To reason away What you see To
be It's always better than the way Nothing at all Want to take a ride?
Call our bell from west of the Rockies at 1-800-618-8255.
East of the Rockies, 1-800-825-5033.
First-time callers may reach Art at 1-775-727-1222.
The wildcard line is open at 1-775-727-1295.
And to call Art on the full-free international line, call your AT ⁇ T operator and have them dial 800-893-0903.
This is Coast to Coast AM with Art Bell from the Kingdom of Nye.
An example of something that we stumbled across years ago.
This was a system called SAS.
It stood for switched access services.
And it was a test system that was put in, that the phone company used for testing lines and such.
And what this system would allow you to do is from a remote location, simply by knowing a telephone number and having something like a laptop computer, you could basically pop in on anybody's telephone conversation without their knowledge.
You can monitor anyone and anyone that had service with this particular phone company.
This system, anyone could have access, but just by knowing how to do it.
No court order needed.
In fact, one of the informants that was working against, you know, that was helping the FBI collect evidence against me during their investigation, he was in trouble himself.
And when they executed a search warrant, they seized the manuals which he needed to access the system to essentially conduct intercepts or wiretaps from a remote location.
And what the FBI ended up doing was actually giving him the manuals back when he was working for their interests.
So this informant was actually using SAS to monitor people and collect the information to pass to the FBI.
Of course they knew about it, but they don't know how the informant's getting the information.
That's really, you know, it's kind of what they call turning a blind eye.
So imagine just by having access to a computer and having a phone line that you can dial up into, you know, to the voice, into the voice section, you know, you have to have two phone lines.
One is to actually dial into the computer system itself and one is to actually monitor the conversation.
So you have to be able to dial into the voice path, if you will.
And from anywhere in the world, an outsider could monitor anyone and the target would not have a clue.
Well, yes, but even having such a backdoor secured or unsecured, it would seem to me would be a violation of human rights, constitutional rights, all kinds of things.
Well, it was the back door for the phone company to test their own circuits.
And so it appeared to be legitimate, but what bothers me about this is here you had a government informant, and the federal law enforcement knew about this particular system, yet they still allowed this informant who was working for their interests to use the system.
Yeah, it is a problem, you know, because it is, you have to demonstrate probable cause.
You have to, I think for Title III intercepts at the time, you had to demonstrate there was no other investigative techniques that would, that, where law enforcement could obtain the information.
But, you know, it was really, you know, disturbing.
And the government was, you know, very unhappy, you know, when this system was discovered.
Listen, Donald in Fort Worth, Texas asks the following good question, too.
There were some guys that went before Congress who said directly to the congressional folks listening that they could bring, they had the ability, they could, if they wanted to, bring down the Internet in 30 minutes.
I think it would be difficult because what the Internet has been designed to do is if a portion of the Internet is made unavailable, how it communicates through the Internet protocol, what it does is it routes the packet or routes the information through another means, through another path, if you will.
And when I was thinking about what they said, because I remember hearing that, it would seem that they would have to somehow take over the core routers of the Internet and somehow saturate it with traffic to interfere.
But I don't think they could.
I found it surprising that they would claim they can simply take down the whole Internet in 30 minutes.
So if, though, you had sort of an army, either technologically or numerically or both, and you could attack certain key points, you might be able to pull off a gigantic denial of service that would...
I read my audience a rather obscure article the other day about something that sounds pretty frightening to me.
It's about a government project, apparently called Magic Lantern.
And the way I understand it, correct me if I'm wrong, is that this is a government-originated virus which, once it enters your computer, would be capable of relaying keystroke by keystroke.
Every key you hit would appear on a government computer if they wanted it to.
In fact, if you have a credit card and you have probably between $50 and $100, you can order these computer wiretaps, if you will, keystroke loggers from the Internet.
And people install this on their spouse's computer or their girlfriend or boyfriend's computer, their employee's computer, maybe even their employer's computer.
And I always thought to myself, someone with enough time and a credit card on the Internet could simply install these programs.
I think they're called Spectre and eBlaster and WinWhatware.
There's several of them out there.
And go to the Kinko's copiers.
How many people use the computers over there?
And just install keystroke loggers on all their computers.
Go to the airports in the Internet kiosks and install keystroke monitors on their computers that just email everything to some dead drop somewhere on the internet.
So this technology is really what they call Trojan horse technology.
That's where a program that appears to be something useful, like a game, a new spreadsheet program, some sort of utility if you're a ham, maybe something that reads Morse code.
And what an intruder will do is they'll basically bind a malicious program to something that appears to be legitimate.
And then they'll send it to the target through different means.
And then when the target runs that program or installs it, the other program runs too.
Yeah, what it does is the other secret program that the user is not aware of runs, and it could open, basically put essentially a computer wiretap on their own.
Now, I fully understand that there's a big press to get the terrorists and that there are extraordinary means being exercised right now.
But this magic lantern, I mean, it's a virus.
So that means unknowingly it would plant itself in computers, private computers, all over the country, and they could literally sit there and watch every single thing you type?
Well, what it would do is it would email or somehow send the information either through what they call FTP, which is file transfer protocol, or it would email keystrokes, screenshots, or anything to, I guess, to some dead drop who knows if it would be at a federal location or where it would be.
And it's very simple technology, and the FBI is already, they already have other tools.
They have Carnivore.
You've heard of Echelon.
What they're doing is they're taking this 10 to 15-year-old hacker technology of developing a Trojan horse.
It's really not termed a virus.
And it's scary.
And what's really scary about this is if the antivirus companies out there, like Norton, McAfee, and Symantec, They have publicly stated that if the FBI contacts them, they will not add that signature into their database.
So what happens if you have somebody that is very computer literate that detects this Trojan and then simply modifies it and they wiretap the government, let's say.
And then they're monitoring the government using their own tools.
What happens if it's, you know, I mean, this is a stretch of the Taliban.
You know, that, you know, I don't think they're technologically able.
You know, I guess, you know, money can buy talent, depending on their resources.
But what this, you know, the problem is there's a high potential for abuse.
This Trojan horse, if you will, could simply be discovered, modified slightly, and it could be used by common folk to install computer wiretaps on anyone.
Well, the last time that I actually was interesting, like I said earlier in the program, I was in custody for about four and a half years before going to trial.
And a lot had to do with the problem with my attorney not being able to represent me because he didn't have a good understanding of the discovery, the evidence in the case.
So we were going back and forth for years because the government didn't want to print out the information.
And this information resided on, was apparently like 11 gigabytes of data, which is huge.
It could fill up a library.
And, you know, because they just take everything, and it could be MP3 files, you know, just part of the evidence.
And they refused to print it.
And they said, you know, when my attorney said, well, listen, you know, what I'll do is we'll take a laptop into the Metropolitan Detention Center in Los Angeles, and we'll go into the visiting room and let my client go, you know, let us go through the evidence, and that way he could explain what it is, because my attorney wasn't, you know, computer knowledgeable.
And the government said, you know, Your Honor, we let Mr. Mitnick have access to a computer in jail.
He'll engineer an escape, and at least you're giving him the ability to hack into other computers from jail.
We can't do this.
And when my attorney advised the judge that there's no network, there's no modem.
The government still claimed that I can still do such things.
And of course, the judge believed the government.
And so eventually, after years of going back and forth, I was finally able to get access to a laptop while in custody to go through this information.
Well, technically, under the rules of discovery, your attorney, you know, they just give the evidence to your attorney and say, well, go for it.
And the problem is my attorney had no understanding of the evidence and could not, you know, Well, my attorney thought that would have been me.
And a lot of computer experts in the industry shied away from the case because of the negative high profile of the case, because of false rumors and information being written about me and the mainstream media, which started from the New York Times, is what happened is a lot of people in industry didn't really want to get involved in the case because they would essentially be working against the government's interests, if you will.
Well, it makes it difficult because in today's society, I don't even think you can go to school without having a computer available to do your work on.
When I was hosting my talk radio show, I had to depend on a lot of other people to help me to print out the research because the show was basically about the Internet.
So imagine doing a radio show on the Internet but not being able to use a computer.
That's hard to do.
You have to chuckle, you know, because, but I did it.
I was, you know, I was persistent enough, and I think it went well.
And I just had to read a lot of paper, killed a lot of trees.
For those that don't know, social engineering is basically using deception and pretexting and what private investigators call gagging to convince people the human element has access to computers to give up information or to do something.
Anyway, maybe we touched on something they didn't know.
Here was my little speech.
It's Christmas time.
It's almost Christmas, and people are sick of malls.
I wasn't born to shop at all.
I was born to tinker and play, and that's what I do.
I don't shop.
I avoid it like the plague.
And so everybody's doing their shopping, or a lot of people are on the internet.
You go to these websites to order something for somebody.
It's so easy.
It's so easy to shop on the internet.
And you get this little lock symbol when you get into the portion where you're buying, actually buying something, and that indicates you're on a secure server.
And so you give out your credit card information and God knows what, all your information.
And people are under the impression that that information is secure and safe once they see that little lock symbol.
What that little lock symbol really indicates is when you're sending your financial information, such as your credit card number, to a website, while that information is being transmitted, it's encrypted.
It's scrambled.
So somebody that's monitoring any type of communications going between those two points will just see gibberish.
Now, the problem is most of these websites out there, it really depends who the e-commerce site belongs to, is that they store this financial information in the clear.
So what happens is when computer intruders are able to break into these companies, like I think CD Universe was one, Egghead, what happens is they get access to the entire store.
Exactly, because a lot of these e-commerce sites do not securely encrypt the information when it sits on their side.
And that's what makes it vulnerable.
But really, you have to ask yourself, I mean, if somebody were to obtain just your credit card number, and we're not talking about health-related information and such, what is the harm?
Okay, somebody might defraud the credit card company, but at the end of the day, you may be responsible for up to 50 bucks.
But the same thing holds true when you're going to a brick-and-mortar store.
You go into May Company or you go into the Gap, for example, and you use your credit card there.
You can walk into a brick-and-mortar store, use your credit card, and then some intruder hacks into that company's internal network from the Internet, let's say.
It really depends how each of these companies set up their computer network.
But it's true.
A lot of the brick-and-mortars company have links to the Internet from their internal network, and that is accessible sometimes through the Internet.
So the same problem takes place.
The problem, I think, really comes to play is when people, when their debit cards are compromised, because then they simply, your account could be drained of its money, and you could have outstanding checks that haven't been cashed yet, and it can really cause you a headache.
And I think the federal rules with respect to credit cards or debit cards are a little bit different, so it might be more difficult to recover your funds.
I think there was, from what I read, there was a group of Russian hackers out of the Ukraine that were compromising a lot of e-commerce sites that had problems with Microsoft's Internet information server and were able to literally steal thousands upon thousands of credit cards.
And they were obviously going to sell these credit cards to some brokers and eventually they would have been abused.
And I guess you really need to look at your credit card statement when you get it in the mail to make sure there's no unauthorized charges.
In fact, I was with a guy in custody at the MDC since I think I was the longest inmate there as a pretrial detainee.
And this guy was arrested for committing some sort of fraud where thousands upon thousands of people were affected, and they would simply have a charge on their credit card for like $19.95.
But it ended up being fraudulently billed to thousands of people's credit cards.
And the guy literally made hundreds of thousands of dollars.
I don't really know the details of the case.
But it was because most people don't really pay attention.
So it's really time to pay attention to the truth.
Well, it's not a negative thing to learn how to hack.
It depends if you're labeling hacking as doing something illegal, if you're interested in computer security to protect yourself or to protect others, then you have to learn basically the skill of hacking.
And there's several books out there that are, I believe it's Maximum Security, there's Hacking Exposed, there's several different books out there.
And there's also websites that are out there like Packet Storm Security is a big one.
There's Security Focus.
I mean, there's a lot of different resources out there.
A lot of people ask me that question, like, where do I start?
I want to learn how to do it.
And it's really, it's not like you can explain the steps of tying a shoe, if you will.
It's kind of, you know, the process is really a learning process that takes time and experience.
Oh, had trouble getting up for work the next day because I spent so much time on the computer.
But I do want to mention one thing.
Remember when we were talking about Magic Lantern before we went to break?
Did you know that it would also give the law enforcement agency or the intelligence agency, think about this, they could use that program to turn on your webcam, like if you have a camera, and watch what's happening in your room.
And how about your microphone on your computer?
A lot of people have mics because they go to these chat rooms, audio chat rooms.
And imagine just being able to turn on your mic to listen on what's happening in the room.
There's Trojan horse programs that are available out there that have that functionality where you could open the target CD drive, have their windows disappear, turn on their camera, turn on their microphone.
I mean, you might be able to tell them to visit a website, but you couldn't instruct them in any ways of doing anything that It would obviously, there's a condition of supervised release that prevents me from using people as a proxy to do something on my behalf.
And it was difficult because it really got close to the line there, especially when my producer, you know, I would need them to look for certain information.
And of course, I'd have to direct that person, you know, I need this, I need that.
And that's kind of almost, but it's not to the point of where, hey, type this key, type that key.
You know, it was more of, I need this particular information, go after it.
One of the one thing that people can do is to check to see if there's a known Trojan horse on their computer is there's a software called the Cleaner that you can find on the internet.
I think they give you a free 30-day trial.
And it's a piece of software that's been highly regarded as being able to detect Trojans.
The problem with it is it uses the same technology to detect viruses and worms is it's called signature-based.
So the AV company, the antivirus company, or their lab, they find what they call malware, malicious software, if you will, and they develop a signature and then they update their database.
So users are supposed to, on a frequent basis, update their definitions file.
And what it does is it will look for that particular pattern.
It will scan all the different executable files on your computer and your DLL files, looking for that particular pattern and identify it as a known worm or a known virus.
That's the same technology these Trojan horse scanners are using as well.
John in Denver wishes me to ask you the following.
How do you feel about John Markov, is it, who wrote the newspaper article about you and something about a movie he's asking about that was somehow successfully blocked from even being distributed.
Well, what ended up happening is while I was in custody, they shot the film.
Skeet All Rick played me, and there was some other, I guess, unknown actors in the movie.
And they basically accepted the version or the book, Takedown, as their storyline.
But what ended up happening is the initial script that was released portrayed me as like the Hannibal Lecter of computer hacking.
It was just completely out of, portrayed me as a person that I'm not, depicted me doing things that I never did.
And there was an outcry from pretty much the hacker community.
And the same grassroots movement that was established to help get me out of custody, if you will, they picketed Merrimacks was the company behind the feature film.
And what eventually happened is they started, you know, they did some script changes, I guess, based on the pressure.
But what ended up happening at the end of the day, which was interesting, is the movie producers or the writers actually stole material from another book that was written about me called The Fugitive Game.
And they used this material without that author's permission, and then they were sued a second time.
So at the end of the day, the movie was never released in the United States.
It was just released over, I believe, not domestically, but overseas.
Now, I don't know whether this is myth or legend, but it is said among hams, Kevin, that early in your career, you were known to go freaking with the auto patch down in Glendale, the 147.1.2 repeater, back in, say, about 1981 or thereabouts.
Well, did you know that, in fact, I'd like to give you a quick demo.
Did you know, I mean, usually when somebody calls you and you see their name and number display on your caller ID, you assume that that is the person calling you, don't you?
Would you be surprised to know that there's ways, you know, there's secret ways that that system could be manipulated to display any name and number that the person would want?
I'll say certainly when I've demonstrated it to you.
But it really makes you think that the next time you receive a telephone call, it may or may not be the person whose number or name is on your display.
I was wondering if you can elaborate at all on if you think that the government gave you a hard time in this case due more to the fact of what you found maybe about what the government was doing as opposed to some of the amount of money that they say that you I think it was a mix.
I think the government fully well knew that the damages didn't really get anywhere near the $300 million or in my plea agreement I had to agree that the damages were between $5 and $10 million.
But that was really, I just agreed to the number to settle the case that happens consistently.
But I also do believe that the government came down pretty hard on me because of the potential I had and also because of some information that I'm not really at liberty to discuss, especially on a radio show.
Is there ever going to be a time, you know, after X number of years go by when you can talk about this information, or is this the kind of stuff you've got to take to your grave if you want to stay out of jail?
Again, I was in pretrial detention for about four and a half years.
And when you're in pretrial detention, you have your rights, you know, because you're not convicted of a crime, but at the same time, you have the least privileges.
So it was a very unpleasant experience that I want my enemies to experience.
What I learned from my case, Art, is the federal government has extreme powers.
and I hate to keep harping on my case because I'm sure there's much more interesting stuff to talk about.
But it really bothered me because the court system or the judicial system, based on fear and hyperbole, turned a blind eye to certain constitutional rights I felt that I had.
And this was not just my personal feelings.
These were the feelings of my attorney.
For example, I was the only defendant in U.S. history, according to my defense team, that was held without a bail hearing.
Normally, when you're arrested for commission of, you're accused of a crime, you're entitled to have a hearing to determine whether there's a condition or not.
I remember that, but I don't rec I can't put a face to the name.
I apologize.
unidentified
Well, we'll have to talk sometime else about that.
That was loads of fun.
There was a couple years ago, there was just this gigantic lock party of a 4th of July party, and pretty much anyone, it was anyone who wasn't a felon, by the way, but was there.
What I thought was interesting is an FBI agent actually attended the party, and he was, I guess he worked in counterintelligence, no counter-terrorism for the FBI's Los Angeles office, and he was actually at the party.
We'll go to what they call, it will use a simple mail transfer protocol.
And I don't believe that protocol has to authenticate at all.
In fact, that's what makes it so easy to spoof email messages because you simply can connect to any what they call an SMTP port on a particular server that has that service.
And by typing the appropriate commands, you could make it appear that that message appeared to come from anywhere in the world.
unidentified
Okay, yes.
What he was saying is that with the right command, you could basically ask for that person's password and anything.
There's always ways of obtaining people's passwords, especially for Yahoo and Hotmay.
A lot of people, from what I hear, maybe choose good passwords, but they choose easy hints.
So what it will allow an attacker to do is change their password.
Like they'll choose a hint like their mother's maiden name or their dog's name or something that some personal identifier that could be obtained through some diligent research.
unidentified
Oh, but there's no like magic way to do it, though, like this guy was saying.
You know, cookies are little small text files that your browser places on your computer so it can kind of keep track where you are on that website.
And some of these sites will deposit a cookie on your computer, and when you go back to that website, if it sends that cookie, it will assume that you're already authenticated, that you already identified you.
And if an outsider is able to get that cookie from your computer, or steal your cookie, if you will, then they could masquerade as you.
But that all depends on the programming of the different websites that are out there.
That's not necessarily true, Art, because I have a friend and a colleague that's an attorney, and he handles a lot of these cases where companies are insulted or false information is posted on Yahoo message boards regarding the financial position of the company or false rumors.
And a lot of these companies subpoena Yahoo and track the Internet service provider and then subpoena the ISP and find out who the user is and then try to identify them if they're an employee or not.
If they're an employee, they get canned.
And if they're not an employee, they have a lawsuit filed.
Well, the problem is, as you pointed out early on, there are not a lot of, now perhaps today that's changing, but there were not a lot of attorneys familiar with the Internet at all.
And they would throw up their hands and they'd say, sorry, the attorneys skilled in law, and that's where they've dedicated their experience and knowledge.
And what they usually do is they depend on expert witnesses to consult with experts on computer-related matters.
In fact, there's this case going on in Las Vegas where this gentleman runs an escort service, if you will, and he's having problems with his competitors essentially diverting his phone calls to themselves.
In other words, stealing his business by manipulating the phone service.
And I'm consulting with him now to try to get to the bottom of it to identify how it's happening, how to stop it, and whether or not the company that provides the service is responsible for some sort of security flaw.
So essentially, I can't do any type of employment or engage in any type of employment opportunity without permission of the government.
In fact, it really became an issue a year ago when I was being offered positions writing articles and doing a lot of public speaking on computer security issues.
And the government, the probation department, interpreted my condition of supervised release, meaning I can't speak about or write about technology that it's prohibited on.
And what I ended up having to do was hire an attorney, and we had to go back to court to challenge this because it was really a First Amendment issue.
And you won?
The funny thing is, is the judge never ruled one way or the other.
What ended up basically happening is she said she doesn't want to see me or in her courtroom again and to work it out.
I'd rather not work for the Department of Justice because I don't agree with some of the way they handle certain things, but any other parts of the government is fine by me.
And I haven't usually, when they make somebody an example, because I'm really the hacker poster boy, if you will, they usually can't do it because they can't say face.
So I don't expect it to happen.
And if it did, I think it would be kept very, very quiet.
Well, I think a big problem, you know, well, I guess you're talking about, you know, with hacking.
What I think is important, what parents need to teach their kids these days is ethics.
Because when I first got involved in phone freaking and computer hacking, it was encouraged.
It was encouraged by parents.
It was encouraged by teachers.
In fact, one of the first programs that I developed in high school was a program that acted as a login simulator.
So it tricked the unsuspecting user into entering their username and password, and it would capture it, and it would go ahead and log them into the computer so they wouldn't know the better.
Kevin, I wanted to ask you, you know, you've got such a great, well, frankly, as a you've got a great brand, you know, Kevin Mitnick.
Do you think when you're over the probation or whatever and you can actually get your hands on machines and start back into coding and things of that nature that you'll go into security, computer security?
Yeah, but imagine their fear of turning you loose on by then probably a three gigahertz machine a million times more powerful than what you did, what you did before.
And I understand that, and they can go ahead and think like that, or anyone could think like that, but I know in my heart that I've grown out of this.
It was fun.
I did it for the thrill.
I did it for the challenge.
I did it for the intellectual curiosity.
I mean, curiosity was a huge factor.
And now I can take these same skills that I have and use it to help people protect themselves against security problems.
Because in today's world, which is a lot different, as you know, Art, from back in the mid-80s or even early 80s, the world has changed with computer security.
It's a business enabler.
There was no internet back then.
It was the ARPANET.
I don't know if you've used the ARPANET back then, but it was totally different.
I've exercised extremely bad judgment in my past, and I would have changed a lot of the decisions I've made.
And I'm sure I might be in a different place.
I might have taken another fork in the road, if you will, instead of being interviewed as the most famous hacker on your radio show, I could be running a corporation like Microsoft.
I think they have a lot of security issues that they really need to take a hard look at.
And I know that for companies to be profitable, they need to rush to market.
Microsoft products are really heavy on interoperability and functionality.
And I think they're looking more at the security issues involving their products because I think what it really is is industry response.
For instance, the Gartner group recently has come out and made a public statement, an analyst with Gartner, that no one should use Microsoft Internet Information Service or Server until Microsoft does a complete rewrite of the code.
So when you have an organization such as Gartner making such a strong statement, Microsoft has to react.
They have to build back their customer confidence.
But don't forget, security is all about a bounce.
The more security you have, the less functionality you have.
And I think operating system vendors could really help themselves and help their customers by building in some, you know, like a firewall product into the OS that's turned on by default.
So the unsuspecting user, you know, the person that goes into Best Buy or Comp USA and doesn't really know much about, you know, is just a novice, plugs in their computer, they're not instantly vulnerable.
Nowadays, you go ahead and plug in a computer and everything's turned off.
All the security is turned off and you have to know enough to turn it back on.
And then you think about these companies like Oracle that do competitive intelligence and they actually hire PIs to go dig around in Microsoft's garbage cans to be competitive.
I think the way applications have progressed that it's a lot easier than it was.
Back in my day, it was the command line.
It was Unix.
It was DOS.
It was Windows 3.1.1.
And everything has pretty much gotten easier to use.
And myself, to keep up with technology and especially to do a radio show on the Internet, I had to study the changes in these applications and technology, but I couldn't use a computer to that end.
I was invited to speak on a panel for the Business Software Alliance.
And on this panel, it was CEO of Symantec, Senator Maria Cantwell.
It was people that are well respected in the industry.
So one of the press contacts invited me to the National Press Club because Richard Clark, who is a presidential advisor in cybersecurity, was going to do a talk there.
And he keynoted right before my panel.
So I wanted an opportunity to say hello to Mr. Clark.
So I went to the press club, and lo and behold, Mr. Clark dropped out at the last minute, and guess who substituted in for Mr. Clark?
Well, I'd say basically, look, my hacking career is in the past.
I want to take my knowledge, my experience, and my background, and work in the information security environment to help people protect themselves against, you know, to help them manage their vulnerabilities because that's what security is all about.
And rather than I'm taking the posture, you know, that I'm not going to beat them, that I'm going to join them.
Well, back in my phone freaking days, back in the early 80s, the phone company was so perturbed that they actually, don't forget, I was living with my mom.
You know, she was raising a young kid.
I was like 16 years old.
The phone company actually removed the service for our home for a year.
Yeah, in fact, we just finalized the contract with Wiley and Sons, and the book is going to be, it's tentatively titled The Art of Deception, Exploiting the Human Element.
And what the whole book's going to be about is, you know, what is social engineering?
How does it work?
A lot of stories.
And what the purpose of the book is, at the end of the book, we're going to have a template of security policies and procedures that companies could adopt, take what they need and leave the rest.
And we'll help them minimize their vulnerability with their human element.