All Episodes
Previous Next
March 26, 2005 - Art Bell
02:54:23
Coast to Coast AM with Art Bell - Kevin Mitnick - Real Hacking Stories
| Copy link to current segment

Time Text
🎵 From the high desert and the great American Southwest, I
bid you all good evening, good morning, good afternoon, wherever you may be in the world's time zones.
Every single one of them covered like a great wooly blanket by this program called Coast to Coast AM.
And I am your host throughout the weekend, and I'm honored and privileged to be doing so.
It's going to be an extremely interesting weekend.
We'll see who we can make angry this weekend.
Not at the beginning, though.
Let's first go through a couple of these sort of show things.
Somebody asked me last week how the program gets from here to there, how it gets to your radio, you know, that kind of thing.
Well, the first big, giant step that it takes in that direction is from the uplink facility located here at my house.
In a closet!
So, for those of you who over the years have wondered what sends the signal from here to there, there is an associated parabolic dish outside that receives the signal sent from this stuff that's in my closet.
And it's been there for, I don't know, about a decade or so, and I would imagine if that were to be replaced now, it would be the size of a suitcase or something.
But that is a complete satellite KU band uplink setup thing you're seeing in my closet there, which is where it has resided since the very beginning.
That photograph is on my... on THE website.
I want to promote tomorrow night a little bit.
click on Arts Webcam and there it will be sitting in its closet where if you
don't want to look at it or hear it you can just shut the door it's like it's
not even there. Now I want to promote tomorrow night a little bit. I'm going to
do, it's going to be open lines, so a lot of times a talk show host would like to
launch a discussion in a certain direction for a program and a lot of
times it doesn't work.
In other words, the audience will take it in the direction they want to take it, and that may occur tomorrow night, but I want to talk to you about oil and gas and the price of gas, which is now going up to the point where a lot of people who commute It's not going to be worth their while soon enough to continue that commute.
They're not going to be able to afford it.
We have a crisis ahead of us, directly ahead of us, in energy.
No question about it.
Last week I had Willie Nelson on.
Willie talked about his biodiesel and I just noticed tonight, before I came on the air, CNN headline news ran about I think a two or three or four minute piece, at least, on Willie Nelson's biodiesel showed his vehicles, all the rest of it.
So that's one thing we'll talk about tomorrow night.
I hope that CNN got the idea from the show here last Saturday.
I rather imagine they did.
Good for them.
Now, so tomorrow night, I'm going to want to talk to all of you and have you talk to me about oil.
And about the crisis.
And I've got some facts that I've dug up for the occasion.
And they're pretty bleak facts indeed.
So I'll sort of choose what to, how much reality to give you.
I'll give it all.
I was just talking about that with a group of friends on a hymn radio before I came on here tonight.
Reality.
You know, how much reality the American people really want.
Boy, is that a good question.
How much reality do the American people want, and how much can they take?
In other words, with regard to the energy situation, the honest facts are so bleak that I'm not sure everybody wants to hear them.
So we'll talk about that tomorrow night.
This is a place where you do that kind of thing, where they won't talk about it elsewhere.
We will.
It's an emergency situation.
There was one article I read, which I've got, which I may read part of it, which was something, it was called the Long Emergency.
Well, yeah, it's going to be a long emergency, but the effects of it are being felt already.
Been to the gas station lately?
In a moment, we'll look at world news, and I, you know, maybe I guess, I guess maybe I'll hold that up for a moment, because Even though I want to talk about oil tomorrow night and energy, I have a feeling, if it is still appropriate, the audience is going to want to talk about the Shivo case.
Maybe I'm wrong, but this has been a national traumatic event.
It is currently a nationally traumatic event.
Everybody's traumatized by this case.
I mean really traumatized, honestly traumatized.
The latest would appear to be after another round of losses in the courts, Terry Shavell's parents kept watch over their dying daughter Saturday.
I described, depending on whose lawyer you want to listen to, as being in peace or looking like, you know, a concentration camp person.
Anyway, trying in vain to give her Easter communion as their attorneys acknowledge the fight to reconnect the brain-damaged woman's feeding tube was nearing an end.
They're about ready to give up, I guess.
Attorneys for Bob and Mary Schindler decided not to file another motion with the Federal Appeals Court, essentially ending their effort to persuade the federal judges to intervene, something Allowed only by an extraordinary law passed by Congress.
Meantime they're telling the people that are protesting and standing outside, go home and be with your loved ones.
Pat Buchanan said, in part, Ours is a nation where a judge may not sentence beltway sniper Lee Malvo to death because he's too young to die.
Too young to die.
But can sentence Teri Schiavo to death because she is too severely handicapped to live.
Schiavo continues the process of dying by starvation and dehydration, a method of capital punishment, honestly, that most people would consider criminal, if perpetrated on a pet.
Done to a pet.
Would let a dog or a cat starve to death.
And you know, if a dog or a cat was starving to death, The protests would be incredible.
You know, the animal organizations would all be out like crazy.
And it's not that the pro-lifers are not out on this.
They certainly are.
But they have not prevailed.
Here's somebody who sent me, you know, I've had a million emails on this subject.
I think every talk show host in America has been inundated with this sort of stuff.
This person says, Hey Art, I wonder why the United Nations hasn't said anything, anything at all, concerning the way our justice system is treating Ms.
Schiavo.
I thought they were concerned about human rights.
That's Tim.
This was an interesting one, I thought.
On the morning of 3-305, I told my husband, Art, that something will affect changes in consciousness worldwide.
You told us.
Meaning me.
I believe it was the 5th of March, I did, that the Princeton Consciousness Research Lab eggs had indicated unrest.
Yes.
As she says, obviously it was a prelude to the Terry Schiavo situation.
And I haven't checked.
But I would be willing to bet you that that might be true.
And that the eggs have registered a very great deal in the Schiavo case.
People have been so emotional, so incredibly emotional about this.
Either on one side or the other side, and damn near evenly divided.
It is as divisive an issue as abortion.
Actually, it is the same issue as abortion.
It's a whole life thing, right?
I think That we should have erred on the side of life in this case.
There was no written document.
This is what I told you last week.
No written document did you leave.
And so that's my personal take.
I understand others feel... And then again, I'm a libertarian too.
And I believe in less government, but yet I support the government's intervention.
Unsuccessful, albeit I support that effort.
And I shouldn't normally do so.
I'm not a perfect libertarian.
I'm not really a perfect anything.
I guess I don't fit into any exact description of what I ought to be.
Libertarianism should be, you know, behind the government staying the hell out of this.
So politically I ought to be coming at it from that direction.
But this is a question of life and death.
And I think there should be a written document from the person involved.
And I've got, you know, I've seen what all of you have seen, the assault on the Internet.
I'm sure most of you did not get it to the degree that I have, but I have had all of these supposed testimonies, documents from nurses and things that bring tears to your eyes.
And make you think, and I can't know they're all real, or even whether half of them are real, you know?
And neither can you.
Not unless we were there.
But, you know, people are saying she has spoken.
Her attorneys are suggesting she has said she wanted to live, and others have said, no, it's just a reflexive sound, reflective sound, reflex of a dying brain or something or another.
This has been a trauma for America.
A big trauma for America.
So, the Princeton eggs around here ought to be jumping up and down.
And I don't have the chart to prove it, but I would be willing to bet you that during this Shivo situation, and prior to it in fact, or just prior to it, they have been jumping around.
More in a moment.
The Shivo case absolutely has been a gigantic trauma for America.
I've not seen anything like this in some time.
So my guess is people want to talk about it.
That's usually the case.
Dutch scientists are urgently checking whether perhaps the bird flu virus sweeping the country has now mutated into a dangerous human pathogen after it claimed its first human victim.
A 57-year-old Dutch veterinarian died of pneumonia in the southern city of Den Bosch on Thursday, and the most likely cause, that's in quotes, say investigators, was the bird flu virus.
Concern about the virus has been mounting ever since it became clear that the highly pathogenic avian flu had been ravaging Dutch poultry farms since 28 February.
And it also now, they're suggesting, can infect, you know, go from human to human.
That would be horrible, if true.
Thus far, 82 people with clinical symptoms have tested positive for the bird flu virus.
Doesn't sound like a lot, right?
Nearly all have conjunctivitis, a mild eye infection.
Six people had typical flu-like symptoms.
Worryingly, there has been strong evidence, that's in quotes, that three of these cases did not catch the virus from sick poultry, but from a family member working on infected poultry farms.
So there's still the possibility that it, you know, that it came directly from poultry and not from one human to the next.
When that occurs, believe me, we'll all know about it.
It's going to go around the world as quickly as any flu, and for some reason, the scientists seem convinced, because we get story after story after story about how it's going to jump and become suddenly, you know, infective from human to human.
I don't know how they know that, but they sort of seem to know it.
Speaking of knowing things, the federal government kept it secret for three months, but it does seem that genetically modified corn seed was sold accidentally to some U.S.
farms for, let's see here, four years, and may have gotten into the American food supply.
The accidental use of unapproved seed became public when the scientific journal Nature published a story in blew the whistle on Tuesday.
The corn seed was probably safe, however.
America's food supply and plant and animal stocks were not harmed and remain safe to eat, according to officials of the seed company and the federal government.
However, they decided to keep all of this secret from us.
I wonder if they would have told us.
You know, if suddenly Everything had gone wrong.
What do you all think?
Would they have told us?
Well, we know why everything's going wrong.
It's because, unfortunately, this seed stuff got out.
It's not enough for everybody.
Sheldon Krimsky, a Tufts University environmental policy professor, said it's not acceptable.
He's a longtime foe of genetically modified crops.
He says, quote, They have both a moral and legal obligation to reveal violations, Trimsky said.
This is a government that's operating in a stealth manner that wants to keep bad news from the public.
End quote.
I don't mean to laugh, but you know, this might have been bad news right now.
They've told us now that we know it isn't bad news.
We know, apparently, that it's all right.
But you've got to wonder, if it didn't go right, if it had all gone terribly wrong and people began getting sick, would they have revealed this now?
Well, I sort of doubt it.
So, this professor at Tufts is probably right.
But think how that whole principle applies to the oil and gasoline crisis, for example.
You gotta keep bad news from the American public.
Let me tell you folks, it's really bad news.
What's about to happen with energy in America and the world, actually the world, not just America, is really bad news.
So, I guess that principle carries over, huh?
What do you think?
A 70 million year old Tyrannosaurus rex fossil that they have dug out of a hunk of sandstone has yielded A real bonanza, folks.
Soft tissue.
Soft tissue from a Tyrannosaurus Rex.
How incredible is that?
Not hardened, petrified something or another, but real, honest to God, soft tissue.
Blood vessels, whole cells, pliable, malleable, inside guts of a T-Rex.
Do you know what that means?
Well, potentially a lot of things.
Let me keep reading here.
When they got it into a lab and chemically removed the hard minerals, they found what looked like blood vessels, bone cells, and perhaps even blood cells.
They are transparent.
They're flexible, said Mary Higley Schweitzer of North Carolina State University and Montana State University.
She conducted the study, I guess.
She said the vessels were flexible, and in some cases their contents could be squeezed out.
Squeezed out!
How could it possibly have been kept in that kind of shape for that long?
A preservation of this extent, she said, where you still have this flexibility and transparency, has never before seen in a dinosaur.
So could it mean Jurassic Park?
Well, the $64 billion question, of course, is whether they can get Some sort of genetics from it.
If they get a genetic, a perfect genetic fingerprint of a Tyrannosaurus, you've got to wonder, would they attempt to recreate the Tyrannosaurus?
How would you vote?
If it turns out, because of this wonderfully appliable, soft, fresh, gutsy material of a T-Rex, I wonder how all of you would vote.
If we could create a T-Rex, should we create a T-Rex?
And we may be on the horns of that dilemma.
We may have the goods.
Down in Florida, something not so good is happening.
Seven children have contracted a life-threatening kidney infection.
Health officials are very concerned, and apparently because they have gone to a petting zoo.
Five of the seven were hospitalized in critical condition, including one on dialysis, according to the Orlando Central.
And again, these children only went and petted some animals!
Yikes!
So, I guess you better be careful.
This could turn out to be something else, but they were just petting the animals, and they've come down with this.
This is a fascinating story.
I don't think I'm going to have time for it.
Mary and Fife and her family never thought they'd see their three-year-old cat Kane again.
But when the Movers were at the Fife's Iroquois Point home December 15th, Kane was nowhere to be found.
The Fife's thought that Kane might have run out of the house.
He's an indoor cat.
But the Movers had left all the doors of the Albatross Avenue home open.
Well, you know cats, right?
They like to hide in stuff, and they particularly like a dresser drawer.
Well, Kane figured out how to open drawers, I guess.
But, unfortunately, the movers, in this case, remember this family was moving, taped all the drawers shut.
So, of course, They missed their cat before they moved and they called and they called in the night and they went out and they called this poor little cat, Cain, and Cain did not come back.
Cain appeared lost forever.
But I think you know where Cain is.
Tell you all about it in a moment.
The rest of the story, as Paul would say.
From the high desert, where once again there is rain forecast, About 20 miles here from Death Valley, home of the new Redwood Forest.
Soon, if this keeps up, this is Coast to Coast AM.
I'm Lamar Bell.
Riders on the storm Riders on the storm
Into this house we're born Into this world we're thrown
You've let your mind That's over down the road
Come bring me down No, no, no, no, no
Good Lord I'll tell you what's wrong
Before I hear the call Come bring me down
You're always talking About your crazy nights
I love it when you're Going to get it right
Come bring me down No, no, no, no, no
Good Lord I'll tell you what's wrong
Before I get off the road Come bring me down
Come bring me down When the night is young.
Oh You're looking good, just like a stick in the grass.
You're looking good, just like a stick in the grass What are these days you're gonna break and blast?
Alright everybody, listen very carefully.
The phone numbers, the magic numbers to join us on the air are a little different during the weekend.
And here they are.
To talk with Art Bell, call the wildcard line at area code 775-727-1295.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033.
from east of the Rockies, call toll free at 800-825-5033.
From west of the Rockies, call 800-618-8255. International callers may rechart by calling
your in-country Sprint Access number, pressing option 5, and dialing toll free, 800-893-0903.
From coast to coast, and worldwide on the Internet, this is Coast to Coast AM, with Art Bell.
All right, in a moment, we'll do the rest of the cane, the cat story, and then dive into the phone lines.
stay right there.
Alright, let's continue with Kane the Cat.
and subscribe to our channel.
Now, again, Cain's family lived in the islands.
You know why?
Cain liked drawers.
Remember all of this?
Well, Cain went missing.
The Fife's, who owned Cain, stayed, or were You know, part of the family.
Stayed in the Iroquois Point home five more days.
Five more days waiting out on Olanai every night for Cain to possibly return.
The day before they moved into a hotel, Marianne and her 18-year-old daughter drove around the neighborhood looking for Cain.
She was crying, calling out his name, Marianne said.
Marianne gave the neighbors and maintenance workers her number and said, you know, call if you see Cain, call.
And the family left Hawaii on December 26th without Cain.
Very sad.
The Fives settled in Crofton, Kentucky.
That's a long ways away.
And their household items arrived January 27th.
Just in case Kane had been packed with the furniture, Larry Fives sent his wife and daughter away from the house before the movers arrived.
You know, expecting to find the worst, of course.
When the movers unloaded the dresser, there was indeed a foul odor.
Larry thought the worst was about to be realized.
But when he opened the dresser, Cain was in one of the drawers, staring back at him, meowing.
He called Marianne with the news.
He said, you're not going to believe this.
The cat's alive.
Marianne was driving around with her daughter.
I told her she was jumping up and down.
She was crying.
I was crying.
We were all hyperventilating.
Cain had weighed 13 and a half pounds in Hawaii.
When he arrived in Crofton, after 44 days inside the dresser, he weighed less than 3 pounds.
But Kane's alive.
Of course, got him water right away, took him to an animal clinic, stayed overnight there, was released the following day.
No liver or kidney damage.
It's a miracle.
Up to eleven and a half pounds right now, and definitely charged one of his cat lives.
So there you have it.
That's the story of Cain.
Forty-four days without food or water.
Forty-four days without food or water.
Boy, we wouldn't do that to an animal, would we?
We wouldn't do that to a dog or a cat.
We wouldn't starve them to death, would we?
First time caller line.
You're on the air.
Hello.
Hey, it's Art.
Yes.
Hey, this is Mike from Syracuse.
Hello, Mike.
Big fan, man.
Yeah, I had a story about Hellbot there.
Hellbot, the comet.
Yeah.
What do you remember about the Hellbot comet?
Everything.
Everything?
Yeah, everything.
I got a crazy story.
It was a while ago.
I worked in a high security area.
You know, I was a janitor there.
I didn't do anything important, but they smoked my cigarette.
A high security area of what?
I don't know if I should really say it.
Well, don't give me the name of a business or something like that.
Is that what it is?
The government.
Oh, well, that's a business.
Well, there was a bunch of people in there.
It wasn't just one thing.
You know, Army, Air Force, and a whole lot.
I think I get the picture.
And so, out on coffee breaks, you overheard things.
Well, you know, you start talking, you're smoking cigarettes, you know.
One thing leads to another, and you know, you're talking.
Yes.
You know, they would never say, you know, oh, we got this, that, care of this.
You know, just little things pop out here and there.
Well, so what did you learn?
What's that?
What did you learn?
Um, well this one thing in particular, I was reading the newspaper, and um, it was about those Havonsky people, and I was laughing and making jokes, you know, and this one guy, he was uh, it's like, do you know why they, what their, the whole deal was, um, why they thought the aliens were coming back and all that.
They thought something trailed the comet.
Yeah, and I, and I decided I had no idea, and he's like, come in my office, I want to show you something.
And?
And he showed me this picture, and it had this comma, and there was five spears behind it.
And I was like, wow, wouldn't they think, you know, that's pretty cool.
He's like, we took this in 1959.
I don't know.
He said, in 1959?
And he's like, yeah.
He goes, but, you know, here's the kicker.
I want you to look at this.
And he had it on the NAS website.
And there was a picture of the front of it.
And he said that, um, As the comet comes through, he goes, check this out, the Hubble telescope is taking pictures, but just as the comet, we're about to find out what's really behind that, you know, the million dollar question.
Oh, the Hubble failed, yes.
I recall very well, yes.
Yeah, I was like, why?
As the comet was leaving, and we were able to, I remember they said they were going to get absolutely wonderful photographs of the comet as it was leaving.
There was, in fact, a very mysterious failure of the Hubble at exactly that time, and so they couldn't do it.
One of the greatest, by magnitude, events of that sort, and probably in our lifetimes, right?
And they had the Hubble all set to go, and it failed.
I remember that.
Juan Cortland, you're on the air.
Hi.
Hello.
Hello.
I didn't realize it was my turn.
It's not your turn.
This is Jerry.
I drive a truck for a living.
I'm just a little bit south of Flagstaff.
Yes, sir.
I thought I'd present an interesting scenario just on this Shrivell case down there in Florida.
The Shrivell case, of course.
Following the money, it appears to me that there's three groups that are just really accountability for keeping this gal alive
uh... who's gonna pay the cost the government or you know
and keep in mind that match out of these is hanging on the horizon out there
i'm not sure what that has to do with this but well uh...
if they're if they're at their home their brains are eat up
you know got holes in them and they're they're non-repairable
yet uh...
Oh, I see.
You're a precedent-setter now.
There's a huge influx hanging on the horizon, and I think that's what, really, the bus is about.
I got it.
And the government don't want to take care of the hospitals.
You know, it'd bankrupt them, the insurance companies.
I think there's a manic scramble.
All right, listen, sir, hold on.
You're breaking up on your cell phone.
I definitely have the idea.
He's suggesting that we're establishing a precedent here.
And that if something like Mad Cow Disease should come along, then perhaps the Chavo case established law would apply to millions and millions of people affected by CJB.
Hmm.
There is an angle I have not considered, I must confess.
Well, would it apply to people with Alzheimer's?
Where would we draw the line?
How much memory and consciousness do you have to display before you might not be lumped in with some sort of thing that comes out of this newly established law?
It is sort of newly established law, isn't it?
In a lot of different ways.
In terms of the intervention of the federal government, in terms of what they've not been willing to listen to.
You know, some of this stuff, I must admit, I have no way of knowing.
In fact, we're going to talk about the Internet tonight.
We're having, just for a lighter break here, Kevin Mitnick will be fun.
Kevin is one of the, you know, famous hackers, most famous hackers in all the world.
On the website it says, the most celebrated hacker in the world, Kevin Mitnick.
I added the world.
I wonder if that's the right word to use for a hacker.
Celebrated hacker.
Celebrated?
Infamous, perhaps?
I don't know if any... Well, maybe he is celebrated, in a way.
We'll find out tonight.
We'll ask him all about it.
He's a fascinating guy.
He got in so much trouble.
Kevin got in so much trouble hacking.
At any rate, I'll tell you what, let's continue.
East of the Rockies, you're on the air.
Hi.
Hi, Art.
Hello.
Yes, this is Emily from Milwaukee calling.
Good morning, Emily.
Yes, happy Easter to you in Ramona.
Thank you.
And may the Easter Bunny bring you many unidentified flying Easter eggs.
You know, I was thinking about this Terri Schiavo thing.
I saw some Fox Update before your show came on.
I guess that they're even talking about now that Terri Schiavo may not even be able to be buried by her family.
That Michael Schiavo is going to take full control over even her burial.
Well, I understood that he had wanted a cremation, is that correct?
Absolutely, absolutely.
And that the dignity would not even be for the family, that she would not even be able to go to where Terri Schiavo's parents would be buried.
And the man is not married, has the two kids.
And also, you know, you look at it, the judicial tyranny that's happening.
You know, through all this, you've got to wonder, why didn't he just divorce her?
Absolutely.
So, you know, could money have anything to do with this?
It could very well have had something because of course the 1.5 million dollars that he did receive initially for the suit, as she did have that accident, that fatal accident.
Is that what the settlement was?
One and a half mil?
One and a half mil.
And there was very little rehab.
Very little rehab that would possibly, possibly have gotten her... I know, although I must admit, and maybe you should too, look, I've read all the internet stuff.
Who the hell knows what you can believe and what you can't believe?
It's one of the complaints I have about the internet.
If I were to believe, I don't know, a third of what I've read on the Schiavo case, I'd probably be over there out in front of the street myself protesting.
I just don't know what to believe.
On the internet anymore, how can you know what to believe?
Even off the internet, even if you go and you read the headlines, you know, according to one lawyer, it's one thing, according to another lawyer, it's a peaceful, quiet death.
And people are, my God, this is emotional.
Saying, well, I say, if it's so peaceful and quiet, then let in a camera and we'll see how peaceful and quiet a death it really is.
We don't starve dogs and cats to death.
God!
Really traumatic.
This is really traumatic.
For all of America.
Not just Terry Schiavo's.
This has really put a dent in the American psyche.
And I hope we come out of it okay.
West of the Rockies, you're on the air.
Hello.
Hi, Art?
Yes?
This is Dina.
I'm calling you from Tucson.
Yes, ma'am.
It is a pleasure to finally talk to you, sir.
Glad to have you.
I'm also calling about Terri Schiavo.
I'm really broken-hearted by this whole thing.
One of the things that I was thinking, and maybe this is just a stupid question, but I wondered why, apparently she is able to swallow?
Is that right?
I guess.
Why don't they put a glass of water in front of her and see, you know, if she swallows the water?
I mean, wouldn't that show, with the judges sitting there, you know, wouldn't that show that she wanted to live?
That she did not want to starve?
I don't know.
It's gone further than that.
It's, you know, one of the lawyers claims to have heard her saying, you know, something like, I want to live.
Yeah, yeah, yeah, yeah.
But, I mean, why don't they do a test?
Where it's, you know, something she is able to do and, you know, is able to answer basically by swallowing water or not.
You know, whether she wants to take water into her body or not.
That was one thing I was just wondering.
And another thing is the whole thing that just really sits wrong with me is this vow that Jerry took, or said to Michael, supposedly.
Yes.
It is so, so, so important to him, and yet his marital vows are obviously of little or no significance.
And that he's living with another woman and all that.
Right.
You know, God, I don't know what to say about all this.
Except that it's been just incredibly traumatic.
I don't think, since the fiery days of Roe vs. Wade, that we've had it this rough.
And this is precedent-setting.
It is precedent-setting.
I mean, in a way, that caller was right, right?
If some disease came along, essentially mentally disabled people, to some certain degree, would this case then have precedent, and would we start starving people to death?
And then there's one last thing.
Again, with all of these internet things that are floating around, and I certainly don't know what to give credence to, but there is a lot.
Shouldn't the courts be reviewing some of these statements and stuff if they really are true from the nurses and all that?
And what's the rush?
Yeah, I know, all these years, but now all of this, because of the national brouhaha, all of this Stuff ought to be examined by somebody, shouldn't it?
Shouldn't some judge actually look at it?
I mean, they're to the stage where they're rejecting even looking at the evidence.
They don't want to see it?
Don't show us!
We've made our rulings!
That's it!
But if she's really brain-dead, like they say, then waiting a little while longer to investigate this stuff, who's it gonna hurt?
Who's it gonna hurt?
To examine some of the allegations that have been made, Might take, I don't know, how much of a court's time, but in terms of the significance to America and the precedent setting that's going on here, why would it hurt to wait a little bit?
If she's really brain dead, it's not going to hurt her at all, right?
But I mean, what if there is something to some of this stuff?
Wouldn't hurt to wait.
First time caller line, you're on the air with a lot of noise there.
Hello, Art.
How are you tonight?
I'm alright.
This is Terry from Montezuma, Georgia.
Yes, ma'am.
I want to ask you... Wait a minute.
How's the weather there?
I heard there was, like, tornado warnings and everything.
Yes, sir.
It's pretty bad down there right now.
So, I'm headed that way.
I drive a truck.
I'm over here on 47 South in Illinois.
Oh, okay.
You're not near home then, are you?
No, but my family tells me that it's pretty bad down there right now.
Yeah, I can hear the Georgia in you.
Anyway, what's up?
Uh, do you remember that movie Soylent Green?
Yes.
I feel like if they let Terry die, that's gonna happen to us.
That's gonna open the door for so much, you know, so many different things to happen now.
It might.
I mean, the caller who called earlier, I couldn't figure out where it was going at first, and then it dawned on me like a brick hitting my head.
Of course, if a lot of people became mentally disabled, oh well, we'd have a precedent, wouldn't we?
Uh-huh.
I know, and I thought about that movie with all this.
This is really upsetting me.
I can't believe we're letting this happen.
I guess I can't either.
Hey, you have a good night.
I really appreciate you talking to me.
I enjoy your show.
Take care.
That's it.
I can't believe it's happening either.
I really can't.
Take what I said, Tellheart.
Why?
Does it matter?
Why would it matter if she's really brain-dead to stop and examine some of these incredible allegations?
You know, some of them are supposedly signed affidavits, that kind of stuff.
If it's really there, that stuff is real, then that really does bear examination, because once she's gone, then that's that, isn't it?
Wow, Caroline, you're on the air.
Hello.
Hi there.
This is Robert from Washington, D.C., and I guess you would call me a former contemporary of Mr. Mitnick's.
We know a lot of the same people.
Oh, really?
Well, he's about to be on, and this hour is drawing to a close, so very quickly, what's up?
I know some people who were present when he was arrested in North Carolina, and at the When they closed the door on him, he said, uh, Turn your radio off.
No matter what happens, I'm a patriot.
Yes, turn your radio off, please.
All the way off.
Yes, he's a patriot, I'm sure he is.
No, no, he made the statement, no matter what happens, remember I'm a patriot.
And no one ever explained what that meant.
And my question is, uh, I'd be interested if he would either explain what that meant and also explain whether he had ever been contacted by foreign intelligence agencies, for example, the Israelis, in the context of, uh, hacking activities.
I will absolutely ask him that.
Thank you very much, sir.
So when he was arrested, he allegedly said, no matter what happens, remember, I'm a patriot?
That was told to me by one of the FBI agents who was participating in the arrest.
I appreciate your call, sir.
Thank you.
Thank you.
A comrade in arms.
In arms.
Coming up in a moment, folks, the person in question himself, Kevin Mitnick.
is described as the most celebrated hacker, I'll add, in the world.
From the high desert in the middle of the night, indeed, it's alive.
It's alive, it's alive, it's alive, it's alive, it's alive, it's alive.
All I want's the love you promised beneath the haloed moon.
But you think I should be happy with your money and your name,
And hide myself in sorrow while you play your cheating game.
Silver threads and golden needles cannot mend this heart of mine.
And I dare not drown my sorrow in the warm water white.
But you think I should be happy with your money and your name.
And hide myself in sorrow while you play your cheatin' game.
To talk with Art Bell, call the wildcard line at area code 775-727-1295.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033.
From west of the Rockies, call Art at 800-618-8255.
line is area code 775-727-1222. To talk with Art Bell from east of the Rockies, call toll-free
at 800-825-5033. From west of the Rockies, call Art at 800-618-8255.
International callers may reach Art Bell by calling your in-country Sprint Access
number, pressing Option 5, and dialing toll-free 800-893-0903. From coast to coast and
worldwide on the Internet, call Art Bell. This is Coast to Coast AM with Art Bell. It is,
and in a moment, the world's most celebrated hacker, Kevin Metnick. That's what it is.
He's quite a guy, and in a moment we'll try to find out why he's so celebrated.
Kevin Mitnick directly ahead.
Kevin Mitnick is a security consultant to corporations worldwide.
He's co-founder of Defensive Thinking, a Los Angeles-based consulting firm, DefensiveThinking.com.
He has testified before the Senate Committee on Governmental Affairs on the need for legislation to ensure the security of the government's information systems.
His articles have appeared in major news magazines and trade journals.
He's appeared on Court TV.
I bet.
Good Morning America, 60 Minutes, CNN's Burden of Proof and Headline News.
Kevin has been a keynote speaker as well at numerous industry events and in fact has hosted his own weekly radio program on KFI 640 in Los Angeles.
The 50,000 watt torch in LA, here is Kevin Mitnick.
Kevin, welcome to the program.
Good evening, Art.
Great to be on your show again.
You're down in L.A.
somewhere, right?
In Santa Monica.
Santa Monica, alright.
Not everybody thinks you're celebrated.
They use, on our website, we have the world's most celebrated hacker.
I didn't write that copy.
Oh, I know.
I'm sure someone else did.
Anyway, Roy from North Little Rock, Arkansas, he read that and he said, What gives this thief the right to be on your show?
Hackers are the lowest form of criminal, along with capital offenders.
If I had my way, he'd still be in prison, doing hard labor, and he'd never get out!
Okay.
Got the ultra-conservative listener, huh?
Yes, well, um, so, uh, celebrated.
You would probably not have used that term.
I mean, you don't get off an airplane with adoring crowds going, Kevin!
Right?
No, but I do get recognized a lot, and it's by people that look to me in a favorable way.
I was just in New York.
I just actually flew in from New York yesterday, and I was actually walking in Manhattan, and this guy walked by me.
He goes, oh, hey, Mitnick.
And I took a double take.
I go, huh?
And he goes, yeah, I know all about you, blah, blah, blah, blah, blah.
And it was kind of strange being recognized right on the street, especially in Manhattan.
Well, there's a book now, right?
The Art of Intrusion, Kevin Mitnick.
Oh, it's a good-looking cover, too, all black and red and very shocky.
Yeah, the publisher did a good job at the design of the cover.
I really like it.
Yeah, it's really nice.
So that's your The Art of Deception.
So this is your new...
The second book, the first one was The Art of Deception.
Yeah, I was reading the back here, where it talks about the art.
Actually, you talk a lot about The Art of Deception.
We're going to talk about that tonight, right?
The Art of Deception?
Sure, sure, absolutely.
The reason that I chose the titles The Art of is really paying tribute to the book The Art of War, one of my favorites, by Sun Tzu.
Alright, listen, I promised a caller that I would ask you something.
The caller said that when you were arrested, you made some statement kind of like, no matter what happens, have it be remembered that I'm a patriot.
Did you say that when you were arrested?
I don't recall saying that.
Maybe I did.
This was over a decade ago.
I remember at the time that the government had and eat about that i had uh... hacked into
uh... like uh... computers at the cia and uh... some very sensitive
secret computers which never did happen so that i was uh... i was always afraid
that they would try to argue this in the court of public opinion of course
uh... they didn't do it and uh... i was never charged with the norreston or
convicted of it but i was uh... was always afraid that they would have
so you might have said something like that I might have.
I remember it was kind of interesting because when I was in North Carolina, I was initially arrested around Valentine's Day of 1995.
Yeah, we should be clear.
The audience should be clear on what you did and how you got arrested.
So, yeah, you've told it a million times, but a lot of people, you know, tonight will not have heard.
So let's tell it.
Sure.
Well, since I was a young kid, I was fascinated with CB radios and then went into amateur radio.
Then I got into a hobby called phone freaking, which was kind of like hacking the phone system.
It was like exploring the telephone network.
You hear of things called blue boxes.
I didn't actually directly work with blue boxes.
My interest was learning about switching and stuff like this.
And then when the phone company went computerized, because at the time I started this, it was electromechanical switching, when they went to ESS, that's when I became interested in computers.
I took a class in high school, and one of the first programs that you learn to write, or one of the first assignments was finding the first hundred Fibonacci numbers.
But I was really a prankster as a kid.
I loved magic, and I loved fooling my friends and family.
Stop.
The first what numbers?
Fibonacci.
One of those?
I don't even recall.
It's been so long.
Basically, it's just a mathematical calculation.
I could look into Google, but I don't even recall what the Fibonacci numbers are.
But anyway, so in any way, what I did is instead of writing that program, I wrote a program that would actually grab the teacher's password.
It was kind of like to pull a prank on him.
When he'd go to sign on to the computer, Uh, it would appear as he was signing on to the computer, but it was actually running, it was actually running a program, so he was signing on to my program, and the program would take his username and password, it would store it in a file, and then it would log him on to the computer, and, and he, and he, at first he couldn't believe, you know, how, how, how was Kevin getting all this?
You know, how was he getting this?
And it became like this cat-mouse, you know, pranksterism game between my teacher and myself, and eventually, you know, after I told him, He gave me an A for the program, actually gave me a lot of attaboy.
He was actually impressed.
So actually when I was in high school, the ethics of computer hacking at the time is you were patted on the back and you were encouraged to do this type of stuff, unlike today, where you can get into a lot of trouble.
So there really was once that atmosphere where you were celebrated?
You got into my computer, you did me in, by God you get an A!
Oh yeah, like if you came up with clever, innovative stuff like back in the 70s, you're actually rewarded for this stuff.
You're given a lot of attaboys, unlike you do this today, you probably end up expelled from school.
So in any event, in fact, most of the security professionals today, 95% of them were hackers in the past.
But in any event, what had happened, to make a long story short, is I was really interested in becoming the best at circumventing security vulnerabilities.
And I made some regrettable and stupid decisions, and I targeted the source code, and the source code is like the original programming instructions.
Of what?
Of certain operating systems, like Solaris and SunOS that was developed by Sun Microsystems, VMS that was developed by DEC, and I Moved a copy of the source code to some computers over at USC in Los Angeles so I could scour through the code to look for holes or vulnerabilities that have been patched and some that might have not been identified by the developers.
What do you think would happen to you in China if you did something like that?
You'd probably get the death penalty in China for anything these days.
Absolutely.
They would pull it straight into your head.
Stole the source code, That'd be it.
Yeah, so that's what I did.
So what I did is I stole the copy of the source code for different operating systems and cell phones for the purpose of identifying vulnerabilities, and then that's what led me into a lot of hot water.
And then because of... I had a case in 1988 where a federal prosecutor had told a judge that I could start a nuclear war by simply whistling into the telephone.
I think the guy was watching too many reruns of war games.
Perhaps so.
And what ended up happening is then I was afraid that the government was going to really exaggerate my case, and I was going to be held in solitary confinement for years.
So then I ran, and I became a fugitive.
How long were you a fugitive?
For about three years.
Three years?
And the time I was a fugitive, I adopted new identities, and I worked in a law firm as a system administrator.
Really?
Yeah.
And in fact, the name that I worked under at the law firm was Eric Weiss.
Do you know who Eric Weiss is in real life?
I do not.
That's the real name of famous magician Harry Houdini.
So I had a sense of humor, right?
But I quickly learned that the FBI had no sense of humor.
No sense of humor.
So what ended up happening, I was moving around the country, and then I worked at a hospital in the IT department in Seattle, and then I moved to Raleigh, North Carolina.
And what's it like being, I mean, knowing the FBI is after you, knowing that you blow your cover and you're going to prison.
And for three years like that, what's that like?
Well, I treated it as if I was running from the law.
I had, in my mindset, in my mind's eye, I treated it as if I was living an adventure or as if I was just like an undercover covert type agent.
You know, living under a cover identity.
And how old were you at the time?
Mid-twenties.
Mid-twenties.
Man, what a life.
Fortunately, that portion of my life's over.
Okay, let's be clear, though.
You never actually compromised the security of the United States government?
You never went into CIA or the FBI or any government agency?
It never wrote worms and viruses, never hacked into government computers.
My crimes were, you know, stealing source code, even though my purpose was to look for vulnerabilities, it still was theft nonetheless.
Well, you must have had a... Did you have any goal?
Yeah, my goal was to become the best at circumventing security.
The best at knowing all the holes that other people did not know of.
Gotcha.
And by having the source code, you would know all the holes.
Well, all the ones that I could possibly identify.
Don't forget, you could have the blueprint right there and some could be so obscure or difficult to identify that, you know, I might not see it.
But it's kind of like the blueprint.
It's like the secret recipe to the Orange Julius.
And what's strange these days is a lot of the source code, except for like Microsoft Windows, which I wasn't interested in at the time, you know, it's pretty much one open source.
So now anybody can get the source for free.
Well, there's so many holes in a lot of what Microsoft, of course, they've been, my God, I think I have actually more patches for my operating system than I do megabytes of operating system.
Well, I'm serious.
You ought to see the patch.
You know, when you do a defrag, you can see it.
You can see all the patches down there.
My God, it's bigger than the operating system!
So, there must be a lot of holes in Microsoft stuff.
Has that code ever, ever, been stolen or I mean is anybody, otherwise how do they know about all these codes or back doors and you know secret ways to get in?
Oh yeah, Microsoft in fact, you know, several months ago some of their source code was released onto the internet.
Really?
In fact, yeah, parts of Windows 2000 and Windows XP.
Really?
Yeah, stolen from Microsoft and what apparently had happened is Microsoft licenses Portions of the source code to vendors that develop, you know, products that work for Windows.
Sure.
And the perpetrator broke into one of those companies and released the source code on the Internet.
In fact, somebody was, I guess, crazy enough to actually take that source code that was distributed over the Internet and sell it on his website.
And then the guy was, you know, obviously arrested and I don't know whatever happened to him.
But the source code of Microsoft's been out there.
The reason that... This was the entire?
Portions, you said?
Just portions?
Portions, yeah.
Like the XP and XAMPP?
Like Internet Explorer.
Oh.
And Internet Explorer is riddled with security vulnerabilities.
That's why a lot of people, I think even Gartner, advised people to switch to Firefox, a different browser, because what happens if your Browser, your Internet Explorer browser is vulnerable.
If you are persuaded or influenced to go to a particular website, or somebody sends you an email with a hyperlink and you click on it, and you go to a website that has certain code to exploit that vulnerability, the bad guy could take complete control over your computer.
By simply installing software, like a common piece of software would be like a keystroke logger, Or a piece of spyware that monitors everything you do on your computer.
No, let's stop.
A keystroke logger means that every key you hit, whether you're typing an email or doing anything else on your computer, is preserved and transmitted to somebody else.
Yes?
Absolutely.
It's like a wiretap.
So every keystroke you do, if you're an AOL instant messenger, if you're sending an email, signing on to your online bank, every keystroke you type is simply captured in its email to Uh, a drop, uh, email address, a dead drop, as they call it.
And, uh, you know, it could be a free Yahoo or Hotmail account or Gmail account.
All right.
Would you differentiate for me, please?
Somebody, uh, Harold sends an email that says, Hey, Art, I've noticed just about everything on the web nowadays installs what's called a data miner to slow down our computers by running in the background, even logging, uh, offline.
Some are even breaking my Attaware remover that is hardened against such attacks.
I wonder, is there ever going to be a cure?
Now, is a data miner like a key?
Well, what I think he's speaking to is software that is considered a type of spyware, but it basically monitors, you know, what websites you're going to, you know, so they could, like, send you marketing materials.
I assume that's what he's talking about.
Is that what most of these data miners are?
Well, what I look at as a data miner is basically going out and getting particular data and sticking it into a database.
And what software you get to be talking about is that's stealthily installed on your machine to send some intelligence back to some central point.
The ones that I know about that exist are for advertising and marketing, and those do exist.
Well, I've had zillions of them, Kevin.
You know, I use the removal programs, and every time you use the removal programs, it finds tons of them.
Yeah, that's AdAware.
Yeah, AdAware, or something like that.
The bot stuff, whatever.
You know, different removal programs.
But man, there's a ton of it in there.
So, it's usually just, what, for advertising?
To figure out what you're interested in?
Is it that, you know?
Yeah, where you're going on the internet, basically.
You know, looking at your cookies, basically, you've heard of DoubleClick, which a lot of these e-commerce sites are affiliates.
So basically, through cookies, they can kind of keep track to what sites that you visit on the Internet and report that data back so they could target you for marketing.
You know, it's just like if you go to Amazon and you start clicking on computer books, And Amazon remembers by storing a cookie of what your interests were.
So when you go back on to their site and do some shopping, it's going to... Oh, no kidding.
It puts up ads that are relevant to you?
Exactly.
How cool is that?
Exactly.
They're trying to make this cross platform.
So you imagine you're at Amazon.com and you eventually end up one day in Barnes and Noble.com or whatever.
You know, maybe they can now do direct marketing towards you.
Wow.
Offer marketing and advertising.
Well, that's fairly mundane.
I mean, that's not too bad, but you also have the feeling that these data miners or keystroke things or whatever could be a lot more malignant in their intent.
Oh, certainly.
I mean, the Adware, while people don't appreciate being tracked, you know, for privacy purposes, the most insidious type of software is the real spyware, which monitors what you're doing in fact there was a sky
in new york who went to all the different kinko copier uh...
establishment that new york in installed keystroke loggers of all those computers so
anyone that would use their online banking or sign on the
sensitive uh... email from kinko's uh... all all all their communications were
essentially another keystrokes
were uh... were monitored by the bad guy eventually got caught because what he was doing this was
for identity theft uh... boy
yeah fortunately got caught but you have to think about what all the uh... what about those what about all the
other guys are doing the Anytime you go up to an internet kiosk, anytime you go to a Kinko's, or anywhere where you're not using a computer that you can trust, you could be easily monitored and people don't even think about that.
Well, I want to ask a lot about that.
I mean, I see advertisements on TV for shredders.
You know, so you can take your personal documents and shred them and nobody can go through your garbage and steal your identity.
The question is, how easy is it to steal your identity from, by hacking, by hacking into somebody's computer?
Is it easy or is it hard?
Well, usually that's not how it's done.
Usually the bad guys are able to get like certain non-public personal identifying information like your Your mother's maiden name or your social security number.
And people think these pieces of information are private, but anybody with an internet connection and a credit card could easily obtain these details and then become you.
Those are very important details.
Kevin, hold on.
We're at the bottom of the hour.
When you call Social Security, talk about Social Security.
They want to know your mother's maiden name and a couple other things and then they know it's you.
Aboomba, Aboomba, Aboomba, Aboomba We feel so bad when we are alone. Aboomba, can you feel my
heartbeat in this country?
Do you know that the heart of this country lies in...
The heart of this country lies in...
Be it sight, sound, smell or touch, there's something inside that we need so much.
The sight of a touch or the scent of a sound or the strength of an oak when it's deep in the ground.
The wonder of flowers to be covered and then to burst up through tarmac to the sun again.
Or to fly to the sun without burning a wing.
To lie in a meadow and hear the grass sing, to have all these things in our memory stored and to use them to help
us to fly.
Yeah!
Bye!
But now she's gone, take this place, on this trip, just for me
Oh, take a picture To talk with Art Bell, call the wildcard line at area code 775-727-1295.
The first time caller line is area code 775-727-1222.
To talk with Art Bell, call the wildcard line at area code 775-727-1295.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east to the Rockies, call toll free 800-825-5033.
from west of the rockies call eight hundred six one eight eight two five
five international callers may reach our fight for your in-country
sprint access number pressing option five and dialing toll-free eight
hundred eight nine three zero nine zero three
from coast to coast and worldwide on the internet this is coast to coast a m with art bell it is my guest kevin
mitnick now when you steal a company's source code and then you pass it
around on the internet you are
toying with the force I mean, you really are toying with the force.
Messing with the force.
In other words, these very large companies with millions of dollars invested in this software, and when you get it and look for vulnerabilities and go after it, you're definitely tampering with the force.
And that force has a lot of money, and that force knows the FBI real well, and they go after you, and in Kevin's case, they caught him.
The story is kind of what happened afterwards.
**thunder** Everyone...
**music** Once again, Kevin Mitnick.
Kevin, do you think most corporations have an attitude that those hackers that don't kill you make you stronger?
The hackers that you don't kill will make you stronger?
Well, the hackers that don't kill you will make you stronger.
In other words, if you don't completely slaughter them by stealing their source code and finding all their vulnerabilities, and in the end, I mean, even though you go to prison and they want you tortured and killed, maybe, since you're not and you do get out of prison, then they want to employ you to help protect, right?
Yeah, that happens in some cases.
Making them stronger!
Right.
But not in all cases.
Usually, Usually, well, they won't hire you directly.
Usually they'll set up a Chinese wall, so they'll bring you up as a contractor, but usually they won't do it as an employee.
But it usually comes to the same result.
Yeah.
Yeah, in other words, you're showing, you are making them stronger, in effect.
You're voluntarily or in their employ attacking their software, trying to find where others might get them.
Yeah, and today that's a big market.
I mean, today there's a lot of companies that are paying for vulnerability researchers.
Well, otherwise known as hackers that have come into the main world.
Listen, ID theft, that is a big concern to me, and I know a fair amount about my computers.
I've got, I don't know, too many of them, about 13 or 14, for my business and so forth.
So I know a fair amount, but I know enough to know how much I don't know.
And so only somebody like you can tell me how much danger I'm really in.
Well, usually, with respect to identity theft, If your computer is vulnerable and a bad guy breaks in, of course, you might have certain data on there that might help them.
But usually, the people you have to be concerned about are looking for many pieces of information on many different people.
So they're going to target databases like, for example, in the recent news, I don't know if you heard about this, ChoicePoint, which is a company that sells non-public personal identifying information, was essentially hacked.
LexisNexis apparently had some problems too.
And this is where the bad guys get hundreds, thousands, tens of thousands of social security numbers matched with names, with addresses, dates of birth, and so on.
And this is where the serious problem exists.
And because in America, our system is broken, to essentially become somebody else, all you need to know is certain key pieces of information.
To get a birth certificate, to get a certified copy of a birth certificate, all the requester has to know is the person's full name, date of birth, place of birth, mother's name, father's name.
Then the bad guy gets a copy of the birth certificate, and they can essentially become you.
I mean, it's a real simple process, and that's because of how the system with identity works here in America.
No, you're absolutely right, and I've seen all the ads on TV.
How widespread is it?
How likely is anybody out there to get Their IDs stolen, and then their money spent, or whatever else.
Well, it's highly likely, but these people, since they're targeting so many people, not just one, two, three, ten, what they're doing is they're basically doing it based on information, you know, and if they have certain pieces of information about you, they can simply go online and apply for credit.
You get an extension of credit in your name.
There's even been cases where people open up a mortgage in your name, and all it is is They need to know certain key pieces of information about you.
Like, for example, I can give you a website now.
No, don't.
Listen, you're already scaring the hell out of me.
Every day I get no less than about 20 messages that say, You've been approved for a $60,000 mortgage!
Or something just like that.
Yeah, I get those all the time, too.
But that's not what you're talking about, is it?
No, not the spam.
We're talking about, you know, information and I mean, and why I give this information out, like what I was going to give you, I won't give the site unless you want me to, but there are certain sites out there that have birth records, like for Kentucky, Texas, and California, and on every birth record is obviously the mother's maiden name, so anyone on the internet, for free, can go look up anybody's mother's maiden name, like in California.
Alright, if you say you get that, and obviously you can get that, with that, what can you do?
Well, I wonder how many of your listeners Use their mother's maiden name to protect their bank account.
Every time I call my credit card company or my financial institution, the first thing they ask me for is, what's your mother's maiden name?
Absolutely correct.
And why this needs to be out there in the public, why people need to know about these websites, is so they'll be encouraged to contact their financial institution immediately and change the mother's maiden name or set a password because People are relying on protecting very sensitive information, like access to the bank account, based on information that's readily available on the internet.
God, that's frightening.
Well, that's frightening.
And of course we all know about the caller ID spoofing, right?
Well, we all know about that, yes.
But to actually get to somebody's money, It seems like it just wouldn't be that easy.
It couldn't be that easy.
Just your mother's maiden name.
There'd have to be a... A social security number, which also there's sites out there primarily for private investigators and underwriters that pretty much anybody can get an account at by filling out the appropriate paperwork and then you can basically pull the person's social security number and date of birth and you have the mother's maiden name.
And it's quite simple for identity thieves to get extensions of credit in your name.
Somebody stole my identity and opened up a cellular phone account in Denver and ran up hundreds of dollars' worth of long-distance calls, and then I got the bill for it.
It took me a little... I had to prove it wasn't me, which was very time-consuming, but at the end of the day, I didn't have to pay the bill because it simply wasn't me.
But it cost you a lot of money to prove it wasn't you.
Well, time, and as we know, time equates to money.
And what the biggest headache is, and I'm sure there's people in your audience that have also been victimized by this, is having your credit profile change negatively.
And then going back to these bureaus, I'm talking about TransUnion, Equifax, and Experian, and getting them to correct it.
It's really It's a time-consuming process, and the burden of proof shifts on you.
Yes.
And I really believe that when your identity is stolen, that to make it easier for the victim, that the burden of proof shouldn't shift to the victim, but should shift to the Bureau.
Normally, however, in most cases I've heard of, the bank or the institution does realize that it's a rip-off, and restitution is made, and I always wondered, who actually pays for that?
The issuers, the card issuers, but at the end of the day, we're all paying for it.
That's why they're charging us higher interest rates, right?
So everybody is paying for the thievery that's going on, but actually the first line of the attack is going to be the issuer, in the instance of credit cards.
How severe is it?
I wonder how much money they're having to pony up every year to pay off You know, the frauds and things.
You know, it's interesting.
I was just at an event in New York.
I spoke at an event, and the heads of a lot of the major, major credit card companies were there.
Right.
And what they do is they measure their losses.
They call them basis points, and I don't know the exact calculation for it at this point, because it really wasn't explained to me.
But the bottom line is that they basically measure their loss.
And then they measure, well, how much money would it take us to offset the loss?
Or how much money is it going to take us to prevent this from happening?
And so far, the attitude is, one remedy is to use a stronger form of authentication.
Authentication is when you have to prove that you are who you say you are.
Usually online, you do that through a password.
But the problem is, is with all these phishing scams going on in the internet, how do you, you know, and people are giving up their password through phishing scams by people that are victims of social engineering attacks.
So these static passwords are really dangerous because you never know when somebody else has your password.
So stronger forms of authentication are like smart cards, maybe a device you carry on your keychain that the code changes every 60 seconds, maybe a biometric like your But again, do you know what percentage they consider to be tolerable and what in fact they are paying?
is for banks uh... credit card company the banks of the police technologies
it will actually cost them more money to deploy that technology
then then what they're within what the losses they were suffering so what they
do they just choose to accept the law but again
do you know uh... what percentage they consider to be tolerable and
what in fact they are paying us probably very secret
uh... not really No?
I mean, I think one very large financial institution claimed that their fraud losses, I think, so far for the year were around $3 million.
Huh.
Actually, that's not that much.
No.
No, it isn't.
And if it costs $10 billion to deploy a stronger form of authentication that their customers could use... Then it's not going to be worth it.
It's not going to be worth it, so they just simply accept it.
And that's it.
So, as long as the identity thefts don't become thieves, don't become too greedy, they're going to get away with it.
Well, they spread it out over several different victims.
It's not just like they're hitting MasterCard.
But if it gets too pervasive and equals too expensive, then people will be lined up and shot.
Well, what's going to happen, then these companies will say, oh, to manage our risk, We'll deploy a stronger form of authentication to make it more difficult for the thieves to do their business.
Perhaps a chip in the palm of your hand.
Well, you know, they're chipping credit cards these days.
And in fact, in European countries, in some Eastern European countries, when you're defrauded, the risk is actually on the customer.
Really?
So, yeah.
Think about it in America.
Like, why would you want to bother yourself having to use all these fancy devices to prove who
you are when at the end of the day it doesn't cost you a dime if
you're defrauded, it costs the bank.
So people really don't care, but in Eastern European countries
it's the opposite, it's where the consumer takes the risk.
So now they're interested in these better forms of authentication and they're really pushing for it because
they don't want to take the loss.
Fascinating. Alright, we should be on some sort of track here and I want to talk a little about social engineering.
I know you do anyway.
What do you mean by it?
Explain your definition of social engineering.
Well, with social engineering, the best definitions or the best information can be found in the old Art of Deception book, but real quickly, it's basically where the bad guy uses manipulation deception and influence tactics. I'm talking about the same
influence tactics that sales and marketing people use
to persuade or to influence rather a trusted person inside a company to either
reveal information or to do some sort of action item that lets the bad guy in or gives the bad guy the
information. It's simply the art
of getting a person to say yes to comply with the request and this request is what benefits the bad guy.
Give me an example. An example, a guy walks into a building of a company and
during the day when the receptionist is quite busy walks up to the receptionist
uh... maybe ten minutes after sitting down the person struck in the suits of
the person has that authority uh... you know looks like a typical business
matter woman probably briefcase briefcase you know uh...
document hairstyle typical the trappings of a of a business person
yes uh...
and the uh... receptionist the five dollar bill and said excuse me miss
uh... i found this i found this money was on the floor over there and i just
wanted to turn it in And the receptionist is very surprised and says, OK, well, thank you so much.
And then about 15 or 20 minutes later, the person goes back up to the same receptionist and says, listen, I just got an important SMS message or phone call.
I need to get something off my computer.
I need to be able to sit down somewhere.
Is it possible I could just use the conference room behind you?
Just for 10 or 15 minutes, if anybody comes in, I won't bother you.
I'd really, really appreciate it because I need to get this taken care of.
Yes.
The receptionist knows that only employees are supposed to be in that conference room, but she thinks, well, you know, she's attributed, she's given a positive attribution of trust to this person based on the person turning in the $5 pill that they found on the floor.
So she's thinking about it and she goes, well, Sure, I can trust this person.
So he lets the guy into the conference room.
The guy plugs in the laptop into an Ethernet jack in the conference room, because most companies have their network connectivity for conferences, of course.
Sure.
Finds it's a live jack behind the company's firewall.
Person plants a wireless access point, being a device that fits about the size of the palm of your hand.
plugs in the wireless access point into this Ethernet jack, puts a note on the wireless access point, please do not remove information security department, and then from the parking lot with a directional antenna, of course, the bad guy has complete access to the company from the parking lot over radio.
This is a modern grift.
This is grifting, Kevin.
Exactly.
Well, social engineering is basically using card artistry, using technical...
Well, grifting is more... No, grifting, when you look at grifting art, it's more of you're grifting for cash.
You're basically conning people out of money.
Well, hey baby, what you just described ends up in the same place.
It's a modern grift.
That's what it is.
Well, I think the definitions are different.
Social engineering is where the bad guy or the hacker is getting access to company information or company resources by manipulating, by influencing people and using In exploiting technical vulnerability.
Arose by any other name.
It's still a grift.
Alright, so anyway, I get the picture.
I get how it's done, and that's pretty awful.
I mean, you know, a quick other story.
Imagine you're at Premier Radio Networks in Sherman Oaks, and that's quite a building, if you've ever been there.
And imagine that you're on the elevator.
I've never been there.
Oh, okay.
Is that amazing or what?
Yeah.
Well, not really.
You're outside the state.
I was there a few times.
So anyway... I'm sure they're happy to hear that.
But I did do what I'm going to tell you.
I bet they're all checking their Ethernet ports right now.
Little notes.
Little notes.
Property of Premier's Journey, right?
So listen to this.
Imagine you're in the elevator into the restroom and you find a CD, like a Red Jewel case, And it has the logo of Premier Radio Networks on there.
You look at it, you found it on the elevator, someone must have dropped it, and it says, Extremely Proprietary and Confidential, Payroll Salary History, Second Quarter 2005.
Right?
What are the chances that somebody, you know, that was at the elevator, or whomever, is going to take that back to their computer, and just do a quick check?
What do their bosses make?
What do their colleagues make?
They put in the CD, it comes up with like an Excel document, they click on it, and nothing happens.
It says it's corrupted or whatever.
They either toss the CD or they give it to Human Resources.
They say, what a bunch of bulls, some stupid joke.
So what happens is, what do they do?
After clicking that document, they install a piece of malicious software on their computer that can essentially do anything the bad guy wants.
That's because under Windows, usually everyone runs with administrator rights.
Good God, this is diabolical.
Right, so then you have a keystroke logger that's sitting there, you know, basically installed a wiretap on the victim's computer that clicked on that spreadsheet, or worse yet, it's a program that attempts to connect out from that person's computer to the internet to another machine, another computer that the bad guy had compromised, and now they could use that as a tunnel into Premier Radio Network's network.
What idiot let you into our building?
I would call him an idiot, but David Hall let me into your building.
David Hall!
I stand by my statement.
No, but he's a good guy.
David's alright.
Yeah, he's cool.
God, I know they're doing some thinking down there right now.
So, there's an example of a social engineering attack, which is a little bit different.
It's actually influencing the target by getting access to something that they'd really like to look at.
And by doing so, getting them to install malicious software on their computer that gives the bad guy an advantage.
Yeah, David Hall, by the way, is just the kind of guy that probably would have hired you back in your heyday.
Hold on, Kevin.
We'll be right back to you.
Kevin Mitnick is my guest.
Check those Ethernet ports, folks, down at our building.
I have this awful shivery feeling running right up my spine.
He is our guest, nevertheless.
I'm Art Bell.
This is Coast to Coast AM in the nighttime.
Coming in out of the rain, you hear the jazz go down.
Competition in all the places.
Oh, but the horns, they're blowing that sound.
Way on down south, To talk with Art Bell, call the wildcard line at area code 775-727-1295.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033.
line at area code 775-727-1295. The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033. From west
of the Rockies, call 800-618-8255. International callers may reach out to Art Bell at any time.
Not somebody you'd want to meet in a dark cyber alley somewhere.
pressing option 5 and dialing toll-free 800-893-0903.
From coast to coast and worldwide on the internet, this is Coast to Coast AM with Art Bell.
And my guest, Kevin Mintnick.
Not somebody you'd want to meet in a dark cyber alley somewhere.
Kevin was arrested by the FBI, did his time and all that stuff.
He was a hacker.
And he's been writing about it and talking about it ever since.
And he's got a lot of worthwhile things to say.
If you don't mind having the hair on the back of your neck stand up a little bit.
I don't know what I mean.
To me, what Kevin just described really does seem like cyber grifting.
Maybe, I don't know, grifting, I suppose, is the art of the short con.
Maybe it's the long con.
I don't know.
But pretty close, anyway.
Kevin, welcome back.
Oh, thank you, Art.
I'm getting a lot of requests via Fast Blast.
You know, I have the computer thing.
You've probably hacked into it by now.
I don't know what they are.
I don't do that anymore, but hey, I actually get paid to hack these days.
So now I, you know, what I used to do illegally for the intellectual challenge and pursuit of knowledge and thrill, now I actually, it's a business because companies hire me to test for their security failures.
You know, banks and even some U.S.
government agencies.
So it's quite interesting that you can take a skill for which you can get into trouble and now actually do something that benefits the community also is challenging and uh... they can look at it from a
okay will get back to social engineering in a second uh... i do want to see this
it's sort of as we go along and it is a very relevant
question uh... hydro zero five zero three
and from portland oregon wants to know as kevin art would you please about wifi hacking and war
driving and accessing unsecured networks very popular these days uh...
i must tell you can and i have friends who war drive
uh...
so all of them with the radio operator dot dot dot dot dot dot dot dot dot dot
uh...
I shall not name any names, but Wardriving, let's explain a little bit what he means by that.
Sure, sure.
Well, I mean with the ambiguous wireless connectivity these days, especially with 802.11, which is 802.11B, that's like the protocol that's used like at Starbucks if you're using T-Mobile.
Well, most of these, most consumers these days are going to Their local electronics shop, and they're installing wireless access points at their homes.
Businesses are doing the same.
And what Wardriving does, it's simply driving around the neighborhood, and in some cases it's called wardwalking, where you walk with your laptop, like if you're in Manhattan, and you identify businesses and people that have open wireless networks.
There are?
There are literally tens of thousands, hundreds of thousands, millions, what?
I would say hundreds of thousands.
I mean, and we're not talking just in the United States, Art.
I've been traveling all around the world doing speeches on security.
And in most of these, even in Asia, there's, again, businesses are running open wireless networks.
And once you're on the wireless network, once you associate with a wireless network, in most cases, you're behind the company's firewall.
So it's as if You could walk into the company premises and plug in your laptop into their network.
And it's pretty scary.
And even if you're using encryption, they have a thing called WEP, which is like a privacy equivalency.
It's supposed to encrypt your communications to safeguard your data.
And Is 128-bit encryption safe?
No, not using WEP.
No?
No.
Because of the implementation of the protocol, because of the flaw in the implementation, it basically takes an attacker to capture a number of packets.
And once a certain number of packets are captured, let's say over a usual time period of six hours, basically, you know, with a program called Ethereal.
That's another way of saying it.
Then you could take the output from this program and run it through another program called WebTrack and basically derive the web key.
And so for any companies that are running with web enabled, those are also easily hacked.
So what you have to do is you have to treat your wireless access point as basically a completely untrusted entity.
And, you know, run VPN over it.
No, alright.
I'll tell you this.
In my own personal situation, I have, for example, a wireless network in my home.
I think a lot of people do now.
Mine is not that protocol.
It's not 802.11b.
It's something else, which I won't say.
But it's something else, less likely to perhaps be attacked, but certainly not impossible.
So... Yeah, if you're running A, B, or G, those are the most common protocols attacked.
Yes, I'm sure.
So, these things are all over the place.
You know, I have a friend, I won't name him, in Las Vegas, who put up a beam antenna, you know, a Yagi, at his house.
And he can turn this Yagi 360 degrees, and he found... He doesn't even have to pay for internet anymore.
He can just hop on somebody else's.
Yeah, and if for some reason he can't, then he just turns the beam and finds another one.
So it's an incredible, incredible world we live in today.
Yeah, in Las Vegas every year they have a big hacker conference called DEF CON.
You should go!
Yeah, really?
Yeah, it might be an eye-opener for you.
Not only do hackers go, but law enforcement agencies go as well.
And they had a contest, I believe it was last year, And the contest was how far, you know, the distance to, you know, you basically build your own antenna, and how far can you communicate with a wireless access point, and it was 51 miles.
Oh my God.
51 miles, and they were doing this all, I guess they, I don't know if they drove up to like Mount Potosi or something, but I mean, they actually got that distance, so these guys that basically hitchhiked all the way to Vegas to go to this, you know, hacker convention won the contest.
Oh, that's so frightening.
And yet, it's all our convenience versus security, isn't it?
Absolutely, there's a magic bounce.
Imagine a social engineering attack with wireless, right?
Imagine an industrial spy wants to get access to a company's secrets.
So, what they do is they do a little bit of research on the person, you know, the family, and what if the executive received a gift around Christmas time Purportedly from a company they'd normally do business with, with a wireless access point, and with instructions to install it.
What are the chances that the executive will just, you know, happily install that at their house, and then they send their operatives, you know, around three to four weeks later, and then they have complete access to the network, and will likely be able to break into the executive's machine, or computer, if you will, and then once that executive is VPNed, you know, in other words, connected to the corporation securely from home, The attackers could hijack that person's connection and be into the corporate network.
So you could follow these steps through and see how dangerous it is.
Is there any way to be safe?
No.
Well, I take that back.
There's countermeasures you can do to raise the bar.
To mitigate the risk to an acceptable level, but there's no such thing as 100% security.
Was that mitigate the risk or mitigate the risk?
Mitigate.
Well, how many companies have you helped mitigate risk for?
I would say about a hundred.
That's a lot.
Yeah, and I've been doing this a short time because remember I had these Restrictions regarding technology when I was on supervised release.
That's right.
They wouldn't let you anywhere near a computer, right?
They wouldn't let me near a transistor.
Solid state.
You know, I had to get permission to use it.
It was quite interesting because, again, the government played me up as such a threat that I could start a world war by whistling into a telephone that scared I can almost hear what the prosecutor was saying.
Judge, this man is so dangerous he cannot be let near a seven transistor radio or the entire National Defense could be... I couldn't even use a fax machine.
It's like I had a call to get permission to use a fax machine.
Eventually that lasted about six months and then they got tired of it because they realized how ludicrous it was.
And then in the end I even had permission to use a computer A lot sooner than the public had known about, under the condition that I not tell the media about it.
Most of the concern was their public image, the government's public image in this case.
A lot of things that I had to keep secret in exchange for them lightening up on a lot of the restrictions that they had.
So it was really about the... Well, they must have had a great interest in lightening up on those restrictions.
What was pushing them to lighten up to the point where they'd break, you know, the rules of your whatever parole?
Well, it wasn't really them breaking the rules.
It was pretty much in their discretion, but basically They had given me permission to do things as long as I kept my mouth shut.
And that was basically it.
Things for them?
No, no, no.
Not working for them, actually.
You know, being able to use technology and computers.
They weren't concerned about the quote-unquote threat I posed as they were concerned about their image in the court of public opinion.
Because my case has played up so much in the media That they didn't want to look like they were being soft.
So, I think that was really about it.
It was more of a CYA type of position.
All right.
Now, fast forward to today's terribly dangerous atmosphere of terrorism and national security, and oh, God, what a mess out there.
Yeah, you wouldn't believe it.
In fact, in our new book, The Art of Intrusion, I have a story in there.
because it always the threat of cyber terrorism being bandied about right and
it's about these two kids one in canada and one in florida you very young
hacker kato hacker of people who are interested in hacking and they spent a lot of time on the iraqi which is internet
really care like a chat room sure and uh... that guy
from india uh...
uh... they must believe a break amersonian is clearly paper ham
and what he was doing that he's recruit actively recruiting hackers to break into uh...
government uh... and the government military and d o d contractor site
and he's kids because they were kind of lol then to the thrill of it all
no one was doing it for money when was doing it for the thrill
they were breaking into like uh... chinese universities uh...
the atomic research center in india sloppy martin and boeing and they actually uh... on what they actually successfully
penetrated boeing and were able to get uh... into their
mail server from the outside And this was through exploiting actually a known vulnerability.
They put in what they call a sniffer.
It's basically a program that, you know, captures all the network traffic.
And they were able from the network traffic to obtain enough information to get further into Boeing's network.
And they were able to get the schematics to the nose of the 747 aircraft for this There is a lot of that going on?
I mean, you cited just that example.
uh... part of a terrorist group that may have been uh... associated with the problem but modern
what what's scary about this is you know are these you know foreign adversaries are
potential terrorist trying to recruit
you know or a young very young people that are impressionable on the internet into doing their dirty work for them in the
potentially being there cut out
there is a lot of that going on and he cited just that example do you think
there's a lot of it it's not i don't know art you know it's really the
you know i i would think that You know, I mean, this is just common sense, you know, this is common sense, but in this particular case, what was interesting, and then these guys, and this is part of another hacking group called Global Hell, is they broke into the White House server, the mail server, no, the web server, and then from that they were able to get to the mail server, and then this guy was on IRC with Khalid again,
And Khalid sent one of these kids, you know, hey, you know, I'm writing a paper on hacking and I was curious if you had any hacking incidents you can, you know, tell me about.
And then the kid emailed back, yeah, we just broke into the White House.
We just broke into the White House.
And about 15 minutes later, the system administrator from the White House logged onto the site It was running his own sniffer, basically a network monitor, to look at what was going on, which was really strange, that right after they told this guy in India that they were on the White House site, that all of a sudden the White House administrators is looking around.
Within a couple weeks, these guys were all busted by the FBI and were rounded up, and in the court documents, it said the FBI had learned that these guys had compromised the White House, from an informant in India.
Was the whole thing a sting?
That's the question.
Was this guy an FBI operative, an informant, or was he a double agent?
He was recruiting kids to break into systems and at the same time was cooperating with the FBI.
I don't know.
Unfortunately, we don't know the whole story, but it's very interesting.
What's interesting is that these kids We're willing to do it.
Well, I don't know if that's as much of a wow as the possibility of the whole thing being a sting.
Now, you know, in this modern day and age, I would say that our CIA and FBI have to be as good as or better than the hackers that are out there.
This is a full-blown war, isn't it?
You're talking about cyber warfare?
I'm talking about the whole schmear of national security.
I'm talking about everything.
Our government.
Has to have agents that are as smart or smarter than the hackers because this is a war, isn't it?
Right.
I mean, we obviously have at the United States government has, you know, they have red teams that are used to essentially protect our government systems, but they also have offensive teams that are used to break into our foreign enemy systems.
And I don't know where they recruit the people on these teams from.
I presumably People that have a lot of motivation and desire and skills in this area, which means they were probably hackers in the past.
But it's definitely known that they do this, that we're both offensive and defensive, because other countries like Korea and China, I don't know if you recall, remember when the Chinese aircraft was downed by US?
I absolutely do, sure I do.
Yeah, well now, and in retaliation for that, There was a group of Chinese hackers that retaliated against the United States through attacking American systems and actually released a worm that caused a lot of problems here, worldwide, as a retaliation for that incident.
How good are we?
How good is the United States?
Do you know?
No.
I don't know.
I don't have that information because I don't know who's on these teams.
I don't know what incidents have been investigated, and that's probably extremely confidential.
I do know that, and we spoke to it in the book, is they had certain public operations, I think it was Operation... I'll get it for you in a moment, but it was a particular operation, I'm trying to think of the code name, and this operation is where certain government red teams We're under instructions that if they use, that they could only use off-the-shelf software, public internet sites that had exploit code.
You know, the exploit code is programs to exploit vulnerabilities.
Right.
Just stuff that's available in the public domain, and they were able to compromise numerous governmental computer systems just with this publicly available information.
So that was quite eye-opening.
So you have to think about, well, what about people that are much more sophisticated that aren't using off-the-shelf exploits?
How dangerous are they?
What are they into?
Is this, you know, this supposed giant, what the hell is it called, that monitors everything Oh, you're talking about Echelon.
And by the way, we still have Operation Eligible Receiver.
Eligible Receiver.
Oh, a football fan somewhere.
So, is this Echelon for real?
Is there really an Echelon?
I think so.
I haven't seen it.
You know, I'm really careful because unless I see it with my own eyes, I'm really, really skeptical.
But from what I hear from some trusted sources, our government does have monitoring stations all around the globe, and they're able to intercept communications.
Well, if there isn't an echelon, there ought to be, right?
You would think so.
I think it's highly likely.
Do I know for sure?
No.
Do you even want to know?
Uh, yeah.
I kind of would like to know.
It's kind of interesting.
So the old Kevin, the old Kevin is still there.
If you, if you, Kevin, if you had a chance to, well, I don't know, maybe get into some secret back door to Echelon and somebody gave you some password that would achieve that and some routing that would achieve that, would you do it?
Hell no.
That was a hell no, folks.
All right, hold it right there.
Kevin Mitnick is my guest.
Now, amidst the cross the window hides the light But nothing hides the color of the lights that shine
Electricity so fine, long and dry your eyes I live by the money
Before the morning comes the story's told You chase it down, you take the top from the floor
Another night, another day goes by Another star, another new world unwinds
You have to forget you play by the rules You take myself, you take myself under control
I, I live among the creatures of the night I haven't got the will to try and fight
Against a new tomorrow So I guess I'll just believe it, tomorrow never comes.
I said tonight, I'm living in the forest of my dreams.
I know the night is not as it would seem.
I must believe in something, so I'll make myself believe it, this night will never go.
Oh oh oh, oh oh oh, oh oh oh, oh oh oh, oh oh oh.
Do talk with Art Bell, call the wildcard line at area code 7.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from East of the Rockies, call toll free at 800-825-5033.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033.
From west of the Rockies, call Art at 800-618-8255.
International callers may reach Art Bell by calling your in-country store.
sprint access number pressing option 5 and dialing toll-free 800-893-0903.
From coast to coast and worldwide on the internet, this is Coast to Coast AM with Art Bell.
If there is such a thing as Echelon, Kevin responded, would he get into it?
Given the code, the backdoor, everything, would he go and take a look at Echelon?
What does he say?
and only knows but hello
nothing like the inside of a jail cell to form an opinion Huh.
Ha ha ha ha ha.
I mean, that really is where that came from, right?
You remember incarceration and disappointment and aggravation.
Looking back on it now, was it all worth it or no?
No, certainly not.
I look towards the future.
I don't really try to stay into the past.
Fortunately, I've been very successful at Basically taking my background, my experience and knowledge and helping businesses, government agencies and universities protect themselves against the threats out there.
So I believe I'm extremely fortunate that I've been able to make lemonade out of lemons.
But you wouldn't be here if you hadn't been there, right?
I mean, you really wouldn't.
You wouldn't be here if you hadn't been there.
That was a genesis that led now to your You know, your infamy as a hacker is what caused people to employ you.
Well, not necessarily.
They know my name, but they basically employ me based on my skills, not because I hacked into systems of foreign... I didn't go out and go on a marketing campaign to market the information regarding my past transgressions.
That was more Of the government.
You didn't need to.
Right.
Exactly.
The government did your PR campaign.
The government did the PR campaign, which I absolutely had no control of.
And a lot of people know my name today because of it.
But I'd rather be known today based on my knowledge and my skills rather than based on that I was a hacker of a decade ago.
Yeah, but you know it, and I know it, Kevin.
On your tombstone, if they were telling the truth, they'd say, Kevin, the Hacker Mitnick.
I mean, people get typecast, and you definitely are typecast.
Yeah, I'm stereotyped, you know, but... I'm the UFO guy, you're the hacker guy.
There you go.
It happens, and you know, there's nothing you can do about it.
Nope, nope, nothing I can do about it, but I'm, you know, in today's world, I'm working diligently at rehabilitating my reputation, and doing good services for my clients, and co-authoring these books.
I do have a co-author, he's a best-selling author, and we've collaborated on these developments, and we work very well together, and we're doing really good work.
But you cannot be good at what you do without studying Exactly.
Well, I look at it this way.
You can go to university and you can take acting school and you could be a darn good actor and actress or you could have the talent.
You could be naturally gifted in that area.
I think, for myself, I was naturally gifted in technology and in this area because Since I was a very young boy when I got involved in amateur radio when I was 12 and graduated into telephones and then into computers, I just had this knack for technology.
It was just a real strong passion.
And then as a kid, at a young age, I was a real prankster.
So I'd mix the two.
At first, I would use my knowledge of computers and telephones to pull pranks on friends that shared similar interests.
For example, I remember this guy Steve that lived in Pasadena and he was a phone freaker as well and I remember getting into the, it was Pacific Bell at the time or Pacific Telephone actually, and I remember getting into the switch electronically and changing his home phone number to the line class code or the service of a pay phone.
So whenever he tried to make a call, it would say, please deposit a dime.
Oh, that's so cruel.
Yeah, yeah, yeah.
Like, electronically, he had to... Please deposit a dime.
Yeah, please deposit a dime, right?
I must have been a pretty old friend.
Yeah, that was an old phone.
Like I said, this was 15 years ago.
Yeah, that was 50 cents.
Prices went up.
Oh, jeez.
So I loved doing that.
Like, when I was in high school, Like, you know, outwitting the teacher was, you know, outsmarting the teacher was the name of the game, and using technology to do it, and like I mentioned early in your show, you know, I was rewarded for it.
It could have gone the other way, though.
Definitely.
I remember the teacher, this is hilarious, Art, he, at the time we had dial phones in class, right, and we had this old Olivetti 110 baud acoustic coupler terminal that we used to dial into this PVP-11 70, which is a piece of deck hardware that was running this operating system called RISC-V.
And this is what we learned on.
And I remember my friends and I, we were dialing into a USC, into their computers, so we could play these really cool games like Star Wars and Grok and Adventure.
And how I used to do it was just simply call the Xero operator, pretend I was the teacher, and have the operator connect me to the USC dial-up number.
Right, so he brings into class one day this like lock, you know these old phone locks that you put in the number one.
I remember, and you couldn't dial.
You couldn't dial, right?
And he was announcing it to the class like he's come up with a solution so we can't call into FC and play games.
And I know exactly what you clicked your way in.
I clicked my way in, right?
I remember the teacher's face went as white as it gets.
Because, you know, it totally embarrassed him when I was able just to pulse out the number on the switch hook and make the same phone call anyway.
Actually, you can still pulse, can't you?
Yeah, you can still do it.
You can go... Yeah, basically, you know, if you have the timing right, you can basically, through the switch hook, dial telephone numbers, you know, through dial pulse.
So they actually have not disabled pulse.
How much longer is pulse going to be part of the system?
They'll eradicate it at some point, won't they?
You'd think so.
I mean, I know Pulse exists because I've been traveling a lot and some of these hotels, they have a touch-tone phone, but it's not DTMF, you don't hear the tone, then you hear the click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click, click At home, reasonably, to protect themselves.
For those who are not computer experts, there must be some steps we can take that will make us a little safer.
Yeah, there's the consumer.
I can think of about five or six things that could really, really raise the bar enough so you'd be, or eliminate probably 90% of the threat.
Let's hear it.
The first thing, These are some no-brainer things, but I'm going to tell you anyway.
Please.
The first thing is to run a personal firewall.
Absolutely.
And I wouldn't rely on, like, with the release of Service Pack 2 for Windows XP Pro, they turned on the firewall by default.
They actually had it in earlier versions, but Microsoft's firewall isn't resilient like others out there.
The one that I personally like that I use is ZoneAlarm.
Zonalarm, okay.
You can get it for free at zonalarm.com.
And this is the difference.
With Microsoft, let's say you get infected with spyware, like one of those evil keystroke loggers, and every time it emails the booty out to the bad guy, you'll never know it.
Because by default, it doesn't monitor your outgoing, only your incoming.
It only blocks incoming connections.
The Microsoft firewall doesn't really care about outgoing connections.
How does the zone thing... The zone alarm... How does it know that you're not sitting there typing, that the packets going out are bad guy packets?
How does it know?
Well, basically, you authorize applications or programs to give a permission to connect to the Internet, to use the Internet.
So basically, let's say You've installed a new mail program, you know, like a different mail package other than Outlook.
Okay.
Whenever you have Zone Alarm installed, what's going to happen is before you can even use the program, a little dialog box is going to pop up and ask for permission for that mail program to be allowed to use the Internet.
Cool.
So if it's a piece of malicious software... It's not going to get permission.
Well, the problem is it's up to the user.
Let's say you have old grandma that doesn't know it says this application needs to connect out.
She might say yes because she doesn't realize the threat.
So you have to be a little bit knowledgeable too and not just say yes to everything.
Right?
Okay, so zone alarm is good.
Zone alarm is the best.
Although I hear people complaining that zone alarm is a burden on them because it keeps coming up with stuff.
Well, that's a good thing, but what they can do is go into the configuration and minimize those messages, but then if you minimize those messages too much, you're taking away the whole point.
You're taking away the whole benefit.
Got it.
Don't alarm good.
What else?
Okay.
Antivirus software, everyone usually has it, but are they upgrading, are they updating, excuse me, the virus definitions on a daily basis?
A lot of people are doing it on a weekly basis.
I think they need to change that configuration to update it daily.
Especially with broadband, it really doesn't take that much time.
I really fell in love with AVG.
It was really a good program, I thought, and they're making changes in it right now.
I'm not really sure what's up, but they're making changes.
Really, I thought that was a good program.
Yeah, I mean, yeah, definitely.
As long as those definitions are up to date, go with AVG.
If you're under Windows, don't use Internet Explorer.
I mean, I heard Bill Gates recently was at some conference, I think, the CES show in Vegas, and he mentioned that they're working on a new release of Internet Explorer 7.
But I would use Firefox.
I would absolutely never use Internet Explorer.
I went to Aerosmith.com like six months ago, and I got a piece of spyware dropped on my computer that exploited a security hole with Internet Explorer.
So I'd stay away from that.
Next thing is Keeping your operating system to the latest release level.
So if you're running Windows XP Pro Service Pack 2 with the latest updates, I wouldn't be running Windows 98.
Same thing if you're running on the Mac, Mac OS.
I wouldn't be running Mac OS 9.
I'd be running the latest release of Panther, 10.35 I think it's at, or 10.4.
Installing the security patches, you know, if you're in the consumer environment, it shouldn't be a problem to immediately upgrade any security patches as soon as possible.
With Windows, you can turn this on automatically to do it in the middle of the night if you keep your computer on to automatically update your system.
And then running utilities under at least the Windows environment to try to identify spyware that's already been installed on your computer.
There's a lot of different programs out there.
Microsoft has released one, a free one, that people can use.
But I've tested a lot of these.
And what I did is I took, there's a company called SpectreSoft.
And SpectreSoft is the biggest commercial spyware vendor.
What they do is they market products like eBlaster.
It's basically a program you install on somebody's computer and it will monitor everything they do and it will email it to you.
And how they market it, to get away with it, is if you're an employer and want to watch your employees, or if you're a parent and you want to watch your kids.
But you know who's buying those programs, right?
The people that are buying those programs are the people that want to watch their significant other.
And get this, Art, this is what's really scary.
You go out and you buy a copy of SpectreSoft, right?
Which is malicious code.
It's basically used to spy on people.
And you install it on your computer, your AVG, Or if you're running Norton, Antivirus 2005, and all these programs that claim to identify spyware, it doesn't detect it because they won't put a signature in for that because they can get sued by Spectresoft because it's a legitimate commercial company.
So a lot of these antivirus vendors will not detect commercially available keystroke loggers.
So what do the bad guys do?
They go out and they You know, go to, like, Rite Aid, they get a prepaid credit card, and they just order the product, so now they have it, or they use a stolen credit card, and, uh, they get the product and they install it on the target's computer.
So, how do you find this stuff?
One of the best programs that I found, and I think you could get, like a, you could use it for 30 days for free, is Spycop.
Spycop, huh?
S-P-Y-C-O-P, and now, that's like, like, after the fact-checking, what it does is it scans through your hard drive, and it looks for Spyware, but that's after the fact, after it's been installed.
Better later than never.
Right, but then there's another utility that I kind of liked.
I've done limited testing with it, but I thought it was quite informative, was one called Test Patrol.
And that does real-time checking, so if some known hacker program or utility And one obvious giant sign to any user would be that their computer starts sort of getting sluggish and slower and slower and slower and you might not even notice it as these data miners dig in and they're using more and more packets and even if it's all fairly benign and is being used for ad marketing or whatever, it still slows down your computer, right?
Exactly, then that brings us to the last thing, which is the Attaware.
A spy cop just looks for the really malicious keystroke loggers, but then you've got all the advertising garbage that's out there.
Programs like Attaware are pretty good at going through your registry and looking for any telltale signs of this type of stuff.
This is very important, folks, because Most of it, many of us, I shouldn't say most of us, I'm going to include myself in this group though.
I don't see how I could legitimately live and do the work I do without computers.
I know the answer is, I don't use the damn things.
Well, that's not so easy in modern America, is it Kevin?
In fact, when I was doing my radio show at KFI, at that time I wasn't allowed to use computers and my show was about the internet.
So this was hilarious.
So my screener And my producer, I would have to go to the station in downtown L.A., and I'd have to work with them for a few hours before the show to prepare, and they would go onto the Internet and say, oh, go here, go there, go here, type this.
I was basically surfing the Internet through proxy, through my screeners and producers, to be able to prepare for my show.
Do a show on the internet without having, you know, without being able to look at it.
So, what, you were just not allowed to put your fingers on the keyboard?
Right.
You could talk to somebody else and have them do it.
Exactly.
Wow.
Did they know, did your screeners and your producers know what they were doing for you?
Maybe.
No, they didn't.
Did they ever stop and ask, Kevin, I'm not violating anything by doing this, am I?
No, because a lot of times they would do a lot of the research and they'd come to me and say, hey, this is kind of the current event.
My producer would also give me ideas of what I should cover in the show.
So it wasn't like I was giving them, like, here, go to www.cia.gov and enter this Long story short.
Still, it sounds like a don't ask, don't tell policy, sort of.
Yeah, so no, that never came up.
All right.
When we come back after this break, I really would like to allow the audience to ask you questions.
And you can understand, after hearing the stuff that you've laid on us tonight, some of this has been downright just scary, frightening.
And the last thing, Art, about the personal security, is if you're running a wireless access point at home, I would definitely, at the minimum, enable WAP.
At the minimum.
What I usually do at home is I actually run an open wireless network.
Because, you know, I can really... because some neighbor wants to use it, I don't care.
But what I do is I also run a sniffer.
So anytime anybody's using the network... You know who it is?
If it's not any of the MAC address... What I do is the MAC addresses of the computers that are authorized, I don't monitor those.
I just... I ignore those packets.
But any other packets that are kind of foreign to the network, I log everything so I can see.
So I'm sure that someone's not breaking into bankofamerica.com through my wireless access point or something.
You wouldn't want that to happen?
No, not at all.
And you know, with your reputation, you could certainly be set up like that, couldn't you?
Absolutely.
So you've got to watch your back ten times more than anybody else, because if something like that happened, You go directly to jail without passing the Microsoft building.
There you go!
So anyway, as I was saying, a lot of my audience is going to want to ask you personal and probably seeming to you to be very simple questions, but I can understand why after hearing all of this, and I hope you can too.
Alright?
Alright.
Coming up in the next hour, so relax, get a cup of coffee or...
Whatever keeps you going in the night time.
By the way, I wanted to ask, Kevin, most hackers, they're night people, aren't they?
Yeah, they're kind of nocturnal.
Hey, Art, if you have the time, I should tell you one great story out of the Art of Intrusion book.
I think you'll love it if you have time.
No, I don't.
Right after the break.
Okay.
All right.
Hold it right there.
Yeah, sure they are.
You know these are night people, these hackers, in the small hours of the morning, three, 4am, they're into, well, who knows what.
I'm sorry, I'm not.
Where'd I go? My whole life spins into a frenzy.
He came from somewhere back here a long ago.
The sound of every fool goes to try hard to recreate what had yet to be created.
Once in her life, she musters a smile for his nostalgic tear.
Never coming near what he wanted to say, only to realize it never really was.
really was She had a place in his life
He had a break from the cross As she rises to her apology
Everybody else would surely know But she was gone
And I could feel it I could see it
The voice that calls her father To talk with Art Bell, call the wildcard line at area code
7 The first time caller line is area code 775-727-1222.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033.
From west of the Rockies, call 800-618-8255.
International callers may re-chart by calling your in-country Sprint Access Number, pressing Option 5, and dialing toll-free, 800-893-0903.
From coast to coast, and worldwide on the Internet, this is Coast to Coast AM.
With Art Bell.
With my guest, Kevin, the reformed, in fact, as you listen to him, almost angelic-sounding nitnick.
he was a big-time hacker until the fbi took the wind out of his sails and now
and now he works for the side of life and goodness and he'll be right back
uh... let's try one more little scenario here Okay.
Suppose you were to hook up with somebody who said that they already had access to a computer up at the infamous Area 51, and they had information about what our government knows about alien presence.
In other words, would my need to know interfere with my ability to think rationally?
Would your lust to know overtake your fear of a repeated visit to a facility that you know all too well?
No, no.
I know for a fact that I definitely would be interested in the answer, but not to the point of violating the law to find out.
I would just figure somebody else would do it, and then they would release the information anyway.
I see.
So I wouldn't even have to do it.
But I would anyway if I was the only one in the world that... You wouldn't lust to be the first?
Or the person known for it?
I would absolutely be curious about Area 51 and be interested, but not to the point where I would break the law.
To find out.
But many years ago, that was different.
That was a different Kevin.
I certainly would have, just because I'd be so curious.
And it would outweigh the fear.
How old are you now?
Forty-one.
Forty-one.
So, you're becoming progressively conservative.
Yeah, I mean, when you get older, you know, I grew out of it.
You know, when you get older, you have higher priorities in life, and, you know, playing games is not one of them these days.
All righty, then.
Here comes the general public.
First time caller on the line, you're on the air with Kevin Mitnick.
Good morning.
Hi, Mr. Mitnick.
It's an honor to speak with both of you.
This is T.J.
in Kansas City.
I had a question about the Internet Exploder.
I've been using Firefox for about six months now, and it's such a great browser.
It just blows Explorer out of the water.
I have a two-part question.
My first part was, is it possible that Microsoft might have made Explorer vulnerable deliberately?
And secondly... One at a time.
Answer.
I don't think so.
I don't think they would have deliberately made Explorer riddled with vulnerability.
Plus, exploder is a very derogatory term, sir.
And your second question?
And my second question was, I use SystemSuite 5.0, and they have a pretty good firewall.
Do you know anything about that?
You're talking about Norton?
No, it's called SystemSuite.
SystemSuite, okay.
Because I know Norton has something like Norton Security Suite.
I'm not familiar with that.
No, I'm not.
I'm only familiar with maybe five or six personal firewalls.
That's not one of them.
All right.
Thanks, gentlemen.
You're very welcome.
Have a good morning.
Wildcard Line, you're on the air with Kevin Midnick.
Good morning.
Hey, how's it going?
It's going.
Just as usual.
All right.
I got two questions.
One for Mr. Midnick and one for you.
Okay.
Like I was saying, my wife and I drive trucks and obviously, you know, we use a computer for balancing checkbooks and whatever.
And so we're running the broadband card, wireless card.
How vulnerable is that?
Like when we're out in the middle of nowhere checking our bank account?
I'll tell you a quick little story.
I was at a Starbucks in Los Angeles about two months ago.
And I ran in there just to grab my email really quick.
I mean, I must have been in there five minutes and I grabbed a latte because I was on the road.
And then a month later, I get this call from this guy going, are you are you the famous Kevin Mitnick?
I go, you mean the guy that used to be a hacker?
And he goes, yeah, yeah, that's me.
He goes, were you in a Starbucks in Los Angeles about a month, a month and a half ago?
And I go, I don't know why.
He goes, because I was in a Starbucks and I was I was capturing everybody's emails that were going over the wireless network, and I think I got your email password.
Oh, man!
And fortunately, I don't check any sensitive or business accounts over any wireless network.
This is like a... Yeah, I guess we ought to tell the public, Kevin.
Starbucks provides something like a T1... Yeah, they provide...
T-Mobile, which is a wireless internet for a fee, a daily fee or a monthly fee.
So, I used that to check an email account that I use just for personal, not business.
And he got your password?
Well, he got my email.
Presumably, I know he could have got the password, because when you use a wireless network in the clear, Where you pay for it, meaning there's no encryption key, anybody could monitor any of the traffic and get your passwords or any of your communications, unless you're using something like SSL, which is called Secure Sockets Layer, it's like when you see the little padlock on like Internet Explorer, and you're signing on to your bank, that information cannot be captured that easily.
There's another attack called the Man in the Middle attack, but I'm not going to go Go into that now unless you're interested, but that might take a little while of explaining.
Okay.
Colin?
Yeah, I probably wouldn't understand it anyway.
So, if you're doing anything sensitive over wireless, I'd make sure that you're using something like SSL, or if you're using, like, if you're to do anything, like a lot of those Yahoo and Hotmail accounts, I think they use SSL to log in, but once you're logged in, all your email is sent over the wireless network in the Claire.
Alright.
And then the second question was for you, Art, about the weather.
Because I live on the other side of the pass from you.
And I remember, I think it was last summer, the lake was down like 75 feet or something.
Yes.
And I was wondering if all this rain has helped that out at all.
You know, we're all wondering that, sir.
I appreciate the call.
And the answer to that is, I wonder, too.
I saw a website recently that showed the reservoirs in Arizona.
A couple of years ago versus right now, and they're in the high 90s.
So I think all the water that we've received has, I guess, done good.
And that was his question.
That's as much as I know.
So the Southwest has had amazing rain this year.
East of the Rockies, you're on the air with Kevin Mitnick.
Hi.
Hello.
Okay, hello.
First off, I wanted to say hi to you, Art, and shout out to the Fantastic Forum.
And I'm listening on Streamlink on my computer.
I'm not listening on the radio.
Got it.
I got it muted.
And I am paying for it.
And Kevin, I'd like for you to explain the difference between white hat hackers and black hat hackers, and I'll wait off the air.
But Art, check out TheBroken.org.
That'll explain a lot of what Kevin was talking about.
Alright, alright.
White and black hat.
The definitions mean different things to different people.
There's no clear definition, but a white hat hacker is an ethical hacker that hasn't done anything illegal in the past, but has pretty much, through self-study and maybe through some university courses, now does vulnerability assessments or pen testing.
Pen testing is simply trying to penetrate into a client's network and find their vulnerabilities so you can submit a report.
A black hat hacker, on the other hand, It's somebody who is currently in, you know, illegally accessing systems, or is malicious.
It is, though, a pretty thin line, isn't it?
I mean... Yeah, most, like I said, most of the white hat hackers, I mean, even, they have this, like, certification called the CISSP, and one of their code of ethics is you can't even associate with hackers, but I know that, you know, I know several people that have this certification, Which isn't really that tough to get.
It really is a test where you test your definitions of stuff.
It's pretty simple.
And a good percentage of those people have illegally accessed systems in the past.
At least the people that I've talked to, and I've approached each and every one of them.
You mean they have not upheld their promises?
Well, I even know about five or six of them that have convicted felons, you know, they were convicted of computer-related crimes, but they simply do not disclose that to get the certification.
But the truth of the matter is a lot of people that are from the old school, and I don't mean hackers in the sense of writing worms and viruses and stealing credit card numbers and doing really malicious stuff, but I'm purely talking in the sense of unauthorized access.
Mm-hmm.
I mean, even at the university level.
I mean, if you're in college and you're breaking into your teacher's account, you know, it's still hacking.
That's right.
It's a mighty thin line, and on the part of somebody who might be monitoring such actions, I don't know that they'd see a difference at all.
No, they don't.
The federal government doesn't distinguish.
They just look at it.
Did you have authorization?
If you didn't, they don't call it hacking, they call it fraud.
So if you access a system, what they call a federal interest computer, which usually has some sort of interstate nexus.
That is, in itself, the violation.
Exactly.
Exactly.
Just like if you make an interstate phone call in the furtherance of a fraudulent scheme, it's the phone call.
Placing the phone call is the actual element that makes the offense.
Yes, got it.
West of the Rockies, you're on the air with Kevin Mitnick.
Hi.
Hello.
Good morning, Bill.
How are you doing?
All right, sir.
Good.
I'm calling from KGO.
Is that a 600?
Yes, sir.
Okay.
Good morning, Kevin.
Good afternoon, or good evening, I guess.
Or morning.
Yeah, that's right.
It's 120.
Yeah, it's 120.
My question to you is, I have hobbies.
One of my hobbies when I was a kid, by your age, was to listen to scanners and learn about different frequencies on the scanners and stuff like that.
Yeah, I used to do the same thing.
Okay.
So, my question to you is, What got you... I mean, what kind of got you curious into the hacking?
I mean, what inspired you?
What gave you the motivation?
The same thing that had you listening to a scanner, brother, and you know it.
It was my interest in technology, especially with telephones.
Especially with what they called phone-freaking and manipulating telephone systems.
And then from there, that's where I got involved in hacking.
Right.
So how... I mean, I don't know if you're allowed to do this over the airwaves or not, but how do you hack?
That would be a longer conversation.
Okay.
I mean, basically... I mean, this is not something where you go www.quantum... No, no, no.
It's basically analyzing...
The target system, analyzing the company, analyzing the people, analyzing the technology they use.
Okay.
Well, that's why they call it fraud.
Because it is, it's grifting, it's fraud.
I mean, speaking plain, that's what it is.
Okay.
And, I don't know how long, but, so, for me, how do, I mean, because I have like a credit, I've got a credit card out there, so would I be vulnerable for this?
If you use your credit card, like, over the internet?
No, no, no.
I have an account with a credit card company.
Right.
And people are always scaring me to, oh, don't get a credit card, because then you're vulnerable to somebody's system.
It's called a paper trail.
Oh, yeah.
Well, yeah.
Every time you use your credit card, there's an audit trail created, of course.
But I mean, unless you have something to be concerned about, creating an audit trail, you know, using a credit card is pretty safe, because if somebody obtains the number and defrauds you, actually the bank takes the loss, and it takes some time.
You probably fill out a form, An affidavit claiming that you didn't make the transaction.
That gets me down to... I live out here in the country.
I said it earlier, I don't think I could reasonably live without the Internet.
I do all my searches, find my products, do my purchases on the Internet, and frankly, we're getting very close now to considering Internet banking.
It seems Reasonable, on the one hand.
I mean, sure, somebody could steal your credit card or something, but you know, they can do that anyway.
I mean, it's going through all kinds of databases.
If you walk into a store and the guy swipes your credit card, then I suppose something dials something and that information is transferred.
So why not do it over your own computer in the right conditions?
I don't think the risk is any greater than if you go into a store and let the guy swipe it.
Am I wrong?
No, you're absolutely correct.
okay so you know you can have someone that uh... skin that at a restaurant
and is that you know we're all you think of course the book the vulnerability
is that a lot of easy commerce flight store especially if there were doing any type of reoccurring
billing they'll store your credit card in their database and that
they're at that their system
is compromised by a group of russian hackers and they feel the then your
company database you they have if they have your number nine but that would
but what i'm trying to point out is that would happen anyway
and you walk into the gap in the by some jeans you're going into a database that it is there to be a part
of your card it goes into their
corporate database and that might be accessible Via the internet, too.
Alright, so to be honest with you, my wife and I are thinking about internet banking.
You know, that's the big step.
I do internet banking.
Do you?
Yeah.
And so, is it as safe as going to a teller?
Well, there's always the chance that... Well, if you're using internet banking, you're using static passwords.
And it's possible for an attacker to get your static passwords.
They can cause you I'm curious about the legalities involved.
If someone were to retain your password and commit fraud, who takes the risk?
You or the bank?
If it was me, the consumer, I'd rather go to a teller.
If it's the bank, all I have to do is fill out an affidavit and they credit my account back the money that was illegally transferred or used.
Then I would say using the internet, because there's no risk to you as the consumer.
Okay, let me ask this.
When you sign up for internet banking, Kevin, are you afforded the same level of protection in case of fraud as you would be if you use a teller?
Or do you sign releases?
That's what I don't, you know, actually, I did sign up for internet banking and they give you like this, it looks like an EULA, you know, end user licensing agreement with all this legal I just clicked on I Agree.
You did, huh?
Yeah, I did read the whole thing.
So that's one thing I have to go back and do when I have time.
I would really like to know that.
I'd like to get my lawyer to do it instead because it's just like pages and pages full of legal jargon that I really didn't want to read.
I hear you.
All right.
International Line, you're on the air with Kevin Mitnick.
Hi.
Hi there, gentlemen.
Happy Easter to you both.
Thank you.
I have a couple of computer questions, but I just wanted to tell you, first of all, that I'm possessed by demons, and if they start talking, I'm sorry.
All right, now, we can't hang on for demons, dear.
Sorry, that's a different show, different time.
First time caller line, you're on the air.
Hello?
Hello.
Yes, sir, I'm calling from Charleston, South Carolina.
Yes.
For the first time?
Yes.
I work for a sheriff's office, and sometimes I take my work home and work on it on my laptop.
And I have a wireless network, and I was listening to you saying that, at the minimum, have a WEP system set up?
That's what he said, yes.
You enable WEP.
On 802.11 wireless access points, you can enable WEP.
It uses a security key.
And then you basically, on your laptop, if you're using Windows, for example, and you connect, You basically type in the same security key you set on the access point, and that's how you set it up.
Okay, is there anything more secure than WEP that I could do?
Well, if you're accessing, like, sheriff information, I'd be using something like a VPN, which is called a virtual private network, over the wireless network.
Okay.
So that way, the only threat is for denial of service attacks, and that's where somebody takes a stronger transmitter and tries jamming the radio signal, which you really have no defense for, but at least the information that's being transmitted is fully encrypted using a, you know, a stronger protocol than the wired equivalency privacy.
Okay, well thank you very much, sir.
Okay.
Alright, take care.
I use a virtual private network myself for certain things, Kevin, so it's fairly secure.
Yeah, yeah, yeah.
I think it would do the job.
There have been vulnerabilities identified with different types of implementations.
I don't know what yours is, but it certainly raises the bar.
On top of that, of course, it's virtually always connected.
Let's imagine, Art, that you're running an 802.11 network at home.
You mentioned that earlier in the show.
I did, yes.
Let's say you're VPN'd into Premiere.
What I actually said was I was using a different protocol than B, not B. Right, but I mean, okay.
We could guess.
It's the same, probably.
So anyway, not the same as B, but the same idea.
I don't think it's Bluetooth.
I'm not saying.
You know what, it's quite funny.
I was also at a conference in New York a couple days ago and I turned on my Nokia and I just scanned to see who had Bluetooth enabled in the room.
There were like three or four people.
People don't realize the vulnerability of having Bluetooth on because you could basically snag somebody's address book through Bluetooth.
What was your question on the wireless network again?
I don't even want to re-ask it, because we're rolling in music here to the bottom of the hour, so hold tight.
We'll be right back with Kevin Mitnick.
This guy who worries me.
The whole thing worries me.
How much reality can the American people take?
We're finding out tonight and believe me, we'll find out tomorrow night.
We'll find out tomorrow night.
We'll find out tomorrow night.
From Dinosaur Land.
I gave you love.
I thought that we had made it to the top.
I gave you all I had to give.
Why did it have to stop?
You've blown it all sky high By telling me a lie Without a reason why You've blown it all sky high You've blown it all sky high Our love happens to fly We could not touch the sky I lost my heart.
I lost my heart.
The first time caller line is area code 775-727-1222.
To talk with Art Bell from east of the Rockies, call toll free at 800-825-5033.
line is area code 775-727-1222. To talk with Art Bell from east of the Rockies, call toll-free
at 800-825-5033. From west of the Rockies, call Art at 800-618-8255.
International callers may reach Art Bell by calling your in-country Sprint Access
number, pressing Option 5, and dialing toll-free 800-893-0903.
From coast to coast, and worldwide on the Internet, this is Coast to Coast AM with Art Bell.
Worldwide on the Internet, indeed.
The Internet.
A subject all by itself, really, in a lot of ways.
Kevin Mitnick is my guest.
Kevin is a reformed, as I mentioned earlier, very nearly angelic figure who now helps out corporations and poor people protect themselves against the evil black-hatted doers of wrong.
We'll be right back.
We will be back to Kevin Mendick in just one moment.
Tomorrow night, I'm going to do something a little bit different, even though it's going to be an open-line session, which means you can really talk about anything you want to.
I am going to begin the show by sort of laying out the situation with regard to energy, America and energy and the world and energy and where we are right now and what I think is about to happen.
And so, give it a little bit of thought yourself tonight.
In fact, if you have anything specific to offer in this area, I'm available by email.
Two email addresses to get to me, artbell at aol.com or artbell at mindspring.com.
Either one of those two will reach me, so if you have something specific with regard to this energy emergency time that I think we're about to enter, you're welcome to email me, twits now and then, and if you want to include a phone number, perhaps I'll get you on the air.
It will be an open line night, but believe me, that's going to be one subject I'm going to open up right at the beginning.
Kevin, you're back on the air again with our first time caller line.
Hi.
Hello.
Hello.
Yeah, I was calling actually about a topic that is sort of unique to the internet called massive multiplayer games.
I don't know if you've heard of this or not, but What they are is there's multiple millions of people that actually play these games all around the world.
They actually subscribe to them.
It's almost like a virtual reality type of thing where people actually become addicted.
As a matter of fact, I've got a friend that's been playing for six years and he's lost his job over the game.
Wow.
Yeah, I know a guy whose brother in Amsterdam was addicted to the online Sims game and actually went bankrupt because he couldn't stop playing the game.
What's fascinating is there are people that actually pay their real money online to buy in-game virtual reality items that are rare in the game.
Wow.
Yep.
So, I don't know if you've ever heard of the topic yourself, Art, but... That's kind of like an addiction to the internet, right?
Or some part of the internet, the games.
It's worse because, I mean, I've played myself various different games online for years.
Right now I'm playing one called World of Warcraft.
I would not be surprised.
Believe me, my wife is addicted to certain games as well.
I'm not too much of a game person, but I can see how it easily happens, Kevin.
thing but they update and add items and content daily so...
No, I would not be surprised. Believe me, my wife is addicted to certain games as well
and even I have become... I'm not too much of a game person but I can see how it easily
happens Kevin. A lot of people do get addicted to these online games, right?
Oh, absolutely.
And even games that you can play on the Xbox or Sony PlayStation, like the Grand Theft Auto, Vice City, San Andreas, those three games that are made by Rockstar, I've talked to people that just can't stop playing.
I mean, literally, they'll be late to work because they're playing these games.
It's, I guess, very addictive.
Well, the new world, huh?
Wildcard Line, you're on the air with Kevin Midnick.
Good morning.
Hi, morning.
Good morning, sir.
Where are you?
I'm in southwestern New Mexico area.
And just to echo the sentiments of the first caller, I know that a lot of those games, it's amazing how people will play that.
I actually had played one of the games, like that kind of a fantasy game, and was able to sell something that I had gotten on eBay for $500.
No postage, just a download.
It was crazy.
But my question was, Living in the Southwest, specifically the New Mexico area, there's just an enormous amount of D.O.D.
and D.O.E.
stuff.
Los Alamos.
Yeah, and Sandia and White Sands.
I have had friends that are in the computer industry.
I am too, but I'm not working there now.
I've been sort of shocked that, you know, the earliest level of clearance is just credit check.
A lot of those guys get in there and I'm surprised at what's going on with some of the servers.
I was curious if you had followed that whole scandal that had happened, I guess, at one point with scientists walking out with a hard drive from the hacker.
Yeah, there was a lot of news about that, Kevin.
And, you know, a lot of stories about leaks and that sort of thing down in that part of the country.
Yeah, the Lin Ho Wee case.
I remember all that.
I remember a couple news stories where they actually lost the drives and the FBI was searching for them.
I don't know whatever happened in those cases, but it was quite interesting.
East of the Rockies, you're on the air with Kevin Mitnick.
Hi.
Hello.
Hello.
Do you have a question?
How are you doing Art?
I'm fine.
Hello Kevin.
Hey, good morning.
Yeah, I recently had a problem with my computer because AOL Security Firewall disabled my Windows Firewall.
And when I tried to install Security Pack 2, it crashed my operating system.
Now I gotta do remote clean install.
Alright, that in itself, sir, is a wonderful question.
Service Pack 2, there are rumors out there, Kevin.
That Service Pack 2 caused problems for people, but then most of the people I talked to didn't have a problem at all.
Right.
It went in just fine.
The issues were compatibility issues with other software that the consumer used and the compatibility issues, but a lot of those issues have been largely worked out.
So, was it wise to wait a while before putting in Service Pack 2?
Yeah, I did.
I actually personally waited on one of my Windows machines to wait until the bugs got worked out.
And I was sufficiently protected through other means, you know, running a firewall and stuff like that.
And I didn't have any issues.
But I don't know the issue in this gentleman's case.
It sounds like a compatibility issue.
You know, for all the nasty stuff said about Microsoft and Windows and all the rest of it, I love Windows, and I use Windows, and I use Microsoft product, and it's really good stuff.
Only, I know from a hacker's point of view, many things are said.
I mean, it's sort of looked down on as... Well, it's not really a... Windows, the OS, is not really for the technically astute security person.
And, you know, Windows is, you know, runs sluggish a lot, and there's takes forever to reboot in some cases, so people prefer, like, Mac OS.
But, you know, it really depends what you're using the computer for, and I'm not bashing Microsoft either.
A lot of the reason that there's so many security vulnerabilities found in their product is because everybody's looking to find vulnerabilities with Microsoft products because they have the largest market share.
So imagine you get the one vulnerability, then you could attack a lot of people.
Because it is so successful.
Anything that would obtain that level of success is going to be attacked fiendishly, isn't it?
Yeah, but for the reason is, imagine you find a vulnerability in Windows, then imagine that you have a bigger, you know, a large surface of businesses and I've got a question.
you could attack you for you you find a vulnerability in macOS it's going to be
much smaller. Exactly. All right. Let's go west of the Rockies.
You're on the air with Kevin Mitnick. Good morning. Morning Art. This is Tim
from LA. Yes sir. Hi Kevin.
How are you? Hi how are you? I got a question. I'm a Mac user and my
question is, you know, I have my security updated. I have my 3A and everything.
I can't hear you too well.
Yeah, I can't hear you too well either.
You're a Mac user and you've got your security updated.
Yep.
And my operating system is updated and everything.
And everything coming in is fine, but when I use my credit card, is it secure?
Is there a way that I could make sure that when I hit the return key that my information is still secure?
Are you talking about using your credit card over a browser?
That's right.
Yes.
As long as you're using a site that's using SSL, I mean, it raises the security somewhat.
I mean, there are attacks, like what I mentioned earlier in the show called man-in-the-middle attacks.
And then there's the issue of, well, imagine the company that you're conducting the transaction.
Is it a reputable company, or is this a fly-by-night company of a hacker that simply set up a website that purports to sell products and services for a discounted price, and you Conduct a transaction with it, and yet they get your credit card information, and it's at the legitimate site.
You never explain man-in-the-middle, really?
Man-in-the-middle attack is where, it's a type of attack of where the consumer is communicating through the hacker's computer to the legitimate site.
So imagine that you are connecting to, say you're with Washington Mutual and you're online banking, but unbeknownst to you, When you're connecting to your bank, you're really going through my computer.
And I'm acting as the man in the middle, taking your information and relaying it to the bank, and the bank is sending me the information, I'm relaying it to you.
Got it.
And that's a way to do... There's some more detail to this, but that's a way to intercept information that is occurring over a supposedly encrypted channel.
Okay.
Again, so that people aren't unnecessarily frightened Is it generally true that if you take precautions, just general precautions, making sure you're on a secured server when you're ordering something, as long as you go that far, you're basically as safe doing this on your home computer as you are taking a card to a store somewhere and having them swipe it to buy something.
Yeah, I think it's the same.
There's different risks for those transactions, but I think it equals out.
I mean, I look at it, I always look at it at the end of the day, am I going to have to pay money in either transaction?
And at the end of the day, the answer is no, because the bank takes the risk of any type of fraud, not you.
How do you see the future of the Internet, period, Kevin?
Well, with respect to security, I think it's... No, no, no, no.
No, a broader question.
A broader question.
How do you see the Internet developing from here already?
It's amazing.
I believe it's going to continue to grow.
I believe that we're going to see our wireless, you know, our mobility, the wireless mobility devices is going, you know, because right now we're, you know, we're converging telephony and Internet.
So we're talking, you know, we have like voice over IP.
And I think we're going to even have more integration with our wireless devices, our PDAs and our cell phones.
So that's what I think we're going to see in the future, a lot more wireless connectivity.
What will voice over internet do to the phone companies?
Well, I don't know.
I haven't looked at their balance sheet lately, but like, for example, I have a bondage account.
I was in Europe about two months ago and I ended up running up a $6,000 cell phone bill And then when I got back home and, you know, was sick to my stomach over that, I go, I've got to think of a solution.
So then I realized that I could use Vonage Softphone.
So whenever I go to a hotel with broadband, I essentially bring my number with me, no matter where I am in the world, and could actually make calls to and from the United States.
And it doesn't cost anything over the internet.
And the quality was really good.
I know, I see these ads on TV, I think we all have lately for Yak VoIP or whatever it is, where you can sit and yak with your sister-in-law in Seoul, Korea or something, you know, all day long without additional charge.
I mean, eventually, from layman's point of view, from my point of view, that's going to affect the phone company.
Oh yeah, imagine if you could do cell phone calls using VoIP.
It connects to a local switch and it VoIPs it over the internet and, you know, reducing Reducing the charges substantially so they could pass on the savings to the consumer.
But there's a downside to products like Vonage.
For example, I believe this one family had only Vonage in the house and then one person had to make a 911 call and Vonage didn't have, there was no 911 implementation.
They hadn't set it up yet.
So they couldn't make an emergency call and it caused a big issue.
I think they offer where on bondage you could actually sign up and you put in the address that you're at for your 9-1-1 call.
Still, the bigger picture, isn't the internet going to crush the phone company eventually if this keeps up?
Or the phone companies might get in on the action.
And I think, you know, don't forget a lot of the networks, you know, T1s and a lot of the network connectivity is still going through the Bell system, right?
Is broadband going to get more expensive?
I think we're going to get more bandwidth for less money.
You really think so?
Isn't bandwidth going to become more and more valuable?
It is valuable, but I'm looking at comparing And why I'm doing this, I'm comparing the prices between Europe and the U.S., and in Europe it's much more expensive, and in the U.S.
it's, you know, I mean, substantially.
Like, are we going to pay 20% of the price here in America?
So, I'm looking at this trend in America of how the prices are dropping substantially, and, you know, and these companies, because of their, you know, their, you know, being competitive, are offering, you know, better packages for less money.
But as we finally get, I don't know, fiber into every home, or into a lot of homes, eventually movies, television, telephone calls, all these things can come over... Right over fiber.
And so... Right over the net.
All of these broadcast networks, all of these telephone companies, all of these cable companies, television stations, they're all threatened, aren't they?
Ultimately by the net?
I think so.
Unless they can jump on the bandwagon.
Bandwagon.
It's 2 in the morning.
It's late.
But anyway, they jump on the bandwagon and maybe change their business model and maybe they could exploit the situation and create a service that works in conjunction with the internet.
Maybe.
First time caller on the line, you're on the air with Kevin Mitnick.
Hi.
Hi Kevin, this is USO in San Diego.
Hey, how are you?
Hey, um, Kevin, I work in computers.
I go to people's homes, and the biggest problem I find is that people have Morpheus and Kazaa and LimeWire.
Oh, yeah, so peer-to-peer networks.
Oh, it's awful.
They just get infected incredibly.
I cleaned 212 Trojans off a computer the other day with AVG.
A few months ago, actually, Adelphia Cable shut down a guy's computer because he had a spam bot on there.
Yeah.
So, um, just wanted to comment on that.
Just wanted to implore people.
I know the lure of free music is wonderful, but when you pay me $100 or $150 to come clean it up, it just doesn't pencil.
A lot of times, I can't salvage them.
There's times I just format the thing because it's that far gone.
It's so terrible what happens.
I know exactly what you're talking about, and you're absolutely right.
I have a colleague.
I have an office here in Los Angeles, and it's an office space for tech companies.
And they share the same network.
And when one of those companies gets hit, it drags down the network for everyone.
And usually, it's because of the same thing, you know, of the peer-to-peer networks.
In businesses, you basically just restrict it by blocking out the firewall.
But at the consumer level, you know, it's running products, I guess, like Pest Patrol, hopefully, and running AV software.
But the problem is, is if a user of a peer-to-peer network, you know, runs A lot of these peer-to-peer networks are not only sharing movies and music, but they're sharing software.
Once you download software, it can have malicious code embedded, what we call a Trojan.
Unless that Trojan has been identified and the consumer is using a tool to detect it and eradicate it, they might not know it exists and it sits on their machine.
Well, if you go playing with the bad guys, then you're... No, no, no, no, no, that network, Kazan, these peer-to-peer networks are not bad guys.
Well... I mean, you're in a community and you could have good guys and bad guys in between.
I know, but when you're giving, when you're sharing product that is supposed to be copyrighted and mean something to somebody, you're taking money out of somebody's pocket, a performer or somebody, right?
Exactly.
So, I don't know.
Well, they also share music that is allowed to be distributed.
They share freeware.
You know, it's not just illegal stuff.
And it's not just music, either.
I know, and you know, there are sites where you can go and get motion pictures that, hell, haven't even been released yet.
This is such an incredible danger to the motion picture industry.
Oh, absolutely.
I mean, it's a huge problem, of course.
That's why they've been successful at passing laws like the DMCA.
It's so huge that it would take another whole show to do it, and we will do that, Kevin.
We're out of time, man.
Show's over.
Wow, so quick.
Hey, Art, it's been wonderful being on your show again.
I always love being on your program.
Take care.
Talk to you next time, and there will be a next time.
Good night, Kevin.
And stay safe on your computer.
You too, my friend.
From the high deserts, I'm Art Bell.
See you tomorrow night.
Midnight in the desert
Export Selection