All Episodes
Previous Next
Jan. 28, 2006 - Art Bell
02:29:25
Coast to Coast AM with Art Bell - Kevin Mitnick - Computer-Related Topics - Lloyd Carpenter - Pole Shift
Participants
Main voices
a
art bell
50:43
k
kevin mitnick
01:05:22
| Copy link to current segment

Speaker Time Text
art bell
As you all are aware by now, I think, most of you, I'm going through a a grieving process.
The loss of my beloved Ramona.
I just realized something before the show.
Music is important, and I haven't I've been going through this wild these wild waves of grieving, and music actually helps.
I kind of shied away from it because all the words seem to mean something, you know, connected with Mona.
But I was wrong.
It's good.
I've decided it's good.
And that leads me to one other comment before we begin what we're going to do tonight, and that's pole shift.
We're going to talk pole shift here in a minute.
And we're going to lay it really on the line for you.
But listen, if we do get to call-ins tonight, I understand that the inclination for you is to be to call me and express regret and condolences and everything.
But I would ask you not to do that.
This program is something that I can immerse myself in.
It's something that will take me away for four hours on two nights, completely away.
And that's exactly what I wanted to do.
So I'm going to throw myself into the topic, throw myself into the show, which is not hard for me to do.
It never has been.
And so I would ask that you refrain from that, if you would, please.
I understand that you wish to give them to me.
I just would ask that you do not.
At least 32 killed in Poland.
I've got to get that out.
A roof has collapsed in Poland.
About 500 people in a convention hall, and 32 of them are dead.
There was a priest outside the building praying over the bodies of an adult and child covered by a blanket and tarp as rescue crews and search dogs worked frantically through the night.
You can imagine what that's like in sub-freezing temperatures to save those, try to save those people inside.
Witnesses are saying people beneath the wreckage were calling family or emergency services on their cell phones for help.
Can you imagine, oh my God, getting a call from a relative saying that I'm underneath all this help?
So, in a moment, we're probably going to scare the hell out of you a little bit.
It's happened before on Earth.
There may be signs that it's coming soon.
I'm talking about a pole shift.
There are some who think that the only consequence of a pole shift is North will become South, South become North, and that's it.
And that's one possibility.
Another is, though, that the planet becomes completely wiped clean of all life.
Lloyd Stewart Carpenter is an expert in biblical end times prophecy, and he is able to call upon his knowledge to explain what the Bible says about earthquakes and how they're going to play a central role in the grand prophetic stage known as the end of the world.
He is an author and has appeared on several radio and television talk shows discussing his research and discoveries.
Working as an author, inventor, researcher, pastor, teacher for more than 20 years, Lloyd is appreciated equally among members of the religious and scientific community.
So we're going to get it from both perspectives, that of religion and that of science.
That'll be in the first hour coming up in a moment.
The second hour, bad boy Kevin Mitnick is here, and we're going to talk.
As a matter of fact, there was a big story on CNN earlier about the bots and the bot warriors and the bot masters and all that sort of thing.
It was really cool.
So that's what's ahead tonight.
unidentified
next.
art bell
By the way, questions coming.
The webcam photograph tonight is Little Abby Dos.
He's not so little now.
He's growing like crazy.
He is one of my five, and that's Abby Dos.
He could hold him in the palm of your hand when we, in fact, I did when we got him.
And oh my, look at him now.
I don't think he can hear.
He doesn't have hearing.
When we rescued him, he had earmites.
We immediately took him to the vet and had them cleared out, but I believe it damaged his hearing.
That, however, does not damage any part of his personality.
He's a total sweetie.
Now comes Lloyd Stewart Carpenter.
I doubt you'll think of him as a total sweetie.
Lloyd, welcome to the program.
unidentified
Well, it's very nice to be here again, Art.
art bell
Good to have you.
Now, this is a very serious topic.
Pole shift is, to me, really scary because I think I know what would happen, or at least I have my vision of what would happen.
I'd like to know what yours is, or actually what that of science is.
What do the scientists say about the possibility?
unidentified
There are differing ideas concerning it.
One of the things that's interesting to note is that there are no scientists that I know of of respect that do not believe that the Earth will tip over on its axis.
Of course, they're just saying to each other when, and they disagree when it will happen.
It could be a thousand years, or it could have happened already, and there are certain things that make people believe that it could happen sooner than later.
art bell
All right, so conventional scientific wisdom is that it's not a matter of if, but when.
unidentified
Right.
art bell
Okay.
How much do we know scientifically, Lloyd, about how many there may have been in the past?
unidentified
There is evidence that the Earth has tipped over on its axis several times.
There's two schools of thought.
Some people believe that the original, the first time that the poles shifted was like 600,000 years ago.
There are other people, like Peter Worlow, who wrote his book in the 1980s, The Reversing Earth, and he points out that it has happened every few thousand years.
He points out that in the Bible, where it talks about the sun standing still in the sky, that what was really occurring was that the Earth was flipping over on its axis in a very slow method, 24-hour periods.
art bell
People on the Earth would observe the sun virtually standing still.
unidentified
Exactly.
And some other people believe that, you know, around 2850 B.C., when King Tut was on the earth, that the Earth tipped over on its axis right near that period because his is the first tomb that shows it reversed from the other tombs.
And then after that, the other tombs are back to normal.
So they think that it was a briefer shift because it was the Egyptian belief that you bury the Pharaoh with his head pointing to the west so he could see his God.
And for some reason, they don't know the reason, but Peter Warlow speculates that the reason is, is because the sun was setting in the east at the time that King Tut was alive.
art bell
All right, well, there's some reason for optimism in some of what you've said there, because obviously mankind did not become extinct at that point.
So tell me, what is your belief regarding what the physical effects of a pole shift would be if it happened tomorrow?
unidentified
Well, the biggest concern is that there will probably be a reversal of the magnetic fields at the same time.
I'm more concerned about there being a reversal of the magnetic field than I am about a polar shift, because if the magnetic field reverses with it, it will affect everything electrical on Earth.
Peter Worlow said that electrical things won't work anymore.
Basically, it will have 15% of the energy and it will slowly get back to its normal self, but everything, all the poles will be opposite.
So everything we have electrical on this Earth won't necessarily work.
Now, more modern naysayers of Peter Worlow say that it's far more serious than that, that actually car engines will catch on fire, flashlights will cease to work, plasma TVs will explode,
airplanes will fall out of the sky, because if the electrical systems of everything on earth is shortened, it will become dark, just as it says in the Quran and in the Bible that when the earth rolls up as a scroll, that it will be so dark people will be afraid to hover out, and there'll be no light in the sky for a long time.
art bell
I just got my plasmas.
You know, they were expensive.
I don't want to see them explode.
unidentified
Well, don't worry about that, Art, because there won't be money.
art bell
Yeah, I do get the picture.
Okay, I guess I can understand that.
Now, for our society, America, I mean, to some degree, the hell with everybody else, America is more dependent than any other nation on the face of the earth in electronic communication.
I mean, we are virtually at this point basing our entire economy on it, Lloyd.
So we'd be wiped.
Now, from that point of view, I mean, the people living out in the jungle somewhere in a village, they'd probably go, oh.
But here in America, everything's electrical, you know, everything.
unidentified
You're right.
But, you know, it's like the preacher says about the Bible.
I didn't write the book.
I'm just telling you what's going to happen.
And what's happening here is that there are certain anomalies in our solar system and on our Earth that have got scientists startled, have got researchers busily writing down what's happening, and a lot of people wondering how quick it might happen.
art bell
Okay, well, I'm one of them.
And that's my next question.
In other words, what gives you some clue or some feeling, because you obviously have it, that it's more likely to happen sooner than later?
What are the signs?
unidentified
Well, I would say one of the main signs is that two startling events.
First, the sun's magnetic field has doubled in strength since 1963.
That has never happened in recorded history, and scientists are going, what's going on with the sun?
art bell
No, wait a minute.
Now that you just pulled that one out, and we need to examine that a little bit.
I had not heard that.
The sun's magnetic field has doubled in the last, how long, please?
unidentified
Since 1963, it has doubled in strength, according to Russian scientists that are very respected by American scientists.
And all the other planets' magnetic field has also increased substantially, except the Earth, and it has decreased.
That's one thing.
The other thing is, you know, when you and I were kids, we were always taught the Earth is not round perfectly.
It's sort of like an egg.
art bell
Wait a minute.
I'm sorry.
I've got to go back.
This is very serious.
If you're really sure, I mean, you say Russian scientists, well, a lot of things are printed in Pravda that turn out to be, frankly, BS.
This is fascinating.
Okay.
unidentified
These are respected scientists that meet in world teams and announce to the world what's going on.
And if they're disagreed with, they're laughed out.
And if they're agreed with, they're studied.
art bell
How are they measuring the intensity of the magnetic field of the sun?
unidentified
They have various ways of doing that.
And they've always been able to do that.
American scientists, European scientists, European Space Agency, they're very good at measuring solar flares and the magnetic field of the sun.
It's so important to do that because the magnetic field of the sun shifts every 11 years.
art bell
That I'm well aware of.
unidentified
Yeah, it shifted in 2001 and it will shift again in 2012, which is coincidentally.
The Mayan religion believed that the Earth would roll up as a scroll, and their calendar comes to an end in 2012.
art bell
I am aware.
Yes, I'm aware.
And either somebody got sick of writing new calendars, or, you know, maybe they just said 2012.
I mean, what the hell?
None of us are going to be alive.
Let's stop making calendars.
This is stupid.
unidentified
The Earth is 23 and a half degrees, 23.5 degrees off of its axis.
In effect, the other planets are in line with the elliptic of the Sun, pole to pole to pole, right in line.
But the Earth is 23.5 degrees tilted, unlike the other planets.
And so it wobbles.
There's something called the Chanver wobble.
That's discovered.
And startling news released just within the last two weeks, the Chandra wobble, for some reason, and that's got everybody really freaked out, stopped wobbling.
art bell
Holy crap.
No wobble.
unidentified
No more Chanver.
Maybe it'll wobble again.
art bell
You know, you're giving me headline news here.
Are you really sure of all this?
unidentified
No, I'm certain.
One word has more emphasis than the other.
I would look very silly.
I'm doing a 13-city tour, 12 cities.
They just added another city, talking to audiences all over the country about this.
And I just did one a while ago, and there were scientific minds there.
There were people that really knew their stuff.
art bell
Back away from the phone.
Yeah, back away from the phone just a little bit.
Now, you're telling me again the Chandler wobble has stopped.
unidentified
Yep.
You can Google it.
art bell
I imagine quite a few people are right now.
unidentified
They do.
This is according to several sources, actually.
It's not a hard thing to find right now.
This type of information, once it gets out, it ends up spreading kind of like the same thing with the polar ice caps melting 30% in the last 50 years.
art bell
I happen to know that's a fact.
unidentified
And 10% of the ice in the last decade on the Earth has melted.
Snow caps, do you know that the North Pole at the very peak no longer has ice now?
art bell
Yes.
unidentified
And so they're saying, you know, and this ice shelf broke off of the South Pole and it was the size of New Hampshire.
art bell
Yes.
unidentified
If the South Pole melted completely, it would raise the ocean level by 600 feet.
They don't think that's going to happen, but already the ocean level has increased.
Global warming is causing danger with the methane that's on the ocean floor.
And you know, I care about the Pacific Ocean.
I'm the guy who discovered the face on the Pacific Ocean floor.
You know, that face tracing.
And you're ready to fire all volcanoes.
art bell
The methane is incredibly dangerous.
unidentified
Very dangerous.
And you know what I'm worried about?
A new technique of oil drilling.
And they are pounding sound waves, 24 guns at a time, at the ocean's floor.
They did it off the coast of Australia one month before the tsunami.
And it was decried in the Australian Assembly by the government.
The danger is there.
They felt it on land.
And one month later, we have that tsunami.
And so one part of my lecture is, was the tsunami caused by man?
And there is very strong evidence that this pounding, this super big guns they have bashing at the ocean floor is creating crevices down there.
And the last time methane gas escaped, they want the methane.
art bell
You realize there are people who would say nonsense.
The earth is incredibly strong, and we're like little ants just making little tapping noises.
So how would you answer that?
unidentified
I would answer that by saying that the earth is an ecosystem that is sensitive.
And if you're pounding sound waves at it, you know, you have a volcano that gives off.
People 50 miles away feel an earthquake from it.
We are all sensitive to what happens on this Earth with those kind of anomalies.
And when the country of Australia makes an outcry because of this and pretty much blames the oil companies, and this is going on all over, methane gas, the last time it escaped wildly, caused the ice age.
90% of everybody in the world died.
All the dinosaurs died.
And the oil explorers that are out there right now are so afraid that they will not shoot the sound wave straight down.
They figured out a way to come in sideways with the hope that they won't be up there if there's a flashback of methane gas because it's frozen on the ocean floor.
If it melts.
art bell
Yes, I've heard of this slant drilling that they're doing.
And you're saying they're doing it in order to avoid the possibility of a blowback?
Absolutely.
unidentified
They all agree that it's a very dangerous...
It's so cheap.
I mean, gas could be 30 cents a gallon because there is 800,000 times more, and that's not a made-up big number.
This is a proven number.
800,000 times more in quantity available methane on this planet, on the ocean's floor, than there is petroleum.
But it's just as dirty as petroleum.
It's not a clean gas at all.
art bell
Got it.
All right.
unidentified
Very plentiful.
art bell
What would the Earth be like?
Can you describe our Earth after a polar reversal?
unidentified
Yeah, you won't be able to call the local police.
You won't be able to call your mom.
Those poor people that were in that tragedy you were talking about earlier would not be able to call anybody because you couldn't use the phone.
art bell
Will you be alive?
unidentified
If you were alive, you would probably be in a situation.
See, a lot of people believe that what's going to make this happen is some kind of catalyst, like the volcano at Yellowstone, which has raised 74 feet in the last 30 years and one end of there and about 17 feet in the last 10 years at another end.
So much gas is escaping from Yellowstone that the Science Channel ran a special last month, the title being When Yellowstone Erupts.
And the last time Yellowstone erupted, it erupts like clockwork every 600,000 years.
art bell
I saw it.
unidentified
And it's 40,000 years late now.
art bell
That was one damn scary special.
unidentified
Yes, it was.
And the thing that is interesting about it is that the scientists there now are alarmed because for the first time since they can remember, animals are dying from the gases coming out of the ground.
The bison fell over and are dying in certain parts of the park.
If Yellowstone would give off, according to the Science Channel and so many other people, up to three-fourths of our nation would be covered in a black cloud of soot that has a glacious cutting nature that would cut up people's lungs.
Very dangerous stuff.
And that would cause weather climate change that would lower the temperatures by 16 degrees minimum.
That would again cause the Earth to have just enough so that that would be possible for the Earth to tip over on its axis from that event alone.
art bell
All right.
I want to stop you right there and note that there have been two headlines given to us this half hour, both of which you're welcome to check out.
You can think of them as crazy or you can go find out for yourself.
One, the sun's magnetic field has doubled.
Two, the Chandler wobble, and I'm sure many of you have heard of that, has stopped.
If at the bottom of the day here, at the end of the day, that Lloyd believes more strongly that this is about to occur from a scientific point of view, and he's laid a couple of big ones on us, the sun's magnetic field has doubled, and the Chandler wobble has stopped.
Now, some say that it does stop every now and then.
I was not aware of that.
We'll ask about that in a moment.
I know he also has some religious conviction, or at least I believe he does, that this is going to occur.
And I wonder which is the most influential.
We'll ask in a moment.
unidentified
Music I think, Gene, things are not changing.
art bell
Matt Drudge tonight says that Phoenix now, Arizona, has gone 101 days without rain.
That ties the all-time record for Phoenix.
Northwest is getting drenched.
The weather certainly is cattywampus.
There's no question about that.
Lloyd, let me ask you that.
Now, there is a sort of a religious underpinning also to what you believe, isn't there?
unidentified
Absolutely.
The company that hired me to do this 13-city tour is called the Prophecy Club, and what they care about is what's called End Times Prophecy.
If people want to see my schedule, they can go to 777news.com.
Is it okay if I say that, Art?
That's where my itinerary is, because there's no reason to read off all the cities.
I'm going to be in Stockton tomorrow night.
And I am going to Phoenix next week, and Portland and Detroit and so many other cities.
art bell
Well, by the time you get to Phoenix, buddy, it's going to be well into a record without rain unless they have it twixt now and then, and I doubt it.
unidentified
Right.
And I try to cover the weather problem, too, as best I can at 777news.com because people just don't go there just to see my itinerary.
They want to know about my other stuff.
But the religious part of it, the Prophecy Club, this is my sixth tour with them.
And we have been very successful because what I try to do is put the science first, but I'd be fibbing if I didn't tell you that it just is amazing to me.
The Bible in the book of Isaiah says that the earth will roll and rock like a drunkard.
In the book of Revelation, it says that it will roll up as a scroll and that the north will become the south in effect.
There are about a half a dozen places in the Quran that talk about the Bible about the same.
art bell
That's enough.
If the Bible and the Quran both speak of it, then, you know, I think it's reasonable to assume that.
unidentified
So does the Upanishads, the Bhagavad Vad Gita, Chinese religion discusses it.
There is no major respective religion that does not have something about a polar shift in its history and a definite end times type prophecy of the earth rolling up as a scroll.
art bell
All right, all right.
Sold on that score.
Now, do you, inside yourself, Lloyd, do you give more weight to the religious aspect of it or what you've learned of the science?
unidentified
Art, the only reason I was able to do over 500 radio and television shows about a face on the Pacific Ocean floor is because the science comes first.
I believe that is very important.
You lose respect.
If you have an incredible idea, you surround yourself with respected people that are well-known, and then you'll be listened to.
art bell
All right.
Somebody wrote that the Chandler wobble is supposed to stop every now and then.
Is that true?
unidentified
Well, it does stop every now and then, but every now and then can mean like every several years, and it's been stopped for days now, and they keep saying it still hasn't moved, and why hasn't it moved?
And in Texas, by the way, today, a place there that had an entire lake is completely dry.
There is the biggest drought that's ever hit Texas and Oklahoma right now.
There are weather anomalies happening on this planet that are just amazing.
art bell
I can't argue that.
It certainly is occurring.
And is it a precursor to what's coming?
Is it part of what's coming?
Or is it a separate thing?
unidentified
It really is.
I do.
I believe that.
I think that enough things have happened.
There's something else called J2.
When you and I went to school, Art, we were taught that the Earth is not perfectly round.
It's a little bit like an egg, you know, because the north and the south is a little bit more than the equator.
What's happened is the equator has reached a point where it is actually more in circumference, its great circle, than the poles by 27 miles.
Two scientists have measured this, and they have made announcements concerning it.
art bell
Well, that's not too far off round.
unidentified
Pardon me?
art bell
That's not too far off-round, really.
unidentified
But it's just a very interesting thing that all of a sudden around the equator, it's wider now than it is around the poles.
And that's only happened in the last, since 1997, actually.
art bell
All right, well, are you a very brief period?
All right, Lloyd, are you adding all of this up?
I'm talking now about the weather changes.
I'm talking about the poles melting.
What we've seen.
That's really frightening stuff, in my opinion.
And the weather is really frightening.
unidentified
Not to me.
I live in California.
art bell
Not to you?
Not to you.
Why is it not frightening to you?
unidentified
Because of the other part.
You know, I care so much about the science, but I'm one of those people that believe that our lifespan, like Billy Graham said, that the Lifespan of people will not change one iota with an all-out nuclear war.
That an all-out nuclear war would not change the lifespan of anybody on Earth because everybody in this generation is going to be dead as a doornail by the time the next generation's old.
art bell
Yeah.
unidentified
Anyway.
art bell
Yeah.
unidentified
And I realized that.
And after that, I got millions of years ahead of me because of my belief system, so I'm fine.
I don't really like Earth that much anyway.
Everybody mad to each other.
art bell
You have millions of years ahead of you because of your belief system.
What is your belief system that tells you that?
unidentified
I was on a show the other night and I told the guy the million years, I said one of my favorite songs is A Million Years From Now.
And he goes, I never heard that song.
And I said, yeah, million years from now, a million years from now, I'll be in my father's house a million years from now.
art bell
Oh, okay.
So religious stuff.
unidentified
Religious stuff.
Yeah.
But I hope you're right.
In times of difficulty, when you got something like that.
And if you do it like I do, which is apologetically, which means prove it first.
Don't just make up stuff and walk around with a lollipop in your mouth.
art bell
All right, Lloyd.
How do you prove that?
unidentified
There's something called biblical apologetics, which means don't say it's true unless you've got something valid to back it up.
art bell
All right, back it up.
unidentified
Well, certain prophecies have proven to be true that line up right in line with the Earth tipping over on its axis.
Certain things had to occur first.
One of the things that had to happen is the days have to be shortened.
Now, that's never happened, but it happened right after the tsunami.
For the first time in history, the rotation of the Earth changed just enough.
art bell
It's just a very infinitesimal change.
Yes.
unidentified
It startled scientists because they changed those atomic clocks in a very regular fashion, and it's never been different.
And they had to stop what they were doing and change the atomic clocks by as much as almost a second.
And that's a lot of time when you're talking about that type of thing.
art bell
It is.
It is true.
It is true.
All right.
unidentified
So you think all of this...
And then also the Earth wobbling in a way that's totally different.
The Chandler wobble is so minute.
It took amazing measurements to even find it.
It took a novice, a non-scientist, to discover the Chandler wobble, a man named Chandler.
And then he was finally validated by the scientific community.
They went, wow, how did he figure that out?
Because it was so subtle.
But the wobble that happened after the tsunami almost was like a drunkard rocking back and forth.
I mean, it was a real wobble, and it was on the front page of the New York Times.
art bell
How close to this do you think we are?
unidentified
I think it's close enough so people ought to just take stock of themselves and say, you know, how am I doing?
You know, am I the kind of a person that I'm going to like myself for how I've lived my life?
And am I, I'm not talking about just being good.
I'm talking about is my life a test like some of these people out there say it is, like everybody in the world that's religious.
They say it's a test.
If it's really a test, do I want to take the test?
I like what the Islamics say.
You know, it doesn't have anything about accepting Muhammad.
It just has to do with a personal relationship with the Creator.
I believe in that.
I think they're right.
And I'm a Christian, and I have the same belief.
art bell
Right.
For those who believe that God helps those who help themselves...
No, but hear me out.
Lloyd, Lloyd, Lloyd, Lloyd, Lloyd.
Hear me out.
For those who believe that God helps those who help themselves, there are going to be safer places on earth to be if something like this occurs.
Where are those and how much safer?
unidentified
Well, I would call this an equal opportunity cataclysm, but if you were trying to find a place that would be a bit safer, you don't want to be in California or in anywhere on the coast.
I think probably the safest place in the United States of America to live would be probably northern Oklahoma.
You would just probably just die from the drought.
art bell
In other words, right in the middle of the landmass.
unidentified
Yes.
art bell
And even there, you say you would die of the drought.
unidentified
Well, you know, what the Bible says is that when it happens, when the earth tips over on its axis, that immediately a third of the earth will die.
And then it says in the next season, right after that, another third of the earth will die from poisonous water, poisonous ash, and it's called wormwood in the Bible.
And that a third of the earth then will survive, and they will find themselves on an earth with no more seas.
There won't be any more face in the ocean floor.
There's just going to be no ocean because it says there'll be no more seas.
There'll be no more deserts.
It'll be like the earth is a paradise, sort of like the Garden of Eden, with beautiful fresh water and wonderful vegetation.
And I think that that's a nice thing to look forward to.
art bell
Well, I mean, if you discount a third of the Earth's population dying, perhaps, but, you know, there is that aspect of the event.
unidentified
Well, almost everybody in the whole wide world from the beginning of time who has ever been alive is dead.
art bell
Yeah, I've got that.
unidentified
And so big deal.
I mean, basically, I have the belief system that everybody on earth that's born is born dead.
I mean, you know, they're born dead because of, you know, the curse on the earth.
You know, the old story, the Bible story and stuff like that.
Well, the only way they get out of it to get uncursed.
And I believe that's true.
I think some people have to do it.
art bell
That's a great comfort to you, Lloyd.
There's no question about it.
I can hear it in your voice, that you believe it thoroughly, and it's a great comfort for many millions of people listening to this.
It's not.
I mean, you've got to understand there are many agnostics.
There are many people who simply don't believe.
As a matter of fact, an awful lot of scientists and doctors and people like that that I interview, when you push them right to the wall, Lloyd, they don't believe.
unidentified
And they shouldn't be picked on because I think that they're sincere.
art bell
They are.
unidentified
And I think that scares the hell out of them.
art bell
It scares the hell out of them.
Not you because you're going to the great reward and you firmly believe that and that's your faith and you're comfortable.
Not everybody feels that way.
unidentified
Well also a lot of people that are in that agnostic And that kind of thing.
They're that way because they haven't seen any proof.
But you'd be surprised how many people, you know, after checking out my discovery of those images on the ocean, look at it and go, this has to be deliberate by some kind of higher power, and who have their scientific mind has said.
As a matter of fact, one gentleman who is an expert in constitutional law and an atheist wrote a letter and he said that he gave up on that crazy Bible years ago.
But after reading my book, The Amazing Mystery of the Great Face on the Pacific Ocean Floor, that he's going to go back and take a look at that book a second time because obviously there's something he missed.
That's the people I'm talking about.
art bell
Yeah, let's get a quick summary of the face on the ocean floor.
A lot of people may not have heard it when you originally aired it.
unidentified
They can see it by going to 777 News.
I've made all the images free, available for free.
They can get my book and a video there on a special for Art Bells people that want to look at it for $35 plus $5 shipping and handling.
But the images are free.
They can see the huge face, covers half of our planet, crystal clear eyeball, longitude 7, latitude 77 at his mouth.
When the Los Angeles Times interviewed me, NBC News interviewed me about this.
They asked what that meant.
I told them that the number 7 in the Bible, the Quran, the Baga, every great religion in the world is the number of God.
So they printed that big headline, Lloyd Carpenter Sees the Face of God.
And I made speeches throughout the 13 western states for six years while I was in college, went on to win the national championships because of this.
I found that our planet has five humongous images.
The face on the Pacific Ocean floor is half of our planet.
It's the entire Pacific Ocean.
And doctors, medical doctors, have seen that eyeball is anatomically correct.
They see that their teeth, you can see inside of his mouth when it's closed.
You can see the pineal body.
It is one of the most startling, shocking discoveries.
I did so many shows.
I got burnt out two years ago and stopped doing radio internet altogether until this new topic came up.
art bell
Lloyd, is it your position that our Creator put those faces there?
unidentified
Well, I learned it from a rabbi.
He told me the very first thing ever mentioned in the Bible.
I didn't know it.
He said, was this in the beginning God put his face on the bottom of the ocean?
I said, I never heard of such a thing.
He says, yeah, that word is the word panim, and it means God's human appearing face.
So it's always been a belief that the most important biblical myth, if you will, is that God put his face on the ocean floor.
And the last great promise in the Bible says right before the world comes to an end, that all humanity will see the face of God.
So I'm fortunate enough to have people that endorse me from various religious faiths because I don't talk down on any religion.
I appreciate anybody who believes whatever they believe.
And, you know, I know how I'm going to get there.
And I think God's a lot more forgiving and understanding than anybody I know, me, or, you know, whatever.
art bell
So again, bottom line, you're saying, yes, the Creator put his face on the bottom of the ocean.
unidentified
Not only that, you got the Jesus king in the Middle East bending down with a nail going through his wrist in the same location as the Shroud of Turin right there at the Suez Canal.
And I have a big blow-up of that coming in close at 777news.com.
They can see the demon on the South Atlantic Ocean floor, the entire South Atlantic, 666 at his mouth, longitude 60, latitude 66.
Four images covering 70% of our planet, and then the entire Middle East, all of it, that king kneeling in prayer.
And everybody's curious about the Great Pyramid.
At the very center of his praying hand is the Great Pyramid of Giza, which E. Wallace Budge, a curator for the British Museum, said should be pronounced not Giza, but Gizas.
art bell
Oh, really?
unidentified
Yeah, we live in a wild world, don't we, Art?
art bell
We do indeed.
We do indeed.
And, you know, certainly there are certain things.
I'm kind of a skeptic, Lloyd.
Really, I am.
unidentified
Me too.
I'm a member of Skeptics International.
art bell
But I'm also not blind, and I can see clearly what's going on in our world right now.
And it is very, very disturbing.
And it does seem like it's adding up to something imminent.
And you think that something might be a magnetic or pole reversal?
unidentified
You know, there's so many different, not so many, but there's about five or six different things that could cause it that I don't know what the spark will be, what the catalyst will be, but the world is already teetering, and scientists completely agree on that.
And all it would take is a Yellowstone event, an ocean floor event.
Right now, and that ring of fire, which is the tracing of the face on the Pacific Ocean floor, has heated up so much, especially off the coast of Oregon, where I'm going to be next week, and Washington, that scientists are saying, you know, this is strange.
Mount St. Helen looks like it did in 1980.
I have 500 slides that I show during my presentation, which, you know, verifies these facts, the names of the scientists, the pictures close-up, that kind of stuff.
And tonight we had such a good time because people just going, wow, this is like amazing stuff.
But I don't want to live in a boring world.
I'm glad that we got something interesting to talk about.
I don't want to just stay home and watch Laverne and Shirley.
art bell
No, it's not boring.
And incidentally, I did see the Discovery special you were talking about.
unidentified
Wasn't that fun?
art bell
On Yellowstone.
Oh, really, truly frightening stuff.
I mean, they drew out the scenario very carefully of how it would happen, the region, the entire region that would be affected, and it's scary stuff.
unidentified
My book's also on Amazon.
If people ask for the Facebook or the Face on the Ocean book, I always forget to mention them.
I wanted to get that out there.
Yeah, that kind of blew my mind when I saw that.
art bell
And the other one was Amazon has everything.
Let's see, the book is The Amazing Mystery of the Great Face on the Pacific Ocean Floor, right?
Right.
unidentified
Amazon.com or 777 News.
art bell
Okay.
unidentified
And they get a video, too.
I got one called Scientific Proof of the Deliberate Supernatural.
They get the two together for $35.
But I don't care.
They can go there to look at the pictures.
art bell
All right.
The Senate Committee on Governmental Affairs on the need for legislation to ensure the security of the government's information systems.
His articles have appeared in major news, I shouldn't have laughed, major news magazines and trade journals.
And he has appeared on Court TV, Good Morning America, 60 Minutes CNN's Burden of Proof in Headline News.
Kevin has also been a keynote speaker at numerous industry events and has hosted a weekly radio show on The Monster in LA, KFIAM 640 Los Angeles.
unidentified
in a moment, Kevin Midnick.
art bell
Here is Kevin Midnick.
Kevin, old buddy, how you doing?
kevin mitnick
I'm doing great, Art.
How are you?
Long time no talk.
art bell
Yes, indeed.
It has been a while.
And I have an immediate question for you.
Watching CNN Headline News earlier today, they had this really wild story about bots, about the danger of bots and how these bot masters or whatever they're called are able to make enormous amounts of money by having sort of a pyramid scheme of as maybe thousands of computers below them, you know, whacking and whacking their way into accounts here and there.
And even just something, a scam so simple as a bunch of hits to Google, and then somehow the payment gets back to them, or a part of the payment gets back to them.
Scary stuff.
kevin mitnick
Yeah, in fact, I think one gentleman or one individual had pled guilty in Los Angeles to actually running some sort of botnet.
And what a botnet is, is like an army of soldiers, is that there is usually a worm or a virus that takes over unsuspecting victims' computers and installs a piece of malicious software.
It's, you know, and turns the computer into what is called a drone or a zombie.
And then this software, this piece of malicious software, phones home to the attacker, usually over an IRC channel, like a chat room.
And then the bad guy literally can control tens of thousands of computers of unsuspecting people and direct those computers to attack an innocent company through what we call a distributed denial of service attack.
It could be used to pipe spam through these unsuspecting victims because through their ISP, they don't have to worry about the email being rejected, so to speak.
And it's coming from so many different sources, it's really hard to track down.
art bell
You know, the story portrayed exactly what you just said.
Virtual, good word, armies out there, thousands of computers directed by individuals, sort of computer warlords, if you will, going after these different goals.
Man, we are in the middle of a world changing right in front of us.
And a lot of us are simply totally unaware of it, aren't we?
kevin mitnick
That's true.
And it's a shame because if individuals out there just did a few extra steps when they purchase a computer, they could really raise the bar and they probably won't be attacked because if they run something like a personal firewall and they're careful about opening up attachments and doing certain things that people can do to really mitigate the risk.
But unfortunately, there's a lot of people that go into Best Buy or Circuit City, their mom and pops, they go buy a computer, they plug it into their DSL or to the cable, and then they're victimized.
art bell
Kevin, no matter how many warnings are given out, and they're constant, thousands, even no, millions of people are not going to tend properly to their computer.
That's just a fact of life.
So these armies are going to constantly be able to recruit new soldiers.
It's not going to stop.
I mean, is there some kind of educational process that you think would really get through?
We finally have people wearing seatbelts in America.
Could we do a similar thing with computers?
Are we going to have to?
kevin mitnick
Well, I think the software manufacturers could release their computer operating systems.
For example, the one with the biggest market share, Microsoft, configuring it in a default security-on environment.
But why they don't do that is because people want interoperability, they want reliability, they want functionality.
Microsoft doesn't want to have their telephone support centers barraged with customer service calls.
So they usually release it in the more relaxed modes, so to speak.
But I think if the operating system manufacturers increase the security of their released operating systems, and also there were some public service campaigns to really help raise general awareness about computing and security to the general public, I think it would help tremendously.
art bell
How many holes are there in like XP?
I'm current operating systems.
XP Pro, XP Home are pretty good operating systems, but, God, it seems like they keep discovering new holes all the time.
Is there going to be an end to it?
I mean, will Microsoft ever produce the last patch?
kevin mitnick
I don't think so, but you can't really pick on Microsoft.
It's really, you know, all computer operating systems are developed by people.
Whenever you have the human factor, it's always prone to error.
And unfortunately, is back in the day when Windows XP Pro was coded and Windows 2000 and even the legacy systems, they were developed by engineers and developers that weren't taught secure coding practices.
So what has happened is these operating systems have been released and there's a lot of bugs, a lot of flaws that security researchers could identify and exploit.
And then once they're exploited, they release the information to the public over the Internet, then anybody could exploit it.
art bell
All right, but look, there's going to be another operating system just over the horizon.
In fact, I think there's a name for it for it.
Longhorn.
There you go.
So now that they know about all of these security holes, when Longhorn comes out, it should be absolutely flawless, right?
kevin mitnick
No.
No, there's always going to be security vulnerabilities.
Humans develop computer programs, and there's always going to be problems.
The thing that we need to do is be aware that these systems aren't 100% perfect, and then develop a defense and depth model.
So you have to presume that any computer that's connected to the Internet could be compromised, but then knowing this in the back of your mind, what can you do to limit the damage?
And that's really how you have to think.
Now, think about all these companies that are out there with these firewalls and over the internet, like for e-commerce, for example.
And they have the company a firewall, but they still have to allow the public to connect to their website, else they can't do business.
And so what they do is they hire a junior programmer to develop the web application that the company is using to sell products and services.
art bell
Well, Kevin, when I go on to a secure site and I see VeriSign with a little check there, am I basically safe?
kevin mitnick
Not really.
I mean, there's a tax that can be done.
What you're talking about is using what we call the secure sockets layer in the protocol with the little lock.
art bell
That's right.
kevin mitnick
That means that any information that you send is encrypted and also you have a reasonable level of confidence you're talking to the real site, not a bogus site.
art bell
Well, what I'm asking is, do I have a reasonable level?
Can I reasonably expect that I'm safe?
kevin mitnick
Well, what you could think about is what are the threats?
For an attacker to come specifically after you and do what we call what the term is, it's called a man-in-the-middle attack.
And what that allows the attacker to do is even if you're using a secure connection, there's a way to trick you into connecting to the attacker, and the attacker actually connects to the real site and monitors all the information flowing in between, kind of like what the NSA would do.
art bell
I'm glad you brought up the NSA.
Let's have a little talk about that.
Let's sidetrack for a moment.
The NSA is listening.
They're listening to this radio show.
Well, the NSA is listening to probably all overseas communications, I would bet.
Now, would you go beyond that?
Would you say the NSA is listening to even domestic conversations?
Do you think they've got the big computers listening for keywords even domestically?
kevin mitnick
I would think so, but don't forget, now that we have voice over IP, we have analog and digital telephone communications, we have gigabytes of traffic over the Internet of that.
You have a lot of data to shift through.
So you have to think about, well, if you have all these pipes of data, how are they determining what pieces of information need to be sent to an analyst to the current system?
art bell
Well, obviously by very large computers that are looking for keywords and can monitor and do a great many things at one time, right?
kevin mitnick
I would suspect they even have really good voice recognition nowadays.
art bell
That, too.
kevin mitnick
You know, you imagine that you're calling these companies up over the telephone and their voice recognition systems are pretty well done.
So you have to think that our government's 10 years ahead.
art bell
So they probably are monitoring domestically as well as internationally.
They're just monitoring, right?
kevin mitnick
I don't really know, but I would suspect they are.
art bell
It would be my guess, too.
Now, my question to you is there's a balance here, Kevin.
On the one hand, we are fighting a war on terrorism.
These people want to kill us, and they're making plans to kill us.
So we have a good reason to listen.
Is it a good enough reason to listen?
We have the Constitution, which is sort of crumbling under the effort.
The Fourth Amendment is sinking lower and lower and lower.
And so my question to you is, in your mind, Kevin, the old hacker mind of Kevin Midnick, is there enough justification to be doing what we're doing to our own citizens?
kevin mitnick
Well, it's a hard question to answer because we're balancing two very important interests, the interest of privacy and the interest of security.
And I'm a firm believer that our forefathers had fought and died in wars to, well, have fought and died to protect our constitutional rights.
And for the United States government, or for any state for that matter, to not comply with the constitutional protections causes me to really think about the issue.
I kind of lean towards really that our government authorities have to abide by constitutional protections.
art bell
So are you telling me then that if you were the President of the United States, you would not have signed that authorization?
kevin mitnick
To tell you the truth, if I was the President of the United States, I probably would have.
I would want the ground truth.
I'd want the intelligence.
art bell
See, there you are, Kevin.
There you are.
kevin mitnick
If I was the president, I probably would have.
Do I agree with it?
No.
art bell
That's the real test question, isn't it?
Yeah, it is.
And I actually, and people will be, some will be appalled.
But I think if I were the president and I was looking at this threat to the country that I had sworn to protect, you would do whatever you could to protect it.
I think I'd sign it.
Yeah.
unidentified
I do.
art bell
I really do.
We really are in a war, and I don't know of any other way around it.
Honestly, I don't.
And I understand that it trumps on the Constitution, but I don't know.
I think the war trumps it.
kevin mitnick
Yeah, I think that is a good word, Art, but I also think that any intel that is gathered through illicit monitoring should not be available to law enforcement agencies.
For example, if the NSA is monitoring conversations and they learn some guy is a bookie, they shouldn't be able to pass that information to the state police.
Because I think that would really infringe on constitutional protections.
But if they actually undercover a terrorist plot, well, the more power to them.
art bell
Well, what about if they uncover domestic terrorism?
What if they stumble into another nickel?
Somebody wants to blow up a building somewhere.
kevin mitnick
Terrorism is terrorism to me, whether it's international or domestic.
art bell
So, yeah, that should be passed on.
kevin mitnick
Yes, in my opinion.
But the Congress is really responsible for enacting the laws.
So they're going to do what they want to do, and then those laws are supposed to be enforced.
But then there's all these exceptions to the rules.
And usually the government has built in these exceptions to allow them to monitor communications, especially under the Electronic Communications Privacy Act, for any sort of even fraud.
art bell
Well, your answer is very interesting.
On the one hand, you're against it, but on the other hand, if you were the president, you'd be doing it too.
kevin mitnick
Yeah, I would want the intel.
I'm putting myself in the position of having the power to get it.
And if I did have the power and I had to protect the country, and I would use it to get the ground truth.
I'd use it for a specific purpose.
art bell
Okay.
All right.
What is social engineering?
Remind the audience, we did this before, but go ahead.
kevin mitnick
Well, social engineering is a technique used by identity thieves, by hackers, even by law enforcement.
And social engineering is really using manipulation, deception, and influence to get a person to comply with a request.
In the social engineering that's relevant to computer hacking, it's where the bad guy calls or emails or calls somebody over the telephone and convinces a person to release information that could be proprietary, like, for example, their passwords, or has that person performed some sort of action item, like visiting a website.
Like imagine this.
Imagine you've got Betty that's a secretary of a large company.
Betty gets a phone call one day, and it's a guy, John, and he says he's from the IT department of that company.
Betty doesn't really know him, but what John is asking, well, first of all, tells Betty that they've had some issues with their internet connection, and he wants to make sure that she can still get out to the internet, and there's no problem.
So he simply says, hey, Betty, I want you to go to this website and see if it actually comes up, if you could see a picture.
art bell
And Betty, of course, complies.
Immediately.
kevin mitnick
She complies, goes to www.ishngohere.com.
And up pops a picture of a flower.
But what Betty has just done is when she opened that, when that picture was rendered in her browser, unbeknownst to Betty, it exploited what we call a client-side vulnerability in the browser.
And now the bad guy has complete control over Betty's machine.
art bell
Yeah, that's like that commercial on TV.
Have you seen that, Kevin, the one in which the poor lady in her little cubicle brings up something that says, you just have contracted the pink slip virus.
And pretty soon all the other cubicles are getting the pink slip virus.
And her head sinks down and I don't know, she goes somewhere or something.
I forget what the commercial is for.
Have you seen that?
No, I really haven't.
Well, that kind of thing.
Anyway, poor Betty.
kevin mitnick
Or even a better one.
Imagine you're an employee in an office building.
You walk into the restroom and you notice that somebody's left a CD in a jewel case on the sink, and it's red.
It's a red jewel case, and you want to find the owner.
So you open up the jewel case, and it's a CD that has the company logo on it, and it says Extremely Proprietary and Confidential Employee Salary History, Second Quarter 2006.
art bell
Yes.
kevin mitnick
What are the chances that some guy is going to walk back to his office or his cubicle, stick in the CD just to check out what his coworkers or what his boss is making?
And there's an Excel spreadsheet there.
He double-clicks on it.
It comes up that it's corrupted, but unbeknownst to the guy, he just installed a piece of software that secretly connects out from his computer to the attacker on the outside of the company.
art bell
The whole thing was a ruse to get a program in there that would rob him of all the data that he's got.
kevin mitnick
Well, would give the bad guy control.
And technical hacking is very similar because we have a thing, the technical term is called a buffer overflow.
That's where you can take advantage of the developers'or programmers'mistakes.
unidentified
That's where you can take advantage of the developers'mistakes.
art bell
What is the typical profile of a hacker?
Where do they get their start?
Are they really as technologically sophisticated as we are sometimes told?
Now, I think Kevin would be the ideal person to answer that profile of a hacker, because Kevin was a hacker.
So you should easily be able to answer that.
What kind of guy or gal goes to the dark side of computing?
unidentified
Well, it's kind of really a mixed bag of mixed question because let's deal with that one first.
kevin mitnick
To deal with what, the profile of a hacker.
art bell
That's right.
kevin mitnick
Well, I mean, the person that's doing hacking might have a different agenda.
You might have someone who just wants to steal using technology, so they learn a little bit about How to exploit vulnerabilities and they exploit e-commerce sites and steal credit card databases.
Well, again, you're really looking into the mindset of a hacker.
And I could talk about myself because many years ago, when I was involved in this activity, my mindset was really for the intellectual challenge, the thrill, the adventure, the seduction of danger of being somewhere where you really shouldn't be.
art bell
Okay, you weren't after the money?
kevin mitnick
No, no, not at all.
art bell
No.
kevin mitnick
Mine was purely challenge and seduction of danger and adventure and intrigue.
I guess that would best sum up my interest.
But in today's world, a lot of the people that are using hacking skills to steal are really profit-motivated.
They're not really into this activity for the passion of the technology like amateur radio operators.
art bell
In other words, from your point of view, Kevin, they're not pure hackers.
kevin mitnick
Correct.
You have a mixed bag.
You have the purest hacker that might be a kid in high school that does something on the school computer because they're interested to see how far they can go.
Then on the other side of the spectrum, you could have some terrorist group that wants to hack into a telephone company switch because they want to bring down telephone service in an area where they're going to do a physical attack.
So you have a mixed bag here.
There's not really one good answer.
In the second book I wrote, in The Art of Intrusion, what I did is I told several stories of different hackers who had different agendas and illustrated the different techniques that they would use to break into systems and how they would cover their tracks.
art bell
And from that book is out now, right?
Oh, yeah, it's The Art of Intrusion.
kevin mitnick
The Art of Intrusion.
Yeah, and if anybody's interested, they could go to Amazon, like your last guest mentioned, and they could actually read parts of the book for free online.
art bell
Okay.
So we have two different kind of hackers, one motivated financially, one motivated, well, for the pure thrill, the pure everything that goes with it, not the money.
Now, let's talk about the money people for a second, because CNN earlier today said, you know what, people can download, they don't have to be an expert in computers.
They can download a program that will let them become one of these bot masters.
In other words, you don't really have to know anything about a damn thing except how to buy a program, and then you set yourself up at the top of a pyramid, and you make money.
kevin mitnick
No, I think what they were mentioning on the show, which I actually did not see, is probably people that have actually compromised a number of computer systems and have them under their control.
They're selling this as a service to buyers that want to send spam or pop up ads or do denial service attacks.
So it's just a service to be sold.
But it's not like you can go out and download a simple program and go and infect 10,000 unsuspecting victims' computers and take control because it would require a little bit of technical knowledge there.
The people that do this, the people that actually download programs and what I call like point-and-click hackers, there's a derogatory term called script kitties.
And what a script kitty is, is somebody that downloads a program that doesn't understand how it works, doesn't understand the vulnerability it is exploiting, but just simply knows if they run this program, good things would happen and they would get access to things that they shouldn't have access to.
art bell
Yes, yes, yes.
Yes, yes.
How many script kitty people do we have out there?
kevin mitnick
More than sophisticated hackers, because the more sophisticated people that are doing vulnerability research, that even are ethical white hat hackers, and people that even on the darker side, when they find these vulnerabilities, they're publicized.
And even in some cases, programs that demonstrate what they call a proof of concept are published on sites and are sent and available on news groups and such.
And then anyone that really has access to the Internet in a browser could download these programs and use them.
art bell
And people like yourself look down their nose at script kitty people, yes?
kevin mitnick
Well, I don't really look down at them because I figure that they're novices.
And they have to, you know, it's like, I guess, an amateur radio operator.
It's a novice.
They know a little bit of electronic theory and they could do five words a minute of Morse code and they've got to start somewhere and then eventually they might become an extra class and then they know a lot more about electronic theory and they could do 20 words a minute.
Well, I know everything has changed by now, but I'm thinking back in the day.
art bell
Yeah, it's five words a minute now for the whole group.
kevin mitnick
My God.
art bell
Well.
kevin mitnick
I had to study my butt off when I was looking at it.
art bell
There are many who feel that these standards have been lowered.
Well, anyway, I won't get into that right now.
But look at them like script-getty people.
kevin mitnick
I could equate amateur radio operators, people that were into ham radio, the tinkerers with electronics building HeefKit radios.
Oh, yes.
It's very analogous to a class of computer hackers that were into the experimentation, into the exploration out of the passion for technology.
And it all, I think, emerged from amateur radio and the old phone freaks of the 1970s.
art bell
Sure.
I think a lot of people want to know these days, Kevin.
I do.
We have enemies, very serious enemies.
Now, I wonder if they're just out there tinkering around with explosives and biological stuff and even nuclear materials, or whether they're also conducting a war against us with our own technology.
And so in other words, is Al-Qaeda, do you believe involved intimately in some sort of cyber war with us, or is there an aspect to it, is it just communication among the cells or what?
kevin mitnick
I believe that these terrorist groups definitely use the Internet and use encryption and steganography to communicate.
That's just, you know, to me it seems like common sense because it would be a great way to conceal their communications.
Whether or not they're actually obtaining hacking skills or hiring people that have these skills to do cyber attacks against critical infrastructures, I really don't know that.
But I do know that other nation states are, and even the United States of America, that they are training people in our branches of service to do offensive attacks and also defend our critical infrastructures.
art bell
Well, I'm thinking of power plants.
I'm thinking of nuclear silos, missile silos.
I'm thinking of a million different things that virtually these days are controlled by computer.
Is our infrastructure in America, and I mean power plants and all the rest of it, nuclear power plants, for example, are they all protected well enough?
kevin mitnick
Well, I don't believe they're connected to the public Internet, at least the critical systems.
At least I would hope not.
But you have to think about what about the worker that has a laptop that's an authorized employee that plugs in their laptop or goes to Starbucks and enjoying a latte.
They're connected to T-Mobile surfing the Internet.
art bell
Yes, sir.
kevin mitnick
And who goes to some sort of kiosk, uses, they have an open wireless network at home.
And then they bring that laptop back into a protected facility and just plug it in.
What type of malicious programs and worms could spread?
In fact, when we had that blackout many months ago, that was at the exact time that the MS blaster worm was in its highest infection rate.
So it was quite suspicious of the timing, and you have to wonder, did that same exact incident occur there?
art bell
Well, I know that when we went to war with Iraq, there are many stories floating around out there, Kevin, about what the United States did, that we threw some magical switch and virtually turned off their communications, turned off their radar, hacked into this, hacked into that.
We turned off Baghdad before the bombs fell.
kevin mitnick
Well, can you imagine if you actually have access to the computing technology, like if you know Iraq is going to acquire X amount of computer systems from a particular manufacturer in the United States government's able to booby trap those systems before they're actually delivered.
You can even booby trap printers.
Because printers nowadays have, they're accessible basically through TCP IP, through an IP address.
And you have to think about, wow, your company or your business could be hacked through your printer that's connected to the Internet.
That's not even protected because the owner doesn't understand what threat exists in that case.
art bell
So you're saying, for example, if we could control the technological flow from here to, say, Iraq or any other country that we are at odds with, we could perhaps sell them equipment that's got little virtual bombs in it.
And if we suddenly went to open warfare with that nation, we could, with a click of a switch, an order given by a president or whoever, a military commander, we could turn them off.
kevin mitnick
Well, it's a possible if, for example, you have computer hardware and you're able to switch the firmware to some, it has some extra, let's say, functionality.
And even say with Microsoft, the Windows operating system, if it's able to, you know, a special version has been patched in the case of delivery, it has some extra bells and whistles that they would rather not have.
Yeah, it's possible, but you have to think that government institutions, you know, at least when it comes to software, are using some sort of due diligence to ensure that they're not getting a doctored version of the software.
But you have to think about the hardware.
The hardware could be booby-trapped in some cases, too.
art bell
I want you to see a movie.
It's a very little-known movie.
You've probably never heard of it.
It's called Deterrence.
kevin mitnick
Never heard of it.
art bell
It was made completely inside a diner.
It concerns a crisis the United States goes through with Iraq, as a matter of fact.
It assumes that the son of Saddam took over, and we come to blows with Iraq, nearly to nuclear blows.
And the threat of the story is that we sold Iraq through France a bill of goods.
We sold them nuclear weapons because they wanted them.
So instead of allowing them to get them from somebody else, we actually did it through the French.
Only we also sold them a terabyte computer that would assure them the weapons would work.
And when the critical moment came, they didn't work because the terabyte computer was ours and we had instructed it to tell the Iraqis that these nuclear weapons would detonate, that they were in good shape.
And it's the exact kind of thing you're talking about right now.
kevin mitnick
We used a little bit of social engineering art.
art bell
That's right.
And so you have to imagine that we are doing this kind of thing, and that when we go to war with the country, we can virtually flip a switch.
Their electrical grid goes down.
Their radar computers go berserk, and on and on and on and on.
And I guess we're pretty good at what we do.
kevin mitnick
I agree.
You know what the most valuable tool to a hacker is?
art bell
What?
kevin mitnick
It's what is called a zero-day exploit.
It's a flaw that exists in a piece of software, for example, that somebody has identified that nobody else knows about.
art bell
I read something about that zero-day zero-day.
kevin mitnick
It's called a zero-day because it's been discovered, but it hasn't been reported to the software or hardware manufacturer, and it's relatively unknown to maybe one or to a small group of people.
And if you have a zero-day and that computer in a particular, say, application or service and that is accessible over the Internet, well, it is highly likely it could be compromised.
Now, there are security researchers that look for these vulnerabilities, and they actually sell them to companies like iDefense and, I think, Tipping Point.
They buy these vulnerabilities so they could act as an intelligence source to different businesses that subscribe to their services.
art bell
Wow.
kevin mitnick
But don't forget, there's other security researchers that specifically sell zero-day vulnerabilities to the U.S. government.
Why would the U.S. government want zero-day vulnerabilities against our enemies?
art bell
Let's be clear.
These zero-day vulnerabilities are actually things that, in other words, there are a flaw that somebody has become aware of but has not yet used.
kevin mitnick
Well, they probably used it and tested it, went through some QA process, but they haven't proved it.
unidentified
Right.
kevin mitnick
But they haven't.
It's a secret because it's a secret way in.
One of the recent published vulnerabilities at one time was a zero-day was the one with the Microsoft Picture and Fax Viewer.
So if a certain image was rendered in your browser, if that image was constructed in a certain way, the attacker could basically execute code on your computer, which allows them to pretty much take it over.
And what if that vulnerability was, before it was made public, was used for two years by the American government or the Chinese government to compromise each other's systems?
It's probably done all the time.
art bell
All right.
Let's just let our minds wander for a moment.
You've got a company like Microsoft, and I'll just throw their name out because what the hell, why not?
They're the big ones.
Do you think that the U.S. government approached Microsoft when the government figured out that Microsoft was going to be the big gorilla and intentionally had some zero-day stuff installed during the process of upgrades as we went from operating system to operating system?
Do you think it's possible that the U.S. government approached Microsoft and said, look, you want to do something good for your country?
We're going to set up this and this and this and this.
Are you willing to go along?
kevin mitnick
Well, you have to think about Microsoft has control of all its customers' computers, right?
Because basically your computer automatically, well, anytime you go to Windows Update, they download programs essentially into your computer and you don't know what it's doing.
you're not that technically astute, and who knows what those programs do.
I doubt that the government would approach Microsoft.
I think what they would do is they'd plant operatives in the company that would obtain jobs, and they would secretly Embed weaknesses in certain areas, they'd have to be pretty stealth about it.
But if you have rogue developers that are and well, that might not just go for the United States government.
That could probably go for any government around the world, right?
art bell
Or maybe they were approached and they said no.
kevin mitnick
I don't think they would do that.
I think the government would keep it even secret, try to keep it secret from Microsoft.
I think they would plan an operative at the company or operatives and try to do something that's going to be very, very innocuous and appearance-wise, but might, a certain set of conditions, not just one, but a certain set of conditions, if they were met, it would create some sort of vulnerability.
I don't know if they've done it, but it would probably make sense in a time of war.
unidentified
Thank you.
art bell
Oh, man, isn't that interesting?
I'm getting a lot of notifications on FastBlast from all of you that our stream, our internet stream, which goes along with the program, as you know, is down.
It's actually down right now, completely down, according to the people.
Now, I don't know if that's all the stream, part of the stream.
What's going on with the internet, I have no idea.
But in honor of Kevin Mitnick being here, the stream is down hard, buddy.
kevin mitnick
That's unfortunate.
art bell
Yes, it is, isn't it?
I wonder if it has something to do with your appearance.
kevin mitnick
Well, I've appeared many times on your show before, and that never has happened, so it's probably unlikely.
unidentified
Hmm.
art bell
Maybe.
kevin mitnick
Maybe those armies of drones that are now doing denial service attack against Clear Channel.
art bell
Yeah, you never know.
You just never know.
And maybe it's being done in your honor, buddy, so thanks a lot.
kevin mitnick
Well, I hope not.
I definitely would discourage any of that type of activity.
That's not cool.
art bell
Uh-huh.
I bet that's the exact line they wrote to you as a response that you should give to anybody like me when you got out of the federal whatever.
kevin mitnick
No.
art bell
No?
kevin mitnick
That's coming from the heart.
unidentified
Okay.
art bell
All right.
So how dangerous now is all of this getting?
In other words, I guess in a way I'm asking who's winning?
Are the software people and the people who put out all the protection programs winning?
Or are the hackers and the terrorists winning?
kevin mitnick
Well, I think it's a constant cat and mouse game that companies that are innovative security companies are trying to build better and more resilient locks.
And you have a group of people out there that are trying to pick the locks.
And it's going to be this consistent process through the life cycle of security.
It just never ends.
So that's why we as consumers can't just feel confident that if we install Spy Sweeper, that we're safe from spyware.
It doesn't work like that.
Unfortunately, what consumers want is they want the security to be transparent.
They want to be able to plug in their computers to the Internet, use it, and have a confidence of security.
But unfortunately, when you purchase a computer from Dell in the mail, or you go into a store and you plug it in, it's not in a default security configuration.
You have to either learn about the technology or you have to get somebody to help you.
Maybe the kid that's in a computer class down the street could help you out.
unidentified
All right.
art bell
Well, I think we've talked about this before, Kevin.
Frankly, I know there are keystroke programs and a million things out there to monitor what you're doing.
I don't really have anything on my computer that I'd be ashamed for anybody to see or worried about.
However, I'm on the verge.
I'm being talked into it by friends to begin doing online banking.
Now, that's a horse of a different color, buddy.
A big horse of a different color for me.
I'm being told that online banking is every doggone bit as safe as when I walk up to my teller and I have a transaction.
unidentified
True.
It is.
kevin mitnick
Do you want to know why?
art bell
Yeah, I do want to know why.
Yes, I want you to talk me into it.
kevin mitnick
It's true because if there's any fraud on your account, the bank takes the risk.
They take the loss.
As long as you didn't authorize the transaction, you didn't do it yourself or authorize anybody else, and there's fraud, and somebody has hacked your password or used what is commonly known as phishing, login in password from you, and you find out about the illicit activity within, I think there's a certain time period by law, maybe 30 days, 60 days, that the bank will just credit.
They'll do an investigation.
You'll have to probably sign a notarized document.
art bell
And you're saying this is true even if you're doing online banking?
kevin mitnick
I believe so.
art bell
A good friend of mine, I thought it was hysterically funny at the time.
I mean, we were on ham radio, and I was talking to this fellow in Southern California, and a Mexican person had somehow acquired his banking information.
And he was doing his online banking, and it was, you know, other people's pain is funny.
But, I mean, he was on the air and telling us that this guy had his information or his card or whatever and was traveling south into Mexico.
And he could literally go online and look at this guy spending his money.
And he was going, oh, my God, he just spent $300 on so-and-so or $600 on so-and-so.
He just bought a case of booze.
He's having a blast.
And, you know, of course, it was great pain for him as this guy traveled south spending like crazy.
In the end, his bank took care of it and made good on it.
And you're telling me that's always the case, whether you go to a teller or whether you use online banking.
If something like that happens to you, they're going to cover it.
kevin mitnick
I believe so.
I believe there's certain rules, and I don't know those rules off the top of my head, but I think it's very similar to credit card fraud.
I think the law is that you could be responsible for up to $50 for fraudulent transactions, but at the end of the day, the bank rarely charges their customers any fee if there was fraud.
And that's why we have such high interest rates these days, is because the banks are taking the risk.
In other countries around the world, in Eastern Europe, it's a different story.
It's the consumer that takes the risk.
So that's where it becomes a little bit scary to do online banking.
art bell
Well, as a matter of interest, Kevin, how much money do you think American financial institutions are having to pony up for fraud?
kevin mitnick
Well, the FBI just did a new survey.
It was called the 2005 FBI Computer Crime Survey, and I actually was a contributor to this survey that had been done.
The numbers that are that they, I think it was like the largest survey across a large cross-section of several states.
And if you looked at the FBI's calculations, it's in the billions of dollars.
And if anyone's interested in the survey, it's not on the FBI.gov site.
I think it was up there, then it was moved.
I don't know where it is, but I did put it on my website if anyone's interested.
And that is www.mitniksecurity, M-I-T-N-I-C-Ksecurity.com.
And right on the homepage there in the upper left-hand corner, anybody could pull down the recent survey that was just released, I think, a week ago.
art bell
Good plug.
I assume the financial institutions don't want the public to know how much they're ponying up for fraud, right?
kevin mitnick
Oh, absolutely.
A lot of times, fraud is classed under, like, for example, it's credit card fraud if they realize they have application fraud.
That's where an individual uses fraud in applying for a credit card and the bank loses, you know, has suffered a loss.
What happens is they'll put it into the bad loan category because they don't want to report the fraud.
art bell
So a lot of times they get to deduct that from their corporate tax, right?
kevin mitnick
Exactly.
So a lot of times losses are put in, you know, through creative accounting, they're put into other categories so it doesn't negatively affect the company.
Companies can't take a hit in the media.
They don't want loss in customer loyalty.
art bell
Right.
But on the other hand, Kevin, if it goes over a certain percentage, then the company itself becomes in trouble.
It's not anywhere near that yet, is it?
As we look across the various credit card companies and all the rest of it, I mean, are the losses getting so severe as to perhaps even put the company in trouble?
kevin mitnick
I think so.
Just recently, I don't know if you heard about this, but there was a company called Checkpoint.
And what they did is they sold information about people, including social security numbers and addresses, telephone numbers, basically the dossier that they've collected through data mining and purchasing information.
And they sold this information to legitimate customers that had a need to know, maybe insurance, underwriters, law enforcement, and so on and so forth.
So what had happened is some individuals, a fraud ring, actually applied for a checkpoint.
I'm sorry, it's ChoicePoint.
Checkpoint is actually a firewall comes.
They applied for legitimate access to this database, and they were granted.
And they were obviously using some sort of false cover that they had some legitimate need for this information.
And what they were doing, it was an identity theft ring.
art bell
And they socially engineered them.
kevin mitnick
Exactly.
And they're getting access.
They actually paid for the service, but they were using the information to steal.
And I just saw in a recent news release that the company was fine like $15 million.
And I think that's a substantial hit, not only in public confidence, but $15 million isn't a drop in the bucket, at least to me.
art bell
Well, I suppose in the large financial picture of the U.S., it is a drop in the bucket, but it's still a lot of money.
kevin mitnick
Well, to an individual company, I think the loss of public confidence is much worse.
And because of that incident, what had happened is it created this backlash in the private investigation community where there's a lot of databases out there that people could obtain information about you.
And several of these companies started masking the social security number.
Some of them have not done that.
And usually you'd have to demonstrate a real need to know that you're a real business, and they would send somebody out to your place of business to verify you are real, and then they would allow you to have access to the information.
But you have to think about it.
A Nigerian fraud ring could simply open up a corporation, rent an office space, put in furniture, put in computers, and they look and feel like a real legitimate business.
art bell
But they've got to learn to write better scripts.
They really do.
I mean, they're pathetic.
I actually, somewhere here, I've got the recording of one.
I actually called this guy in Africa, and I went through the whole thing with him, and I finally got him so exasperated.
You know, I should look up that audio.
I've got it here somewhere.
It was an absolute riot.
Have you ever done that?
Have you ever called one of them?
kevin mitnick
No, I never spent my time.
art bell
I just did it for a hobby, just to see what would happen.
Oh, I got a million.
kevin mitnick
You should play that audio Wendy.
I'd love to hear it.
Not recently, I think within the last couple of years, there was this woman that worked for a New York law firm, and she received the Nigerian email offering to deposit $30 million to her account, and she'd be able to keep 90% of it.
Oh, yeah.
And she had actually thought she had won the lottery.
So she communicated with the people wherever they were in the world, and they needed an advance fee to handle certain taxes and transferring and lawyers, and they needed $2 million.
So the lady thought, well, if I can retire with $20 million, at least $20 million, all I'll say have to do is, I'm a signer for the checks at the law firm I'm working, so maybe I just send them the $2 million, wait for the deposit, I could pay the law firm back the $2 million, and I could live happily ever after.
art bell
Well, you know, there's nobody easier to scam than a scammer.
And I was trying to figure out how to do that.
Anyway, I got this guy real frustrated.
Doggone it, I can't find it.
I will find it.
And I will play it.
It was actually on reflection, kind of a riot.
The poor fellow just, anyway, I just kept talking about when could I get the money?
And God, I really need a new car.
And he was just, you know, Mr. Bell, you be patient.
You know, patient.
Guaranteed to work.
You know, it was just a riot.
And I do have it.
And there's really no reason I couldn't play it.
Sometime do that if you want to have some fun, Kevin.
Call one of those numbers in Africa and have some fun with them.
It makes you feel better.
I mean, I get so many of them in my public account that I finally just got frustrated and wanted to strike back.
kevin mitnick
Hey, about a year ago, last February, I was in Amsterdam and I went to an internet cafe and there was this group of Nigerians huddled around this PC.
art bell
Really?
kevin mitnick
And it really looked like they were doing some sort of fraud, but I kind of stayed out of their way.
I didn't want to be noticed by these people and then they come after me or something.
art bell
I should think you wouldn't want to be noticed by anybody near a bunch of Nigerians around a computer.
kevin mitnick
There you go.
art bell
By the way, how has life been for you since your encounter with our government?
kevin mitnick
Well, it's definitely been new and improved.
I started a security company, you know, Defensive Thinking that you mentioned in the initial broadcast.
art bell
Yes.
kevin mitnick
And then I changed the name to Mitmix Security because I thought it would be better to have my name in it.
And what I actually do is 75% of my time is I go around the world and I do public speaking engagements and I speak at a number of conferences and a number of companies talking about security, the human factor of security when it comes to social engineering, wireless security, and a number of different topics.
art bell
So it's Mitnik, the name you know.
kevin mitnick
Yeah, my last name, Mitnik, with a CK.
Right?
I figured it's good for the brand, right?
So I go around the world.
I'm going to Israel in mid-February to speak in, I think, Tel Aviv.
then I come back and I go to Utah to a university, then I go to South Africa, which is going to be No.
art bell
No.
You'll notice that it's a country of very young people, many of whom carry submachine guns.
kevin mitnick
Yeah, and you know that there's a lot of technically astute people out there because it's like the real Silicon Valley of the world.
art bell
Actually, a lot of interesting security-type software comes out of Israel.
For example, I had a gentleman from Israel who wrote a program that could simply analyze your voice and render up an opinion about whether you were telling the truth or a lie just based on your voice.
kevin mitnick
Voice stress analysis.
art bell
Yes.
The Israelis use it at checkpoints and so forth.
kevin mitnick
Maybe the Mossad has like a pocket version.
art bell
Oh, it's very effective.
Very effective.
How are we doing in that world, by the way, of voice recognition and face recognition?
I remember I went to a Super Bowl, told you, and they took a picture.
That was the first one where they took everybody's picture and looked in files to see if you were a bad guy.
kevin mitnick
I think it's getting better.
I think that about a year ago, the technology was in its infancy.
And I think as time moves on, that a lot of these companies are developing better biometric technologies.
But the problem is there's not much early adopters.
Maybe in very secure facilities they're using biometrics, but I really don't see that as a huge trend.
You have to think about, because of all the online fraud, that you would think a lot of the banks and financial institutions wouldn't necessarily use biometrics, but they'd use what we call two-form factor authentication, which actually means that you have a piece of information, something that you know, and you might have a device like a smart card.
And with the combination of having the card that you swipe through like a card reader and having like a PIN code, that raises a level of confidence that you are who you say you are.
But the problem is the fraud losses that are actually, the losses that are actually reported as fraud, those numbers aren't high enough to justify putting in stronger authentication systems because it's too costly to roll out.
But there are other innovative companies that are trying to build in two-factor authentication.
Like, for example, there's a company that if you log on to your bank account, it might present an image of an airplane.
And you know that if you visit your bank and you don't see an image of your airplane, the airplane before you log in, that it's likely to be not really the bank site, but a bogus site that somebody's trying to deceive you into logging in as and to steal your username, to steal your password.
art bell
I must say it was done to me once.
James E. Hansen, longtime director of the agency's Goddard Institute for Space Studies, said in an interview that officials at NASA headquarters had ordered the public affairs staff To review his coming lecture papers, any postings on the Goddard website, and requests for interviews from journalists.
In my world, that's a wow.
Kevin Mitnick back in a moment.
unidentified
Kevin Mitnick back in a moment.
art bell
Okay, for the sake of my audience, I think I want to get practical with Kevin for a moment here.
And Kevin, what I mean by that is there are a million different things offering to remove spyware from your computer, offering to remove viruses, offering to prevent viruses.
What I'd like to know is what's really good?
What's the best advice you can give an individual either with respect to a program to have or what to do?
Firewalls, I don't know, what's really good out there?
kevin mitnick
Well, first of all, personal firewall.
Microsoft XP after Service Pack 2, well, Windows had a built-in firewall in Service Pack 1.
But with Service Pack 2, Microsoft, when it releases, when you install the OS, it turns it on by default.
And what that does is it blocks malicious incoming connections.
So anybody trying to connect to your computer from the outside.
However, it doesn't stop malicious programs from connecting out.
So a more resilient firewall, actually the one that I use myself when I'm using Windows, is one called Zone Alarm.
art bell
Zone Alarm, yeah.
kevin mitnick
Yeah, and it's a real popular firewall, and you can actually download it for free.
I actually bought the Pro version, so I'd have a little bit, I could tweak it in my mind.
art bell
My question would be, and you tweaked it, and you know how to do that, but if you just get it as is, which most of us would do.
kevin mitnick
Oh, it's certainly better than nothing.
art bell
It's better than nothing.
My question would be, like a radar detector in a car, how often does it false?
In other words, tell you that there's apparent attempted access when really there is not?
kevin mitnick
Well, the problem is, if you're connected to the Internet, you're constantly being probed by malicious programs.
The terminology in the computers, I guess, security field or hacking underground is called port scanning.
A port is like a door.
You're going down the street and you're knocking on every door to see if there's a computer application behind it.
art bell
Looking for an open door.
kevin mitnick
Right.
But a port really just lets you talk to a computer program.
And if a hacker could find programs that he or she can talk to remotely, he or she might be able to find a vulnerability.
Okay.
So what Zone Alarm does, what I think Microsoft's default installation of the firewall does, is it basically just closes all the ports.
So nothing is open unless you explicitly open it.
art bell
Okay, so what's in there from Microsoft, from Service Pack 2 on, is, you're saying, very helpful.
kevin mitnick
Yeah, of course, because it's by default, it's actually turned on, which they should have done years ago, was when the firewall should have been turned on by default.
But what happens is then sometimes it breaks things, and then customers end up calling their support number, and it takes their time.
But a more resilient firewall, which I mentioned before, is ZoneAlm.
What happens if let's say a malicious program, let's say you visit a malicious website, and that website exploits a flaw with an Internet Explorer and the hacker is able to download a malicious program to your computer.
And what happens is that malicious program secretly logs all your keystrokes.
So every time you write an email, it stores the information, all your keystrokes, every time you sign on to your online bank, every time you use AOL Instant Messenger, and then it secretly sends it off to the bad guy, to an email account in Russia or whatever.
What would happen is the more resilient firewalls will pop up a dialogue box where that program is going to ask for permission to connect out.
And unfortunately, some users might just say yes and let it go out, not knowing what it is, just thinking, well, it has some really complicated name, so maybe it's part of an important program with Windows, so I'm going to allow it to connect out.
art bell
Kevin, you keep mentioning Internet Explorer.
So I want a frank, honest answer from you.
Because IE is Microsoft's product, is it better, would you advise people to use another browser?
I don't know, Netscape, or there's a lot of them out there.
kevin mitnick
Like Firefox, there's Opera.
I'd recommend Firefox.
I'd recommend any browser besides Internet Explorer, actually.
art bell
Actually, any other than, huh?
Okay, because it's honest.
kevin mitnick
Yeah, there's been a lot of flaws identified with Internet Explorer, and it's not to say that other browsers don't have as much flaws.
art bell
They're just not going after them as hard because Microsoft is the million-pound gorilla.
kevin mitnick
Exactly.
They have the biggest market share, so you find a flaw in a Microsoft program, then it's going to affect many more people.
art bell
Got it.
Got it, got it, got it.
So that's what everybody goes after.
That's no real slam on Microsoft.
In fact, they're going after them precisely because they are so successful, and you've got more numbers if more people using IE, so certainly.
kevin mitnick
Exactly.
Now, with spyware, what I recommend is actually there's not one spyware scanner that I would say is like the killer app, so to speak, that will detect any piece of spyware.
art bell
I like AVG.
I use that.
unidentified
Okay.
art bell
And it's free.
kevin mitnick
AVG is free.
There's one that I actually used in the past called SpyCop, which I really liked.
I think WebRoot has like Spyware Scanner.
I think Microsoft has a free one.
I don't recall the name off the top of my head.
art bell
Well, I'm pretty careful, Kevin.
Honestly, I am.
I'm very mindful.
I don't open attachments I don't know about.
I'm careful with the websites I visit.
But still, I must admit to you, Kevin, the last time I ran Spybot, which I think is pretty good, I had like 100 and something and pieces of spyware in there.
A hundred and something.
It made me sick.
kevin mitnick
Yep, yeah, because a lot of the companies, legitimate companies, install programs to kind of track where you're going on the Internet.
Remember the old double-click?
art bell
Well, sure.
kevin mitnick
Or the double-click cookie?
Well, they do it to advertise things that you will be interested in so you'll buy the product or service.
But how these spyware scanners work is, similarly with the AV scanners, is most of it's signature-based.
So a malicious spyware tool would have already had it been detected and analyzed by a lab.
The lab would have had to create a signature, and then they would have had to put it in their database.
And then when their customers update their database of signatures, it identifies that as, oh, that's whatever they labeled, that piece of work.
art bell
Well, I notice nearly every time I log on, there's always an update to get.
So this must really be a big business on both sides.
kevin mitnick
Oh, it's huge.
Literally about six months ago, I went to Aerosmith.com, and I just went to look at their tour schedule.
And I don't know, like 15 minutes later, I get this pop-up dialog box saying, you know, your computer is infected with spyware.
If you want to get this fixed, please click here.
And I'm going, that's interesting.
So I started taking a look around my system and realized when I went to the Aerosmith.com website, it exploited a vulnerability in the browser and downloaded a piece of spyware that they were using to sell me products.
And then what I was kind of angry because what it did is it renamed certain things in the Windows operating system like Notepad and WordPad.
It renamed those files to, well, it actually infected those files so I could never get rid of this pop-up dialog box.
So I actually had to reinstall the operating system from scratch.
art bell
Oh, my God.
kevin mitnick
Which, you know, it took a whole day because I have so many applications and custom things that it wasted a whole day of my time.
art bell
Gee, one whole day, Kevin.
When I have to do it, it's like two or three days out of my life, just gone.
And you do it in one day.
kevin mitnick
Well, my day is probably longer than yours.
I'll spend 16 hours in front of the computer to do it.
art bell
I see.
Yeah, I tend to do the same thing, just go and go and go and keep going.
But it's so sad to have to do.
kevin mitnick
Well, think about what Sony did with the digital rights management software that they were secretly embedding in your computer to control access to music and to video.
Wow.
The technology that we call in the field is called rootcape technology, is where the operating system is modified in such a way that you could hide files, you could hide processes.
art bell
All right.
Now let's talk about this for a second.
Whether it's music or movies, I kind of side with the artists and the producers and the motion picture companies on this.
My God, it's going to ruin.
I really think it has the potential to ruin the record industry, to ruin the motion picture industry.
The minute a movie gets out, it's available on the net for download.
Millions of people are downloading, well, probably millions downloading both music and movies before they even get into the theater.
It's a ripoff of these artists and these companies, and it's not right.
It's stealing.
kevin mitnick
No, I understand your position, but what I'm talking about here is you have a company, a third-party company that's planting software secretly within your computer that if an attacker understands how that software works, they could use it as a conduit to do evil things to you.
art bell
I see.
So in other words, in an effort to protect, they're opening a door.
kevin mitnick
Exactly.
Exactly.
And I take issue with any company that if I install, you know, if I put their CD in my system and install some sort of product that it secretly embeds some sort of management software without my permission or consent, especially if it's really buried where I can't really see what's there.
art bell
Hey, Kevin, do we need laws about this?
Or do we have laws about this?
Maybe we do and I don't know it.
In other words, if you produce a piece of software and whoever you are and you put something in it for some commercial reason for your company, a reasonable thing, I guess, to do, there's no real law against that, right?
kevin mitnick
Well, usually I think these companies are able to cover themselves and have very limited liability because in their long license agreements that you click yes to that nobody reads, they probably have it right in there what they're doing.
art bell
You know, you're right.
I've never actually taken the time to read one of those.
I always click, yeah, sure, I accept the terms and the conditions.
kevin mitnick
Yeah, I never read one of them myself.
art bell
Does it say down, you think, down near the bottom?
And oh, by the way.
kevin mitnick
By the way, we're watching everything you do on your computer and every Internet site you visit, every keystroke you type, we're monitoring and capturing and using for our own purposes.
Thank you very much.
And you would never know about that.
art bell
Yeah, you'd just say, okay.
kevin mitnick
Exactly.
And that's why it's so concerning with what I was.
Have you ever used, well, let me back up.
Have you ever went to an Internet hotspot And used wireless?
I have, yes.
I've been doing a lot of research on wireless hacking techniques because I'm preparing a talk for when I go to South Africa.
And I found a very interesting tool that was developed by some really good security researchers.
And what this tool allows you to do that's freely available to anyone on the Internet is you can go into any type of hotspot or anywhere for that matter and you run this tool.
And basically what it does is there's a modification that's made to the drivers that drive the wireless card.
And what it does is what happens is you as a user are, you know, you get ready to associate, you know, you want to connect to like T-Mobile at Starbucks.
What happens if you have an attacker in RF range, radio frequency range, what the attacker's computer could be set up to do is when you're sending a probe looking for that particular access point, this computer sends back, yeah, I'm it, and then hands you an IP address.
art bell
Yeah, I've got the picture.
This is horrible.
kevin mitnick
Right?
art bell
Horrible.
kevin mitnick
Right?
And then you could imagine all the potential ability to exploit client-side vulnerabilities.
art bell
Oh, geez, Kevin.
How much of that is going on now?
kevin mitnick
Oh, I'm sure it's happening all the time.
I mean, think about airport lounges at airports.
art bell
On and on and on and on, yes.
kevin mitnick
right?
You know, think about the...
art bell
He's saying, here I am.
I'm a wireless point.
I'm available.
kevin mitnick
Yeah, you're basically a rogue access point, and you're man in the middle.
So what you're doing is you're saying, oh, I'm T-Mobile, connect to me.
You're handing that user an IP address, which is now connected to your computer.
art bell
Yikes.
kevin mitnick
Right?
So anything the victim does goes through your system.
You could control what the victim sees, or you could be man in the middle, right?
unidentified
Yeah.
art bell
Oh, my God.
kevin mitnick
Pretty scary stuff.
art bell
And you're saying this is pretty common knowledge among those who do this kind of thing out there and that there are many of them?
kevin mitnick
Absolutely.
I mean, a lot of people that go and buy wireless, you know, the convenience of buying a wireless router, go to Fry's, they go by when they install it.
They might think, oh, I have to be secure, so I'm going to turn on wired equivalency privacy or what they call WEP.
art bell
Well, let me tell you, WEP.
Right.
Let me tell you, a friend of mine in Las Vegas, Kevin, where there's a very high density of hotspots, has simply put a Yaggy antenna with a rotator on his roof.
And believe me when I tell you, Kevin, he doesn't pay for internet ever.
He just rotates that beam around and can get just like any number of wireless points as it rotates.
And he's just using other OPN, other people's nets.
kevin mitnick
Open wireless networks.
unidentified
Right.
kevin mitnick
Yeah.
art bell
Right.
kevin mitnick
Well, I mean, in cities, I was recently in Washington, D.C., and it's like anywhere in this five square blocks, they had public wireless internet.
So basically what they're doing is they're making internet available wirelessly to anybody in the area.
But even with WEP, with their software out there, because of the weaknesses of that protocol, anybody with a laptop and the right software, it just takes 20 minutes to crack the key.
unidentified
Oh, my.
art bell
Five to 20 minutes.
So all these wireless hotpoints are sort of hotspots, are sort of a magnet for modern computer pickpockets.
Only now it's easier, and the pickpocket doesn't have to actually put his hand anywhere near the guy's pocket, so to speak.
kevin mitnick
Right.
And you have to think about like a lot of businesses.
I was recently at my doctor's office and I turned on my computer and Windows has a thing called the wireless zero configuration utility.
So what happens is if it sees a wireless access point and your card is, you know, and it's scanning and finds one, pops up and says, oh, I found a wireless network.
Do you want to connect?
unidentified
*music*
art bell
All right.
You have definitely earned a plug, Kevin, for whatever you want to plug.
So what do you want to plug?
I mean, is it your website, your book, both?
What do you really want to hit?
kevin mitnick
Well, nothing in particular, really.
I mean, I give out my website, you know, for information that I post a lot of articles on there.
What's the most interesting thing now on the website is the new FBI survey.
So I'll give out the website again for those new listeners.
It's www.mitnik, M-I-T-N-I-C-Ksecurity.com.
And I guess I'll mention my new book, The Art of Intrusion, which is really a book that contains stories of other hackers.
It mostly gets into mindsets and really what drove them to do the things that they talk about in their stories.
And then I really get into the techniques, the different attack methodologies they use, whether it's social engineering, whether it's physically gaining access to a building through some elaborate lockpicking.
And then I talk about how they cover their tracks and then how we as business people, government agencies, and universities could mitigate those vulnerabilities.
So that's really what the book is about.
I really wrote it because I was more interested in telling the stories because I thought they really illustrated how these hackers work today.
So that's what I really wanted to do, just give people a glimpse into the mindset and the techniques and how to protect themselves.
So that's what I really wrote the book for.
I got to tell you something.
I had a dear friend.
She came out from Florida, and she called me this morning to let me know she was in Vegas.
And when I received the phone call, the number that was calling my cell phone was my cell phone number.
And I think we already talked in a couple shows about caller ID spoofing, where it's trivial for people nowadays, you know, you could subscribe to services on the Internet, you just put in caller ID spoofing, and then what you can do is you could basically come or you could appear to be coming from any phone number.
So I get this call, it's coming from my own cell phone number, and then it's this like, you know, this man's voice.
And I go, oh, so you're spoofing my number, that's really nice, and thanks a lot, goodbye.
And I hang up.
And then I get a call five minutes later, and it's from my friend.
And she goes, that was me.
And I go, no, it wasn't.
It was some guy.
And she goes, no, that was me.
I was the one spoofing your number, and I'm the one that was sounding like a guy.
I go, what are you talking about?
She goes, well.
art bell
And this is your girlfriend?
kevin mitnick
No, no, a friend of mine.
art bell
Oh, I see.
kevin mitnick
Yeah.
And I go, oh, that's interesting.
She goes, yeah.
You know how caller ID spoofing became popular where people could sign up for these services?
Now there's services that not only allow you to spoof the number, but actually will change your voice.
art bell
To sound like that of the person with the...
kevin mitnick
So you could sound like a man.
You could sound like a woman.
I mean, it's crazy.
I was like going, wow, that's kind of interesting.
art bell
Well, you would want to sound, of course, if possible, like the person whose number you were spoofing, right?
kevin mitnick
Exactly.
But I mean, now they're actually building in voice changing capability.
Now, it didn't really sound all that good.
I wasn't really paying attention to the call, but I just thought, wow, you know, what's the next step from here?
art bell
Yeah, and that's really a sick trend, you know?
Really sick.
I mean, I can see where all of this is going, and it's not anywhere good.
If somebody likes your, just like you, looks down the road 50 years.
Forget 50 years.
If you look down the road, 10 years.
What do you see the world being like, Kevin?
kevin mitnick
With respect to technological magic tricks?
art bell
We're turning into a complete technological society.
kevin mitnick
I guess the Unabomber went like it.
art bell
Oh, no.
Oh, no, no.
kevin mitnick
Oh, Theodore.
art bell
No, the question is, in another 10 years of development, both by the good guys and the bad guys, what kind of world is it going to be?
kevin mitnick
I don't know.
I mean, if we watch motion pictures, it might become like Blade Runner.
I think technology is a good thing, though.
I think it really, you know, automation helps the businesses, you know, compile and catalog and make good business decisions.
Of course, technology is like a hammer.
You could use it for good, you could use it for evil.
art bell
Yes.
Well, I guess what I'm asking is, how far down the road, how much farther down the road are we going to be in 10 years?
Isn't this all advancing at a somewhat exponential rate?
kevin mitnick
Yeah, I would agree with that assessment.
art bell
So in another 10 years, all our appliances are going to be have IP addresses.
kevin mitnick
Won't that be scary?
art bell
Well, yeah.
Your refrigerator will have a PPP.
kevin mitnick
Your pacemaker might have an IP address connected to the Internet.
So your doctor could monitor it, but God forbid some hacker would somehow be able to control it.
art bell
Good lord.
So your heart is on the Internet.
kevin mitnick
I'm just kidding, Art.
I don't think we're going to go that far, but it's a thought.
art bell
Oh, I think we'll go that far.
I think we're inevitably headed in that direction.
Not a matter of if, but when.
kevin mitnick
We'll be monitoring equipment, but I don't think the pacemaker is going to have an IP address.
I was just kind of joking around there.
art bell
Yeah, I hope you're right.
Wildcard line, you're on the air with Kevin Mitnick.
Good morning.
unidentified
Hey, the big kahoon.
Good morning, Art.
How you doing?
art bell
Just okay.
unidentified
Good, all right.
Kevin, hey, here's an answer.
What do you think about this?
You're a tremendous expert.
A long time ago, I was a little freaker and a cracker.
That's a long, long time ago.
When I go on the internet, Art, I just swap in.
I have a removable C drive.
I just pop out my C drive, pop in another C drive that has all the programs I use.
I keep my data on my D drive.
If anything does happen, which does happen, I don't have to go through 16 hours, 8 hours the next day.
All I do is pop out.
art bell
Yeah, I got the idea.
It's actually pretty interesting.
Hold on a sec.
Kevin, would it be possible to put in a very, very, very easy switching arrangement to put indeed a sort of a dummy, don't care what you do to this drive kind of drive in there when you go on the Internet?
What about it?
kevin mitnick
Well, no, I have a better solution.
There's a product out there called VMware.
And it's where you have images of other guest operating systems.
So what you could do is with your regular computer being the host, you just have a guest operating system.
You boot the guest operating system and you do everything you want to do.
And if anything ever becomes corrupt, you just replace it with the original one, and then you transfer any data to the host.
unidentified
Well, that's pretty slick.
kevin mitnick
And if that was kind of technical and people didn't understand it, your host computer, your Windows system per se, is running a software program called VMware, and then you have guest operating systems under it.
art bell
Right.
kevin mitnick
Kind of like virtual PC.
art bell
Yes, are you paranoid enough to be doing that?
kevin mitnick
I'm paranoid enough to be using PGP Hold Disk, which is an encryption product, so my entire hard drive is encrypted.
art bell
So everything on your hard drive is encrypted?
kevin mitnick
Including the operating system, right?
art bell
Is encrypted.
kevin mitnick
Yes.
art bell
Oh, you are paranoid.
kevin mitnick
I go through airports a lot, Art.
Anybody could lift my laptop.
art bell
I guess you would be a target, wouldn't you?
I mean, you're a big name in the hacking world, and so to get Kevin is probably like, I don't know, putting a notch in your mouse.
kevin mitnick
Yeah, I mean, my main concern is I do so much international travel doing public speaking that somebody, you know, I get searched at the metal detector or whatever because I get the unlucky number and then somebody steals my laptop and I have my clients' information to protect, which is very proprietary and confidential.
And so I have to exercise due diligence to protect their information and my own.
art bell
Got it.
All right.
East of the Rockies, you're on the air with Kevin Mintnick.
Good morning.
Hello.
Going on.
Hello.
Yes.
unidentified
Yes.
Kevin, I'm certain that you are aware of it, but maybe a lot of people aren't.
One of the large internet providers that offers the free all the virus I can see and everything.
But if you use that, then if you happen to have a song or a friend or somebody sends you a small like shooting Saddam or something, but you have to buy it.
You should buy it.
You should go to the site and buy it.
So when you go to use their security checkup and everything, it knows exactly everything that's on your computer and they have no scruples about it.
I know because a lot of times when it says, you know, after you install something, it says you have to shut down and restart.
That's right.
And then it comes back and the thing, you know, is still there and you have to sign back on.
And lots of times, you know, it's asked if you want to register it now when it comes back on.
I usually click no and just went back to doing the graphics, you know.
art bell
Okay, well, I'm not sure what all of this answers to.
Yeah, what's your question?
unidentified
Okay.
How can you prevent your provider from getting in and, I don't know, that program, what you type.
art bell
All right, all right.
So she's asking your provider.
kevin mitnick
Your ISP.
Your internet service provider doesn't really gain access to your computer unless you're like a company and you're using like a colo and they're supporting your system because you're paying for it.
But the ISP basically is like your conduit to the outside world.
They could monitor any traffic in the clear, which means it's not encrypted.
But usually they don't have access to your computer per se.
They would have no reason to.
art bell
Well, I imagine ISPs, Kevin, are in kind of an unusual pickle in a way.
Aren't they many times?
In other words, they're approached frequently by the authorities, looking for people downloading child porn or financial theft or any one of a zillion different things that somebody might be doing on there.
kevin mitnick
Yeah, but they have no authorization to gain access to a suspect's computer.
What they can do is they could monitor log in, log off times, kind of like a telephone pen register, if you will.
And they could also monitor traffic.
And the only thing that's going to really be useful is anything that's in the clear that's not encrypted.
art bell
Right, but that's still in all.
There's got to be an awful lot of pressure from different agencies to get information from these providers.
Are they in any way protected from giving this information out or do they just automatically have to do it?
kevin mitnick
Well, there's different types of interceptions.
There's where they could do a real-time interception, which they would, I believe, I don't know, with the new Patriot Act, if this requirement has really been watered down, what they would need was a Title III warrant, like doing a wiretap.
If they're requesting information from an ISP which is stored data, like for instance your email, I think the only requirement is simply a subpoena because that type of communications is protected less than contemporaneous communications.
art bell
Even with PGP, do you worry?
kevin mitnick
Well, not really.
Anything could be an attacker could plant a keystroke logger on your computer so if you're typing in your PGP passphrase, they capture it.
art bell
Okay, well, here's the reason I'm asking, because there were a lot of rumors, Kevin.
Maybe you can nail it down for everybody listening.
There were a lot of rumors that PGP had a backdoor?
Well, not it's a specific rumor.
Not that here's the way it went, that the first PGP that was written is essentially unbreakable and does not have any kind of backdoor, and that successive ones were in some way perhaps compromised.
Is that rumor true or false?
kevin mitnick
I don't know, but I know that Philip Zimmerman, I think, worked on PGP up to like version 2.3.
But I'm not really all that certain.
But then you had companies like NAI and then PGP that developed the applications and I think they're closed source.
Some of them are, I think there's, yeah, I think it is closed source.
art bell
How unbreakable is it?
kevin mitnick
Well, the way to make crypto is not usually to go after the algorithm or to brute force the key because there would be too many possibilities.
But usually the implementation is incorrect and you could find ways of getting around the crypto or getting to the information without necessarily having the key.
It's not like with the Enigma machine at Bletchley Park where you're going to have teams of people trying to crack the Germans code.
What you have is poor implementations.
For example, remember old Peter Norton?
art bell
Oh, yes.
kevin mitnick
Okay, well, they had a program called Discrete in one of their older Norton utilities packages.
And Discrete was where you can create a virtual encrypted drive.
So a friend of mine actually had the access to the source code of Discrete, and I looked at it and realized that the programmer who wrote the application screwed up.
And the actual, it was supposed to be using a 56-bit DES key.
DES stands for Data Encryption Standard.
It was the standard by the U.S. government.
Anyway, the way that it was coded because of the error, it was only a 30-bit key.
And a 30-bit key could have been brute-forced by, you know, government agencies at the time or even...
art bell
The good PGP you're using right now, if the NSA had to crack it, do they have the computer to crack it?
kevin mitnick
I don't know if they have the capability.
I don't know what the NSA's capability is at this point.
art bell
Do you have a guess?
kevin mitnick
I think it's unlikely.
I think what they would do is have operatives that would try to get the key some other way.
art bell
Really?
kevin mitnick
Yeah, I don't.
Well, there might be.
I'm not a mathematician, so I haven't studied the algorithm.
I probably don't have the background in higher mathematics to really analyze their crypto.
So I couldn't tell you.
art bell
Have you heard any credible rumors that it's been broken?
Or is there a standing rumor that it has not been?
kevin mitnick
I haven't heard anything on the street, so to speak, that it has been cracked.
But what PGP does is it uses public key cryptography, the Rivas Shamir and Albeman RSA.
And you're using a public key cryptography to create a key, a fixed key, so to speak.
And then this key is transmitted to the other party, and then they're able to share the thing.
I'm trying to explain it where it's not complex.
But in any event, there's two algorithms involved here: the RSA algorithm and the actual session key that's being used.
There's another algorithm.
And I don't know of any weaknesses in any of those.
art bell
Don't you think, though, that if our government could not break PGP, there would be a law against its use?
kevin mitnick
No, but I think if they could break PGP, they'd never let the public know about it.
art bell
Well, thank you very much.
I guess that's where I was going.
That's exactly where I was going.
kevin mitnick
Why Art?
Because when I was busting for hacking, I used PGP.
art bell
Oh.
kevin mitnick
And they couldn't crack the key.
So it became a big issue in my court case.
art bell
You're sure they never did.
kevin mitnick
Well, so I don't think I was an important enough target for them to even try.
art bell
Well, that's a good point.
Certainly a fascinating Individual, Kevin Mitnick, and his book, his current book, the one you might want to look for on Amazon, is The Art of Intrusion.
That's a good title.
The Art of Intrusion.
How'd you come up with that?
kevin mitnick
Well, my first book was called The Art of Deception.
That was the book on social engineering, and the reason I named it The Art of Deception was paying tribute to Sun Tzu's art of war.
Because wars are won through deception.
If you recall the treaties.
art bell
Oh, yes.
Oh, absolutely.
kevin mitnick
What do you think about this Google thing in China?
Censorship at its best.
art bell
Yes, so I've heard.
Explain everything to them.
kevin mitnick
Well, Google obviously has a presence in China.
However, the Chinese government has required that Google censor obviously censors certain types of materials from the search engine.
So Google is apparently fully cooperating with the Chinese government because it's a profit center.
art bell
And they want to be in China.
I don't blame them.
That would be an awfully big thing to refuse.
kevin mitnick
Yeah, imagine, yeah, because the Chinese population is quite large.
art bell
Do you have any, can you give us an idea of the extent of the censorship?
kevin mitnick
I don't know.
I have only...
acquired this information through what I read through the press, but from what I recall from like a couple of years ago, there were some tools that people in China could use to bypass the Chinese restrictions.
Like, for example, a user would be able to connect to random volunteers' computers throughout the world.
And I think it was run by a company that started an anonymizer called SafeWeb.
And what this allowed you to do was they were able to proxy their connections through what we call a peer-to-peer network so they could bypass all the Chinese restrictions.
But I don't think that service, I don't think that exists anymore.
I forgot the name of it off the top of my head.
art bell
So you're telling me there really is a way that a country like China can get away with censoring the Internet.
kevin mitnick
Apparently so.
They censored the Internet for their...
art bell
If I'm in China and I put in Tiananmen Square, what do you think I get back from Google?
kevin mitnick
A 403 error.
art bell
403.
kevin mitnick
I'm just kidding.
art bell
Page not found.
kevin mitnick
No, that's a 404.
403 is like access is restricted.
art bell
Oh, God.
No, I guess that would be too obvious.
Page not found actually would be better.
kevin mitnick
Maybe a link to one of their re-education camps or something.
unidentified
Oh, my God.
art bell
Your name.
Yeah, and a cookie.
And a cookie and some milk.
kevin mitnick
There you go.
art bell
First-time caller align.
You're on the air with Kevin Mintnick.
Hello.
unidentified
Hello, Ob.
I'm a first-time caller from Edmonton, Alberta, and I would like to know what his opinion is of the operating system OpenBSD.
kevin mitnick
Oh, I actually use OpenBSD, so I do like it.
art bell
Okay.
More.
kevin mitnick
By the way, for the listeners, OpenBSD is a Linux variant.
Well, not really.
It's really BSD Berkeley.
But it's a Unix variant, correct myself, that has been developed with secure coding practices in mind.
So the operating system, the way it's coded, the way it's reviewed, is much more secure than the standard Unix.
art bell
A lot of people who are really into computers That I know just absolutely love that operating system.
So, Wildcard Line, you're on the air with Kevin Mitnick.
unidentified
Hello.
Yes.
Hello.
My name is Eric, and I'm calling from Kearney, Nebraska.
Currently, an undergraduate major in physics at the University of Nebraska, Kearney.
My question to Kevin Mitnick is, can you hear me, Kevin, first of all?
Okay.
My question to you is, have you done any research into a quantum computing or looked at any of the certain types of security aspects that seem to be possible with using quantum mechanics to make computers more secure and more user-friendly?
art bell
All right.
Well, I wasn't aware that quantum computers had yet existed on Earth.
They're theoretical, I think, Kevin?
kevin mitnick
Yeah, the only thing I've read on quantum computing, how to do with encryption, and this was a hypothetical article that was written, I think, like two years ago.
But I haven't really looked into the issue of quantum computing lately.
art bell
Having said what you said about PGP in your experience a little while ago.
Do you think that if the target was really worth it from a national security point of view, that we could cut through PGP like a hot knife through butter?
kevin mitnick
Well, remember, well, again, PGP, the public key cryptography, it's using an asymmetric, it's using asymmetric encryption to create.
The problem is if I want to communicate with UART, and I need a secure way to send you the key, so you could encode information and decode information, right?
So the whole reason that public key cryptography came about is a way that I could securely send you the key.
So the underlining algorithm isn't necessarily PGP.
There's several algorithms the user could choose from.
art bell
I've got that.
Again, my question stands.
kevin mitnick
could the government with enough resources crack any uh...
could crack any uh...
art bell
any key absolutely you regardless of any i don't think that i can't pray or its offspring whatever we're currently using uh...
kevin mitnick
do they have enough power and it's just a matter of enough computing power because eventually Well, first I must say I don't know the government's capability with distributed computing, but you really doubt it, don't you?
Yeah, I do.
art bell
Well, that's quite an endorsement.
All right.
East of the Rockies, you're on the air with Kevin Mint.
kevin mitnick
Not with PGP, but with encryption in general.
art bell
All right.
Hello.
unidentified
Okay.
Thanks for taking my call.
art bell
Sure.
unidentified
This is Rick from Virginia.
And I was calling regarding where you'd mentioned earlier about the phone freaking.
kevin mitnick
Right.
You want to be quite people spoofing and change your voice to a woman.
unidentified
Right, right.
Well, by the way, Art, regarding you calling some of the South African numbers, is your email the same as always?
art bell
Yes.
unidentified
I want to send you a phone number.
I'll just put it in the subject line of the email.
It might be a couple weeks before I'm back on the net, but I'll send you a number to check out.
kevin mitnick
And Kevin, you know, by the way, that site, by the way, where you can do that is called spoofcard.com if you're interested.
art bell
Had to get that in, huh?
kevin mitnick
Of course.
You might want to oppose as a woman for some reason.
I've noticed.
art bell
You seem to really like that.
kevin mitnick
I like giving out that good information because it's.
art bell
I can tell.
Caller, pose your question.
unidentified
We could use the spoofing to call the coast-to-coast show more often.
art bell
Oh, please.
Either ask a question or I'm pushing the next button.
unidentified
Okay.
Kevin, in the 70s and 80s, you know, a lot of the focus was on the tricks with the telephone and that sort of thing.
And with the focus now primarily on the internet, in a way it seems like the phone freaking tricks are making a comeback because a lot of people are not aware of them and that sort of thing where you can actually take over someone's phone service and that sort of stuff.
art bell
All right, all right, we've got it.
All right.
So, yeah, Kevin, is phone freaking making a kind of comeback?
kevin mitnick
Well, if you remember the movie War Games, you know, back in the 80s, you used war dialing, right, to find modems.
unidentified
Absolutely.
kevin mitnick
Right, but I would make it analogous to wireless networks.
It's like with wireless today, it's like plugging in one of these old 46 megahertz cordless telephones, right, where anybody can listen in.
When you plug in that wireless access point, it's like the base unit to a cordless phone, which anybody can become a handset.
art bell
Well, again, you're rushing into better technology.
He was asking if the old-style phone freaking is making any kind of comeback, whether you know anybody out there still doing it.
kevin mitnick
Well, it's being done all the time, and that's usually to defraud companies by gaining access to their PBX and making fraudulent calls to Afghanistan or to Argentina.
So people that are doing phone fraud, it still exists.
Now, of course, if you want to extend phone freaking into voice over IP.
art bell
I was just about, my question is bigger with VoIP.
It's this.
Is voice over IP going to ruin phone companies?
kevin mitnick
No, I think phone companies are going to start to embrace it and use it as a as a profit center.
I don't think it's going to necessarily ruin them.
unidentified
I'm waiting for that.
kevin mitnick
Oh, yeah.
That's for damn sure.
It's going to be, you know, well, because then that's what cellular.
Remember, the cellular rates were $1 a minute 10 years ago?
art bell
Right.
kevin mitnick
You know, now they're next to nothing, but the cell companies are still making oodles of money.
art bell
That's true.
But they're hardly being hacked, or are they?
kevin mitnick
No.
There's already tools out there to, if you are in the path where you could intercept a VoIP call and listen.
art bell
No, I meant how much hacking are the cell phone companies experiencing.
kevin mitnick
Quite a bit.
It's not like the old days of cloning a phone by getting somebody's electronic serial number and mobile number.
That's the old ways now.
People are using fraudulent credit cards to add time to prepaid phones.
So they go to Verizon.com or whatever it is, and they get a fraudulent card and then they add 100 minutes to a phone that they bought at 7-Eleven or whatever.
art bell
This is such a war.
kevin mitnick
Right.
Drug dealers, maybe even terrorist operatives, if you want to go that far.
But they want disposable, untraceable phones.
They use stolen credit cards to launder their coal, so to speak.
art bell
Boy, if you're going to be a good thief these days, you've got to be very technological.
kevin mitnick
Well, technology makes it easier to steal.
I mean, it's just so technology has really stealing a line from Frank Abignale, the guy, you know, catch me if you can.
I mean, in his business of check fraud, it's certainly made check fraud, where you can manufacture checks on a laser printer much easier.
But also, technology has made it easier to get access to information, to do fraudulent transactions.
I mean, it's just, you know, again, it's helped the world in one respect, but in the other respect, people have used it for unethical purposes.
art bell
Got it.
West of the Rockies, you're on the air with Kevin Mitnick.
Good morning.
unidentified
Good morning, Gary, KSMA, Santa Maria, California.
art bell
Yes, sir.
unidentified
I'll make a short cogent statement here and see if Kevin agrees with me.
According to the FTC and the FBI, and it only appeared about 10 days ago and immediately disappeared off the national news, cybercrime and identity theft has now exceeded the drug trade as far as profitability.
And then that story, it's hard to find all of a sudden.
art bell
And you're saying, sir, that it appeared where?
unidentified
Well, the statistics came from the FTC and FBI.
art bell
Yes, and you saw it where?
unidentified
On the FTC website.
art bell
Wow.
unidentified
The Federal Trade Commission website, that identity theft, in particular, cybercrime in general, had exceeded that Profitability of the entire drug trade in the United States combined.
art bell
Well, that's astounding.
Do you think it has a chance of being true, Kevin?
kevin mitnick
I don't know.
I mean, drug trade, I mean, it's extremely profitable.
Oh, yeah.
I doubt it, but I believe that identity theft and computer crime are contributing to very large losses, but I don't think it's exceeded.
But then again, I don't have the numbers.
I'm just using gut instinct.
But identity theft, this is another, I mean, it's so easy because of the system here in America for people to steal identities.
It's not the consumer or you and I can't protect ourselves.
How could our information is already out there on the internet and on databases just for the asking, and then people can go out and obtain certified copies of our birth certificate?
art bell
Kevin, should everybody have a shredder?
kevin mitnick
Oh, I believe so.
But I mean, going through your trash is just one way, but I mean, the information, the milk is already spilt.
And all you need to do to create identity in America is just have knowledge of information.
That's it.
art bell
Yeah.
kevin mitnick
That's what's scary.
art bell
Yeah, and it's so true.
It's terribly true.
I know.
kevin mitnick
And the best thing that we can do as consumers to guard against our identities, we can't prevent it from our identities getting stolen, but what we can do is detect it.
And one of the best things to do is really monitor the three credit bureaus, TransUnion, Equifax, and Experian.
And any time you have an inquiry, anytime there's a new extension of credit that's opened under your Social Security number or whatnot, immediately you need to be notified in real time.
I mean, if the credit reporting agencies could do that, that would really, I think, give us an upper hand.
art bell
All right.
One more, I think.
You're on the air on the international line.
Good morning.
unidentified
Hello.
art bell
Hi.
unidentified
Oh, hi.
I just had a real quick question.
I'm calling from Winnipeg, Manitoba.
It's a simple question.
I was wondering if your ISP is capable of monitoring what you've searched on a search engine.
art bell
Okay, that's absolutely a good question.
And we sort of answered it, but Kevin?
kevin mitnick
Yes, they are.
If they want to, usually when you're using a search engine, you're just using HTTP and unencrypted communication.
You're just accessing their web server without encryption, and your ISP, if they want to, can intercept and capture.
And that leads to the other controversy involving the federal government issuing subpoenas to Google for certain types of searches.
Another can of worms.
art bell
Boy, well, this is nothing but worms.
The worms are falling out of the can.
kevin mitnick
Your computer will become part of that army of spam and evil, right?
Well, That's why we've got to protect ourselves, have antivirus software, backup our computers, have a resilient firewall, use spyware utilities to scan our systems, patch our systems, turn patching on so anytime there's a security update, you're patching your system, keeping your operating system up to the latest release.
And we have to do these things on a consistent basis to really maintain the safe environment for.
art bell
I'll tell you, listening to you is enough to make a person reach over and turn their computer off.
Just turn it off.
kevin mitnick
Well, hopefully they won't turn their radio off.
art bell
But you can't really do that.
I mean, today in modern America, Kevin, if you're not computer literate, if you don't have a computer, if you don't know how to use it and are fairly competent with it, you're just lost.
You can't participate in a lot of modern America.
It has become not a luxury, in my opinion, but in modern America, a necessity.
kevin mitnick
Oh, absolutely.
art bell
You have to have a computer.
kevin mitnick
I mean, kids in elementary school are learning computers.
I mean, I didn't get to touch my first computer until I was a senior in high school.
unidentified
Well, see, that's...
art bell
Like the story about Catholic girls.
kevin mitnick
There you go.
art bell
Listen, buddy.
It's been a pleasure having you on the program.
kevin mitnick
It's always great to be on your show.
You're the greatest.
art bell
It's always fun, and we will no doubt do it again soon.
Have a good night.
Export Selection