All Episodes
Previous Next
Oct. 8, 2015 - Art Bell
02:22:08
Art Bell MITD - Kevin Mitnick Hacking
Participants
Main voices
a
art bell
41:56
k
kevin mitnick
01:21:40
| Copy link to current segment

Speaker Time Text
art bell
Whatever the case may be, whatever you are, and welcome to midnight program that covers every single time zone around the world.
unidentified
Just like a bike to keep it warm at night.
It just be warm enough during the day over there, too, right?
art bell
Anyway, welcome to the program.
We have two simple rules.
No bad language and no using the restroom during the show.
Now, the second rule is actually only one call per show.
Those are just listener checks.
All right, first thing I want to do tonight is correct my email.
I said last night that you could email me ideas for tomorrow night's open lines session where anything goes.
And I mean ideas about, you know, what special line we could have that would be really fun.
And I gave you the wrong email address.
So let me correct that tonight.
If you would like to email me a suggestion that you think would be fun to explore with people on the air, you know, just use as a special line.
I mean, it's going to be open lines, right?
But special lines are fun.
The correct email is artbell at knye.com.
That's kilowattnancyyokohama easy.
Artbell at knye.com.
Sorry about that.
I'm sure a lot of you had bounced emails.
All right.
I do want to give a little news here because I'm afraid there is news.
It's never good.
Confronting insurmountable obstacles, he said, the majority leader, Kevin McCarthy, suddenly withdrew from the contest for Speaker of the U.S. House on Thursday, shocking everybody just before the vote and producing an ever deeper chaos for divided Congress.
Said he, we need a new face.
Now, people were looking at him in disbelief, and, you know, nobody can know what happened on TV.
You know, I watch a lot of political-type shows, right?
Somebody would have handed him a slim 10 by 10, 10 by 11 manila envelope, and he would have opened it.
His face would have blanched, and he would say, okay, I'm out.
That'd be how it would happen on TV.
I'm not saying that happened here.
But there was shock.
Russia continues to help us to death in Syria.
Clashes intensified sharply on Thursday between Syrian troops and insurgents in central and northwestern Syria.
Part of what a top general called a clearing operation near government strongholds on the coast.
This is really getting serious.
They fired 26 long-range missiles into Syria.
Well, actually, four of them did not make it into Syria and exploded instead in Iran.
Turkey is getting involved.
Now, look, I don't want to scare anybody, but we did a show not long ago on nuclear war that I would recommend to you.
Go back in the archives.
If you're a time traveler and you can hear the older shows, it was, what, about a week ago or so?
We did a show on nuclear war, what World War III would be like.
And again, I don't want to scare anybody, but U.S. and Russian jets are brushing wingtips up there, so to speak.
That's metaphor.
They're not really brushing wings.
But you don't need to, with modern jets, you can shoot somebody down at 30 or 40 miles away.
This is really, really getting serious.
Allies are becoming involved, enemies more involved, big enemies even more involved.
Could it lead to World War III?
Well, I have friends in high places, three-lettered places, and they're beginning to worry.
And if they worry, we should worry.
I'm not saying that World War III is right around the corner, but yeah, but it could be.
This really is scary stuff.
You see Russia and the U.S. beginning to mix it up in the skies, bombing different targets with different things in mind over the same country in the Middle East or that area, and you just know it's going to be trouble.
When President Obama arrives in Oregon on Friday, he's going to find a timber town still in mourning over the shooting that killed eight community college students and a teacher, but he will also find a deeply held emotion, Something like anger seething over his calls for new gun restrictions.
People don't like that.
I don't like that.
We have the right to bear arms.
And what's wrong, I will say it a million times if I must, is it's a mental health problem, not a gun problem.
The president himself actually made a small reference to a mental health problem the other day during his speech, the emotional speech after the shooting.
Now, this is shocking and interesting at the same time.
Dr. Alan Stern, you may have heard, sparked absolutely frenzied speculation that the space agency NASA was about to announce a groundbreaking discovery after saying scientists had found something amazing on the icy planet.
That's like saying something wonderful.
He also referred to the planet as alive during a speech to students.
And so everybody went berserk.
Even Richard last night was going, oh, my God, what could it be?
What could it be?
He even was quoted as telling a meeting, NASA won't let me tell you what we're going to tell you on Thursday.
unidentified
It's amazing.
art bell
But with so many NASA announcements, this one, there was huge disappointment when he took to a social media, the social media, to squash all this, saying, well, he had no idea how the remarks had been misinterpreted using the handle at New Horizons 2015 sent a series of tweets in which he then retreated from his own personal account,
debunking the idea, even the idea of an imminent announcement, much less something amazing.
He wrote, there is a false rumor going around there's going to be a big New Horizons science announcement tomorrow, completely false.
Asked by a fellow user whether he had been misquoted, he replied, I have no idea how it was misinterpreted, but it was.
So that's one you've got to wonder about, too.
I mean, do you suppose that the torsion field was bearing down on him from above, but that he decided he can't release the information?
I don't know any more than I know about the speaker thing.
All right, so coming up after the break, we have somebody special tonight.
We have Kevin Hacker Extraordinaire.
Kevin is simply the world's most famous hacker, once one of the FBI's most wanted because, well, he hacked into 40 major corporations just for the challenge.
And they sent him to jail just for the challenge.
Kevin is now a trusted security consultant to the Fortune 500 and governments worldwide.
Kevin and the Global Ghost Team, how's that for a name, now maintain 100% successful track records in being able to penetrate the security of any system they're paid to hack into using a combination of technical exploits and social engineering.
And he will also be here in a moment to tell you how he and Tommy Chung alone, instead of the whole Chinese government, hacked successfully into Sony.
We'll tell you all about that.
Stay right where you are.
This is midnight in the desert.
I'm Art Bell.
unidentified
We came from somewhere back in a long ago.
He said that the fool don't see time and hard to recreate what had yet to be created.
Just kidding.
Just kidding.
Midnight in the Desert doesn't screen calls.
We trust you, but remember, the NSA.
Well, you know.
To call the show, please dial 1-952-225-5278.
That's 1-952-Call Art.
art bell
5 Far and Away in my favorite.
All right, everybody.
If you think you're ready, here comes the most famous hacker in the world, otherwise known as Kevin Mitnick.
Kevin, welcome to Midnight in the Desert.
kevin mitnick
Hey, it's great to be back on your show again, Art.
art bell
Yep, nice to have you.
So, how did you and Tommy do it?
kevin mitnick
I cannot confirm or deny anything.
art bell
Yeah, we'll talk about Sony later.
All right, so you've got a long and somewhat sordid history behind you.
And it always serves well at the beginning.
I mean, it's been how many years since we talked?
I don't know a lot.
kevin mitnick
Wow, at least maybe four or five years.
unidentified
At least.
kevin mitnick
That's when you were at Third Channel.
I don't remember how long ago that was.
art bell
Oh, that was a long time ago.
That was more than that.
Time is compressing as you're getting older.
kevin mitnick
Yep, that's true.
Maybe I'll have to create a new identity for myself and make myself younger.
art bell
Yeah, actually, you're good luck with that.
You know, I left there in about 2003, so that gives you some clue.
kevin mitnick
Oh, wow.
I didn't realize it's been that long.
Well, it's great to be back on your show again.
I missed your shows on the air, so it's actually fantastic to have you back on.
art bell
Thank you.
And it's kind of nice because no matter where you are, whether you get a radio station locally or not, you can get us.
We're on the internet worldwide.
All right, so your infamous background.
How you got started, how you got stopped.
kevin mitnick
Well, actually, like how I got started with computer hacking was for my love of magic.
So when I was a young boy, around 10 years old, I used to ride my bicycle over to the magic store, and I always wanted to know how the magicians, or it actually, or the magicians or kind of sales magicians, would actually do their magic tricks.
And I just love doing this stuff and amazing my friends.
And when I was in high school, I met this other kid in high school who could actually work magic with a telephone.
And he could do all these tricks, like he could get my unlisted number.
He could add what they called custom calling features to my phone.
And back in those days, it was like freeway calling, call waiting, call forwarding.
He could just do anything.
And I was just wowed.
And I just wanted to learn how I can do what he did because it was so cool at the time.
And this was what they called phone freaking.
And this is kind of the predecessor to hacking.
And not only was I involved in this, but if you recall, Steve Jobs and Steve Wozniak back in the mid-70s were also involved in phone freaking a little bit differently.
They built these boxes called blue boxes.
One blue box is just a device that emits a certain frequency tones called multi-frequency.
And 2,600 hertz was the initial tone that you would use before you used a blue box.
art bell
Actually, officer, it's just a blue box, officer.
unidentified
That's all it is.
kevin mitnick
Yeah, that's all it is.
But maybe you could paint it a different color than evade the cops.
But anyway, so Waz was the technical genius.
And there was this article in the 1971 issue of Esquire Magazine.
And there was another gentleman named John Draper, who's known as Captain Crunch, was interviewed in this article.
And then Waz read it, and he learned, I think it was called The Little Secrets of the Blue Box.
And then they wanted to build one, right?
Because it was so cool to be able, it wasn't making a free phone call that was so exciting.
It was actually being able to manipulate Mob Bell and route a call, like for me to sit at a payphone in Los Angeles called a time in Australia.
art bell
Now, I've interviewed Draper a number of times, by the way.
kevin mitnick
Oh, you have?
art bell
Oh, sure, yeah.
kevin mitnick
He's actually living in Vegas now, if you believe that.
art bell
But in any event, so are a lot of people absconding from the law.
Not that he is, but.
kevin mitnick
Wait a second.
I live there too.
But I'm not absconding.
art bell
You're further proving my point.
kevin mitnick
So anyway, so Woz was the technical guy behind this, and he actually learned from Draper.
Actually, Draper and Woz met, and he was able to actually build one of the boxes.
Woz actually showed it to me in 2000 when we did a documentary together called The History of Hacking.
And then Jobs had the idea.
Well, how can this happen?
art bell
You know, I should notify you, buddy.
I'm sorry to interrupt, but you're dropping a packet every now and then.
kevin mitnick
That's the hotel I'm in.
I'm sorry.
art bell
That's all right.
I just thought I'd let you know.
kevin mitnick
Or somebody's hacking the connection.
There you go.
I'll speak slower.
No, so in any event, so Jobs had the idea, hey, let's sell these at Berkeley's campus and make some money.
And that was the actual initial funding for the Apple One board.
So kind of Apple computers started from dabbling in phone freaking, if you will.
So it's quite an interesting story.
In fact, there's going to be a new Steve Jobs movie, I think, out Friday here in the States.
So I'm excited to see it.
Oh, really?
But in any event, so I was just like so fascinated with this phone freaking stuff, I just wanted to learn all about it.
I remember when I was a kid, I would go on these dumpster diving missions at the phone company.
And what dumpster diving is is when you're looking in the trash for discarded manuals and information and inter-company directories.
And I remember at one time we found a bag of trash, you know, a small little bag, and somebody had gone to the trouble of ripping up this document and, you know, tiny bits of paper.
It must have taken them an hour or two.
art bell
And actually, diving into a dumpster is kind of social engineering in your world, right?
kevin mitnick
Not really social engineering.
Social engineering is kind of more manipulating a target.
But we actually took these bits of paper and put it together at the local Winchell's Donut House in L.A., and it was the entire username and password list to the system called Cosmos.
And with Cosmos, you could actually create telephone service.
Or if you have, you could basically do anything at the time, and it gave you all this power over the phone company.
art bell
Oh, man, you've been king for a while.
kevin mitnick
Yeah, yeah, for, yeah, for quite some time, you know, I think at least over a decade.
So in any event, so I was so amazed with this phone freaking stuff that I just delved into this, even to the point where I would be staying up late, you know, talking to other people with similar interests, and I'd always be late for school.
So it kind of overtook my life for a little bit.
And then I met this other kid in high school that knew about all the things I could do with the phone.
And I was also in amateur radio at the time.
So when I was like 13 years old, I passed my general test, and I was always fascinated with the ability to use a thing called an auto patch.
And I know you know what that is.
art bell
I do, and we'll tell the audience.
But Kevin, let me, I forgot to announce in my opening, this would be news for you and pretty warm news.
Are you still a ham?
Oh, no, they took your ticket, huh?
kevin mitnick
No, no.
They went to take my ticket because of my hacking stuff.
Yes.
But I went to a hearing in D.C. It cost me like 20 grand.
And I hired a lawyer.
You got it.
And yeah, they basically, they had a hearing to see if I was rehabilitated enough to have my amateur radio ticket back, and they gave it back.
So I still have it.
Unfortunately, I haven't had time to use it, but I still have the ticket.
art bell
All right, well, guess what?
It was announced today that the Heath Kit Company is back in business.
kevin mitnick
No way.
Are you serious?
art bell
Yeah, I'm serious.
Heath Kit, folks, they built kits for ham operators, kids, everybody, so you could learn about electronics.
And many of us have been mourning the passing of HeathKit now for a long, long time.
Heath Kit is back in business.
So if you want to get your kid a kit and start them down the road toward electronics and then, of course, illicit hacking like Kevin has done.
Not really.
Getting them into electronics.
Get a Heath Kit, really, seriously, free advertising for Heath Kit.
But there you go.
They announced it today.
kevin mitnick
Hey, you know what Art?
I built my first two-meter handheld, two-meter radio handheld.
It was a Heath Kit.
art bell
There you go.
kevin mitnick
That I bought from this place called Henry Radio, if you remember them in L.A. They were like one of the old school places.
And I remember, again, I was 12 or 13 years old.
So back to the story.
art bell
Well, wait, wait, wait, wait.
kevin mitnick
Go ahead.
art bell
Let me stop you again.
You had a Heathkit story.
I've got one.
Tell me.
My first transmitter was an AT-1.
That's the first one I think they ever made, actually.
So I didn't have a receiver, Kevin.
So I built the, I ordered the HeathKit AC3 that went with it.
And I started to build it, but I didn't read the manual sufficiently.
And in the manual, it talked about clipping lead lengths.
So when I put a resistor or a capacitor in, I thought, well, it's got to be the right size wire.
And so I used all the wire involved.
Well, when I finished building the kit, I had what looked like spaghetti sticking out of the bottom of it.
unidentified
Yeah.
art bell
Because all the leads were, you know, like two inches long.
So they were all sticking out.
And when I put it in the case, before I gave it a try, it squished them all down.
So when I plugged it in...
Close your eyes and imagine.
But there was smoke and fire.
kevin mitnick
Oh, no.
art bell
Oh, yes.
So if you don't clip the leads, you know, you end up with stuff that sticks, you know, a couple inches.
It's a sad story.
Anyway, go ahead.
Now you can resume.
kevin mitnick
Oh, well, when you were talking about radio, you know, when they tried to take my hand ticket, you know, I am glad they didn't know about something that I did in my younger years, because remember, I got my amateur radio license about 13, is I used to have so much fun when I was about 16 years old.
I guess I was a junior in high school, taking over McDonald's drive-up windows.
art bell
Oh, that can still be done.
kevin mitnick
That can still.
So I remember the frequency was 154.6 megahertz, and I forgot the PL, the sub-audible tone, but what you could do is when somebody would drive up to make an order, I'd be using like a 5-watt handheld, which would overpower their small little transceivers they'd wear on their head.
And when customers would drive up, I'd get to take their order.
And, you know, Kevin taking their order is a lot more entertaining than McDonald's taking the order.
art bell
You know what?
I'm going to tell you what I wanted to do.
I didn't do it, Kevin, but you'll appreciate it.
kevin mitnick
Yeah.
art bell
You know, in Walmart, they all have headphones and little radios in Walmart.
And so I was thinking, how fun would it be to drive into the Walmart parking lot, announce yourself as the president of Walmart International Visiting, and the first, oh, I don't know, 35 employees to make it out the front door into the parking lot, get $1,000 each.
And then just watch.
kevin mitnick
Oh, yeah, that would definitely be entertaining.
art bell
But I would never, of course, do that.
kevin mitnick
Of course not.
art bell
Of course not.
kevin mitnick
So anyway, when I was playing with this McDonald's, you know, people would drive up.
I'd take their order.
I'd tell them they're the 100th customer.
Your order is for free.
My favorite is when the cops would drive up.
Cops would drive up.
I'd go, hide the cookie, hide the cookie.
unidentified
Oh, God.
I wish I could have just seen this guy's face when they drove up to the drive-up window.
kevin mitnick
But it got to the point that the manager of this McDonald's, this was in Sherman Oaks, California on Ventura Boulevard.
And this guy was walking out into the parking lot.
He's like looking at all the cars.
He's trying to see, well, who's playing around with the system?
And then he didn't see anything.
So then his next move was to walk up to the drive-up window speaker, and he actually bends down to look inside.
Like somebody was hiding inside.
And of course, I key down the mic.
What the hell are you looking at?
And this guy flies back about 10 feet.
I mean, hands down, I would say that was my favorite kind of radio trick, but I'm glad the FCC never knew about it.
art bell
Moreover, it should be pointed out, the Statute of Limitations has long run out on that.
kevin mitnick
Yep, yep, yeah.
I'm a little bit older than 16.
So when I was in high school, this other kid said, hey, Kevin, you know, you might be interested in computers.
And I was kind of, you know, like, I wasn't so interested.
I was more interested in the telephony side.
And back in those days, it was all electromechanical switching, crossbar, or what they called step-by-step.
And so I decided, okay, I'll go meet the instructor, you know, and maybe it would be interesting.
So I meet this guy, a guy named Mr. Chris.
I still remember his name.
And I get introduced, and then the instructor's going, well, what's your prerequisites?
Are you a senior?
unidentified
No.
kevin mitnick
Did you have these classes yet?
No.
He says, I can't let you in.
And then the other student goes, hey, show Mr. Chris what you can do with the telephone.
And then it was like watching a guy watching David Copperfield perform.
I mean, the guy was just like, oh, my God.
And immediately says, I'm letting you into class.
And once you know, like the first assignment, this was a programming class, Fortran.
The first programming assignment was to write a Fortran program to find the first 100 Fibonacci numbers.
And at the time, I thought that was the most boring application of writing a Fortran program that they could think of.
So instead, I thought, hey, it would be cool to write a program to steal the teacher's password.
You know, at least that had some utility to it.
So I didn't know anything about coding.
And I just read, read, and read.
And at the time, I read a lot about the operating system they used in high school at the time.
And I actually wrote this program that was a login simulator.
Kind of today they call it phishing.
And what we used in the time, if you remember this, we had these old Olivetti terminals.
They had acoustic coupler modems that would go 110 ba.
That's about 10 characters a second, if you could imagine.
And they would never, the instructor, when he would log onto the computer, you know, in the Los Angeles Unified School District, he would always stay dialed in and never hang up the phone to re-log in.
So basically what my program did was it simulated the login process.
So I was able to steal his password.
He never knew about it.
And so it came around time to turn in the assignment.
And he came up to me and goes, where's your Fibonacci assignment, Mr. Mitnick?
And I, hey, I didn't do it.
I'm sorry.
I was busy.
And he goes, wait a second.
I stuck my neck out to let you into class, even though you didn't have the prerequisites, and you're going to embarrass me by not even doing the work.
And I said, well, I wrote a different program.
It's in Fortran.
It was a little bit more complex.
You might like it.
And he goes, what is it?
I said, the one to steal your password, isn't it?
Blah, blah, blah, blah.
unidentified
You're the birth and nurturing of what grow up to be.
art bell
A hacker and a criminal.
unidentified
Anybody could see that guy Night is young and the music is high Wanna take a ride?
Your conductor, Art Bell, will punch your ticket when you call 1-952.
Call Art.
That's 1-952-225-5278.
art bell
All right.
Kevin Midnick is here and, you know, joking around about criminals.
Well, maybe once.
He's not really a criminal.
He works and hacks only for the Lord now, actually.
unidentified
Welcome back, Kevin.
art bell
You are there, right?
unidentified
Kevin?
Kevin.
art bell
Kevin!
kevin mitnick
I'm here.
I was muted.
Sorry.
art bell
Good lord.
He's a computer guy, too.
All right.
So where were we?
You threw me all off now.
kevin mitnick
We were talking about when I was in high school, and I wrote that, and the computer instructor allowed me in the class, and he gave me an assignment to write the first, to find the first 100 Fibonacci numbers using Fortran.
Instead, I wrote a program to steal his password.
That's what we're talking about.
So when I showed him the program, I mean, first of all, he was like shocked that I had his password all this time.
But he actually, you know, took the program, put it up on the chalkboard, and showed all the other students and gave me a whole bunch of attaboys that this was the coolest program that he's seen.
So back when I was in high school, the ethics taught, at least to me and to others, was hacking was a cool thing.
There were no laws against it.
And that's kind of how I started on my path into this hacking endeavors.
art bell
So you were bad to the adolescent bone.
unidentified
Yeah.
art bell
All right.
So there you are in high school.
Got away with an A, or I figure went in and put it in, one way or the other.
kevin mitnick
Got an A. No, no, didn't have to put it in.
unidentified
Okay.
kevin mitnick
Yeah, it was just way too easy.
art bell
So at some point between the phone freaking and the hacking in high school, at some point there, you turned the corner with computers.
How did that happen?
kevin mitnick
What do you mean by turned the corner?
art bell
You turned the corner.
In other words, from phone freaking and messing around in school, you somehow then graduated to, I don't know, bigger and more dangerous things.
unidentified
Oh, yeah.
kevin mitnick
Well, you know, I started more hacking into the phone company because at the time I was definitely interested in phone freaking.
Then I took the ability of learning about computer systems to breach Pacific Bell and general telephones computer networks and gain control of what phone company switches, if you will.
basically had the ability to do anything with anybody's phone service in California at the time, California, Nevada.
And that's kind of what It was more for pulling pranks, like changing what they called a line class code in a switch on a phone number.
What that did is change the type of service.
So we'd go in and change our friends' home phones to pay phones.
So every time they'd make a call, say, please deposit 25 cents to the point of changing their service to a prison phone so they could only make collect calls.
art bell
And I also know this type of stuff.
I seem to recall that phone freaks would get together on dead trunks and they would speak with each other.
Now, I only know these things, of course, because I've interviewed so many people like you.
And please, folks, don't call yet.
They're calling now, and we're not ready for calls.
But anyway, so there would be like party line conversations between phone freaks, right?
kevin mitnick
Yeah, I remember those days.
art bell
Yes, and I would imagine you were, well, with some of the information you had, you must have been kind of like a king back then.
kevin mitnick
Well, I didn't really associate with many people.
I had a few close friends that also were into the same type of hobby, and we just wanted to learn everything there was.
So we would talk to others more to, acting like a sponge to get more information.
But we weren't really, it wasn't like I'd sit there and hang out on these conference lines just to talk to people.
That wasn't really interesting.
What I wanted to do was learn the information.
How can I get better at getting more control over telephone company computer systems to pull pranks?
That was really the initial goal back in those days.
art bell
All right.
A couple of myths possibly about you, or not myths.
You can clear them up.
The whistling you've already covered, but was there something about nuclear weapons, really?
kevin mitnick
Oh, well, oh, yeah.
So if you fast forward back to like 1989, I was arrested by the FBI.
art bell
Oh, well, let's stop here.
How did the FBI get on to you?
kevin mitnick
Well, one of the guys that was kind of hacking with me got upset with me, and he basically called the FBI and told him what I was doing.
So it was basically what I was doing at the time, and so he acted as an informant and basically told him what's going on.
art bell
So you were ratted out?
kevin mitnick
Essentially.
art bell
Yes.
Yeah.
And he did this why?
Because you were in a TIFF with him over at some point.
kevin mitnick
Well, I mean, I'll tell you the story.
So we'd constantly be betting against each other to see who could do the better hacking.
And the bet was always $150.
Dinner for two at Spagos, we figured out $150.
And I kept winning.
And then he got upset about it and said, well, I'm not going to pay you.
And I said, oh, yeah, you're not.
Even though we have this bet going.
He goes, no, I'm not paying you.
I said, okay.
Then I figured I'd just kind of play a joke on him.
And so what I did is on a Friday when he was getting paid, I called up the company and represented eyes with the Internal Revenue Service and that we're faxing over our garnishment order.
So please do not give him his check.
And the whole idea was just to inconvenience him for the weekend.
It was like a joke, a practical joke, but he got really, really angry over the whole thing and then went to his boss and told him all the hacking we were doing.
And then they both called the FBI together.
So that's basically how I got caught was, you know, other people knew what I was doing and informed on me.
art bell
That's sad.
Well, the FBI apparently did not get you right away, or you were on the lamb for a while or what?
kevin mitnick
Well, that was later, so I was basically...
art bell
All right, so this was your first brush with the FBI.
kevin mitnick
So I ended up in court, in federal court, and I was arrested on a Friday, and I end up in custody at Terminal Island Federal Prison for the weekend, which wasn't fun at all.
And I end up in court, and I'm positive I'm going to get bailed out.
It just matters how much is the bail going to be.
So I end up in federal court, and I walk in, and this attorney walks in that's going to immediately represent me, a federal public defender.
He goes, have you ever been outside the country?
I go, no.
Have you ever had a passport?
No.
And we go into court, and the federal prosecutor starts telling this judge, not only do we have to hold Mr. Mitnick without bond because he's such a danger to the community, we have to make sure he can't get access to a telephone.
And then he goes on to say if Mr. Mitnick gets access to a telephone, even a payphone in custody, he could dial up to the modem at NORAD and he could whistle into the modem and communicate with the modem and instruct it to pass the launch codes to the ICBMs and start a nuclear war.
art bell
And you're telling me this judge...
This judge bought it?
kevin mitnick
The judge bought it.
Or the judge maybe didn't buy it, but this figure didn't.
art bell
Didn't matter.
kevin mitnick
Didn't matter.
And so I was held in what they called a hole in the Metropolitan Detention Center in L.A. for almost a year.
unidentified
The only way I got out of the hole...
kevin mitnick
A year in solitary confinement.
The only reason I got out was I agreed to plead guilty.
So the prosecutor told my attorney, if Kevin just does what we want.
Wait a minute.
art bell
What were the actual charges?
kevin mitnick
Possession of unauthorized access devices.
So I had access codes to be able to dial into MCI, which was a long-distance carrier, and then hacking into DEC, Digital Equipment Corporation, and getting access to source code of one of their security tools that acted as an automated hacker.
Because I wanted to learn how the tool worked.
art bell
Well, that's fairly serious.
kevin mitnick
Anyway, there were serious charges.
So, in any event, later on, after about a year, I was able to get out of there because before we even leave this, what's it like to spend a year in solitary?
It was pretty tough.
Can you imagine all your listeners going into their bathroom in their home and shutting the door behind them and not leaving for a year?
Now, mind you, they allowed you to shower for three times a week.
They let you go into this recreational area that wasn't so much bigger, you know, one hour a day.
art bell
Only I can imagine that after an extremely spicy dinner.
Otherwise.
kevin mitnick
But I'm telling you, I mean, it was pretty horrific.
And I wonder how that actually affected me today.
But the idea that you're just locked in this cell 23 out of 24 hours a day for a year is like, it was just an incredible amount of like, how, you know, I asked myself today, how did I get through such an ordeal?
And I just did.
You just adapt.
unidentified
Right.
art bell
Well, what did you do?
I mean, did you sit in your cell and just sort of think?
Did you think about computers?
Did you think about women?
Did you think, what did you think about?
kevin mitnick
Thought about escaping.
You want to know the truth.
Get the hell out of there, right?
So that's kind of like what I thought about.
But I had, you know, they allowed me because I wasn't there for being, you know, disciplinary reason.
They allowed me to get a Walkman radio, which passed a lot of time and reading books and sleeping.
So a lot of sleeping, but it was a pretty...
But, you know, I'll tell you one thing.
So imagine I'm in solitary confinement in a federal prison, you know, facing, what, 400 years for hacking in the Digital Equipment Corporation.
And in the, okay, remember how they said I was so dangerous I couldn't be near a telephone.
So the judge.
art bell
Okay, now you suddenly got closer to the mic and you sound better.
I don't know what you did.
kevin mitnick
I'm holding the mic to my face.
I'll start doing that more frequently.
So anyway, the judge made a special order that I was only allowed to call five people at the time, and that was my mother, my grandmother, my attorney, my father.
Like I had five people on the list that I could call.
And so imagine I'm in solitary confinement, and at the time I was married, and I could only call my wife's phone number at the time.
And she was always at work.
And funny enough, she worked at General Telephone in Thousand Oaks.
Yeah, so that was pretty funny.
But in any event, so when they would allow me to make a phone call, it was always during the day.
So the guard would shackle my hands, shackle my feet, walk me over to this room that had three payphones.
And the payphones had, the handset cords were quite long.
And then the guard would take out this logbook.
He'd say, who do you want to call?
And I'd tell me what I want to call.
He would dial the number with a zero in front of it because it always had to be collect.
And he'd hand me the phone.
and he'd sit in the chair watching every move I made.
art bell
And then I was thinking...
kevin mitnick
No, no, no.
Well, maybe.
But, you know, it got even better than this because I figured I had nothing to lose.
What else could they do to me?
I'm in solitary confinement in a federal prison.
It can't get any worse.
So I figured, okay, I'm going to try to beat their system.
So what I did is I would, you know, I pace back and forth when I was on the phone.
I'd be scratching my back.
I'd be rubbing my back against the payphone, you know, facing the guard.
And then I thought, okay, I'm going to give this a shot.
I really wanted to talk to my wife at the time who was actually at work.
And her number wasn't on the list.
The work number wasn't on there.
So basically, I put my hand behind my back, and I hung up the switch hook.
And I knew, then I put my hand in front of me and just acted like I was rubbing my back against the phone again.
And I knew I had 18 seconds before it would start going to what they call a reorder, like a fast busy tone.
And I would hear it.
And then I reached back at me and acted like I was scratching my back.
And I dial zero plus the work number.
And I was pretty good with using a touchstone pad.
It wasn't that hard.
And as I was walking, I act like I was in conversation because the operator was going to come on and say, who's the clutch called from?
So I'd say, oh, you know, tell Uncle Mitchell that Kevin said hi.
And when I said the word Kevin, that's when the operator's asking who the clutch calls from.
And I was able to do this, right, to call anybody that I wanted for like, you know, three to four weeks.
And then one morning, about six in the morning, my cell door opens, and it's the executives of the prison, the associate warden, like two of them, the captain.
You know, I thought that, you know, maybe a family member had died.
Something really serious was going on.
So they brought me into this room and they sat me down.
And then the captain, he's the head of security, goes, Mitnik, how are you doing it?
And I go, excuse me, how am I doing what?
He says, well, we're monitoring your phone calls downstairs.
We're actually recording all of them.
You know, you do have notice about this.
And somehow our officer is watching you every second.
And you're somehow redialing the phone.
How are you doing it?
And then I remarked to him, I said, I don't know what you're talking about.
What do you think I am?
David Copperfield?
unidentified
Right.
Right.
kevin mitnick
And, yeah, they didn't like my sense of humor.
So they threw me back in the cell.
And then a couple days later, Pacific Bell was out, and they were installing a phone jack in the hallway near where my cell was.
And I was thinking, are these guys stupid enough to actually put a phone in my cell that's restricted to calling certain numbers?
That was going through my head.
They couldn't be that stupid.
So when it ended up that I actually had to make a call, it was a little bit different.
The guard brought a phone.
He plugged it into the jack.
He dialed the number and then put the handset through the trapdoor where they feed you in the cell.
So the only thing I could touch was the handset.
So I kind of felt like Hannibal Lecter in the silence of the lamps.
art bell
Man, what a story.
That's a year in solitary.
kevin mitnick
Yeah, so I even was hacking from solitary confinement.
art bell
All right, so we assume eventually somebody says, you know, we've got to make a deal with Mitnick, and they come to you and they cut a deal.
Did you get away with time served?
kevin mitnick
No.
art bell
No.
kevin mitnick
Actually, they basically said, hey, deal with us.
We'll let you out of solitary.
You'll spend four more months in custody and then you'll be out.
So basically, I kind of got really tired of being in solitary.
So I'd admit I murdered JFK.
It didn't matter.
I didn't care.
So I just signed on the dotted line and then that ended that part of the story.
art bell
Good.
And then so you were still in custody, but in Genpop?
kevin mitnick
Right.
They moved me over to this place called Lompak.
It was a camp in Lompak, California, and they had to sit there for a while.
art bell
Actually, nice place I hear.
It's quite nice.
kevin mitnick
Yeah, they had a kind of storytelling cool.
Got to meet some federal judges that were in there.
It was kind of cool, some senators.
unidentified
Kind of like the creme de la creme of criminals.
kevin mitnick
It was quite interesting.
art bell
All right.
That was experience number one with the FBI, right?
Or was that the only one?
kevin mitnick
No, no, no.
Then I was out on supervised release and I'm trying to make a long story short and what had happened is I kind of got out of hacking at the time.
I got into being a gym rat, so I'd be working out all the time.
I kind of moved my interest into working out and stuff like that and moving away from the hacking.
And then all of a sudden I had a horrific experience happen in my family.
My brother, my half-brother, he was found dead in his car on the passenger side in a bad area of Los Angeles.
So then I go, then I knew the cops weren't interested in really investigating this, that he would just be some sort of statistic.
And I was pretty close to my brother at the time, and I just had to find out what was going on.
So I started getting back into hacking to get into the systems to find out, to look at phone records that might help me identify or figure out what actually happened to my half-brother.
unidentified
Wow.
art bell
I mean, how did hacking help you do that?
kevin mitnick
Well, I suspected somebody.
We had somebody else in the family, actually, an uncle, who was heavy into using heroin.
And I immediately thought, well, maybe my brother hooked up with my uncle and something was going on there.
So the first thing I did was get what they called the call detail records of my uncle, my uncle's cell phone at the time, to get his location where he physically was during the last 48 hours and anybody that he called.
So I was kind of becoming like a somewhat of a private investigator to figure out what had happened to my brother.
art bell
Did you find out?
kevin mitnick
Yes, unfortunately, I found out my initial instinct was correct because my half-brother's, well, my uncle's former wife had, when he passed away, had come clean with the story that he was definitely the guy behind it and told me the entire story.
So unfortunately, my hacking skills then helped me uncover that it was him at the time, but I found out later that I was absolutely 100% spot on.
art bell
Gotcha.
unidentified
All right.
Hold right.
art bell
We're in a short break here, not the hour.
unidentified
Kevin Mitnick is my guest.
art bell
He's really something.
As it goes on, you'll see what I mean.
I'm Art Bell.
is Midnight in the Desert.
unidentified
Midnight in the Desert.
Remember, when calling Midnight in the Desert, let the phone ring until answered.
These calls are unscreened for your listening pleasure.
Call 1-952-CALL ART.
That's 1-952-225-5278.
art bell
Sure is true.
We don't screen calls.
No need to.
Whatever comes, comes.
You know, if it's really bad, I've got a button I can push and erase you.
Really sounds bad, doesn't it?
Listen, I wanted to do a fellow a favor, and so he emailed me the Lumen thing that I use for my back.
He can't seem to get the number, so I'm going to give it to him slowly.
This thing actually works.
It's the only thing that ever has.
So are you ready?
unidentified
Got your pencil.
You wrote me a long email about this.
art bell
It is Area Code 828-863-4834.
One more time.
I hope you're writing this down because I'm not going to do it again.
Area code 828-863-4834.
Like I say in the commercial, it's not cheap, but it works.
And all my life, nothing else has.
So I use it every single day.
All right.
You're back on, Kevin.
kevin mitnick
Great to be back on your show.
art bell
All right.
So that was mix-up one with the FBI.
Can we, without ruining the story, jump to number two?
Sure.
kevin mitnick
You know, I was kind of explaining it before we went to break.
And so what had happened is we already talked about number one.
Then number two was a much longer and complicated story that started with me getting back into the hacking, you know, to investigate why my brother was found dead in a car.
art bell
Right.
kevin mitnick
And then I started heavily getting back into this because it was just kind of attractive to me at the time.
art bell
Irresistible.
unidentified
Wow.
kevin mitnick
Oh, it was irresistible.
And I remember that the government at the time had sent this guy, a guy named Justin Peterson, his name was also known as fake name was Eric Hines.
They sent this guy who had been involved in credit card fraud and other activity to see what I was up to because they told him there would be a real fetter in your cap if you can get some evidence that Kevin Mitnick is doing something wrong.
art bell
So actually, they were still after you, Kevin.
kevin mitnick
Yeah, they were still after me.
I kind of figured it out kind of quickly, and then I started investigating the FBI and trying to figure out what they were doing to the point where I hacked into a Patel Cellular in Los Angeles, because back in those days...
art bell
You're a little bit distorted.
Now, I don't know whether you're speaking loudly and far from the mic or you need to adjust the volume or something, but this time you began to get a little distorted, like you were hitting it too hard.
kevin mitnick
Sorry about that.
How's it now?
Is that good?
art bell
Yes, better.
kevin mitnick
Okay, maybe I was just getting too excited.
art bell
Yeah, so I understand.
And so they sent this guy to sort of make friends with you and see if he could get you.
kevin mitnick
Exactly.
So what had happened is I kind of figured out what was going on kind of quickly.
And to fast forward a little bit, I decided, well, I'm going to find out who's investigating me and why they're doing it.
So what I ended up doing is I hacked into Pacific Bell Cellular.
And back in those days, there was only two cell phone providers in Los Angeles, LA Cellular and Pactel Cellular.
And I was able to successfully get in.
And the first thing I was looking at was the call detail records, that's the real-time billing records to try to identify who has a cell phone that's provided by their services provided by Pactel that calls this informant guy because I was able to figure out his home phone number.
And that's another story in itself.
And then I was able to identify these five to six phone numbers that were calling him quite frequently.
And then I looked at their billing records and saw that they were calling internal numbers at the FBI.
So it wasn't hard to figure out that the cell phone numbers of the team of FBI agents that were working with this guy.
So I set up this early warning system.
I was working as a private investigator in Calabasas, which is a suburb of L.A. And I set up this early warning system that basically using a device like a radio scanner and using a particular software, I was able to monitor the cell site in Calabasas over radio to determine whether or not any of these cell phone numbers registered, which means that they're physically in the same location.
So I set up this early warning system for the FBI, and nothing had happened.
I kind of forgot about it.
And about three weeks later, I walked into the office and I heard this loud beeping coming from my office as I walked into it.
And I go like, what's going on?
This is weird.
And I looked at the computer and the early warning system had been tripped.
And I go, oh, my God.
You know, one of the numbers came up.
And I knew who had the number because what these agents would do is they'd call their voicemail all the time.
So I'd see this number that was constantly repeating.
And so I called the voicemail and then it would say, hello, you know, this is Ken Maguire with FBI squad three or whatever.
And then I knew the names that were attached to the cell phone numbers.
So this guy, Ken, the guy who was the lead guy that was kind of my hand ratty and catch me if you can.
So this guy was the lead guy trying to capture me or catch me doing something wrong.
And so at the time, I looked at this capture, and two hours earlier, when I was sound asleep, this guy, Ken, had called a payphone across the street from my apartment at the market.
And I'm going, and I'm thinking to myself, that doesn't make any sense.
Like, why is he calling a payphone?
He's at my apartment complex.
Two hours, and I'm sleeping.
They know where I live.
Why didn't they knock on the door?
What are they doing?
They're not there to arrest me.
So then immediately I realized what was going on is they were there to get a description of my apartment premises for a search warrant.
And I go, oh, so that's what they're doing.
So, of course, I immediately went home.
I cleaned out anything that would be interesting to the government, anything electronic.
I put it over at a friend's house.
And then because I was such a smart ass at the time, I decided to go over to the local donut shop.
And I bought an assorted dozen donuts.
And I wrote with a Sharpie on the box, FBI donuts.
I stick it in the refrigerator.
And then on a piece of paper outside the refrigerator with a magnet, I put FBI donuts inside, like with the Intel logo, how I used to say Intel inside, or whatever.
I made an FBI donuts inside.
So they actually raided me the next morning at 6 a.m.
At 6 a.m., they were trying the key into my door, but I opened it, and all these federal agents are storming into my apartment, in my small one-bedroom apartment, and the only thing they found were the FBI donuts.
They were pretty pissed.
So this is another reason why the government, I think, came down on me quite hard is because I was such a smartass and I mean, okay, so they obviously, or did they arrest you on the spot?
art bell
And if so, what for?
No, they didn't.
kevin mitnick
No, they had no evidence that I was doing anything.
They had no concrete evidence.
art bell
All right, but after FBI donuts, they hated your guts even more.
kevin mitnick
I think so.
I think I ruffled a few feathers.
art bell
All right, so then how did they eventually get you?
kevin mitnick
Well, eventually, you know, you fast forward.
I lived in Denver, Colorado.
I was working for a law firm, and then I left there and went to Seattle and worked as a help desk analyst at a hospital there.
And then eventually, well, what happened in Seattle, I was nearly caught.
art bell
Back away a little more from the mice.
You're getting very excited.
kevin mitnick
So I was living in Seattle, and I was almost apprehended there.
And I was able to get away before they knew that it was Kevin Mitnick.
And that's, again, a longer story.
art bell
Why were they after you?
In other words, if they didn't arrest you back in the donut days, why are they now hunting you down like a dog?
kevin mitnick
Oh, because at the time, you know, around the donut days, about a month later, they issued a warrant for my arrest for violating my probation.
Because what they figured out that I had done is, again, this is a real long story.
And I actually have a best-selling memoir out there called Ghosts and the Wires.
All these stories are inside there.
art bell
Okay, so what did you violate?
kevin mitnick
Well, what had happened is I routinely used to check to see if I was being wiretapped.
If you'd believe it.
I do.
And what I used to do is use what we call a social engineering attack.
I'd call the central office and I'd impersonate security or something.
And I would try to find out if they had certain types of devices in the central office.
And then if they did, I'd have the frame tech technician go ahead and trace out the connections and give me the data.
So basically, I was able to call the central office to find out if the phone company had any active wiretaps going at the time.
So what I did is I called the Calabasa Central Office.
I acted like I was with security.
My con was, was, hey, I'm with the PacPell security, and we have an ongoing case in Canoga Park, and we need to know if we have any of our boxes over there, because we're going to have to move them to Canoga Park for this investigation.
So the FrameTech goes offline, and he says, oh, yeah, we have three.
And I go, oh, my God, because at the time I was staying at my dad's apartment and he had three phone lines.
So, what had happened is I had the frame tech trace these connections out and I realized the wiretaps weren't on me, they were on this private investigation company called Teltech Investigations.
And so, I was so ecstatic because I was so worried that I was being wiretapped, but it turned out to be on some other target.
So I went home that night and I told my dad we're having dinner, and I said, hey, dad, I was checking to see if we had any wiretaps on the line, you know, over normal conversation over dinner.
And my dad looks at me like I'm some nut, like I'm living in some spy novel.
None of this is true.
unidentified
It's like a figment of my imagination that was quite funny.
kevin mitnick
And then I tell him, well, luckily it wasn't on us, Dad, but it's kind of funny.
It's on this PI firm called Telltech.
And then what had happened is he goes, wait a second, I know the manager.
He lives in this building.
He's a friend of mine.
So the guy named Mark, so he invited him over.
I told him the story.
And then immediately they offered me a job.
And my job was to find out who was wiretapping them and why.
art bell
Well, you already knew, right?
unidentified
No, I knew the phone company was doing it, but the phone company was doing it on behalf of the law enforcement.
art bell
That's right, of course, yeah.
kevin mitnick
Right?
art bell
Yes, right.
kevin mitnick
So they wanted me to figure out what was going on.
And I said, hey, that would be kind of interesting.
And so when I was doing this, I did kind of cool favors for this guy.
I added special custom calling features you couldn't get at the time, like caller ID.
They didn't even have caller ID tariffed in California.
And I added it to this guy's line.
And so when the phone company, when they figured out what was going on later, what the violation of probation was, was I was able to find out the phone number of the law enforcement officer.
It was a sheriff, a guy named David Simon, who was working the case against Teltech.
And what I did is I hacked into this guy's voicemail.
So basically I could find out the status of the investigation.
And that was the violation charge.
art bell
Yeah, that sounds like a dividend violation.
kevin mitnick
Yeah, definitely.
But you know, the coincidence is this guy, David Simon.
So, you know, much later, I'm commissioned to write my first book on social engineering.
And it's called The Art of Deception.
So my agent finds me this co-author, and his name is Bill Simon.
And we're sitting around talking about all these stories, you know, about my past.
And the funny thing is, this guy, David Simon, who I was monitoring for Telltech investigations, is his twin brother.
Small world.
art bell
Okay.
So you found out they were after you again.
unidentified
Oh, yeah.
kevin mitnick
Yeah.
So found out it was after me.
And then, you know, again, it's a very long story.
And then I became, you know, a fugitive, if you will.
art bell
For how long?
kevin mitnick
About three years.
art bell
Three years.
So for three years, you were moving from place to place to place, evading the FBI.
kevin mitnick
It wasn't so hard.
You know, I was really good at creating new identity.
So I actually had a good government identity.
And my first identity was paying homage to Harry Houdini because my first cover identity was Eric Weiss.
And that's Harry Houdini's real name.
Of course, the FBI had no sense of humor, but I thought it was quite funny.
art bell
I'm sure you've learned by now from Donuts to whatever.
Yeah, Harry Houdini.
kevin mitnick
They like Harry Houdini.
art bell
Right.
They don't have a sense of humor.
Government guys, the ones that carry guns, no sense of humor at all.
kevin mitnick
None at all.
So anyway, so I was working in a law firm in Denver, and I remember one of my jobs was, well, one of my duties in the law firm as a system admin was actually, you know how lawyers are, they'll bill you for using a paperclip.
So basically, they put me in charge of, you know, maintaining the phone system to make sure that all the attorney calls were billed to the right attorney-client matter.
So basically, what I did is I added my own covert code in the system that if anybody in the law firm had called the FBI in Denver or Los Angeles or the U.S. Attorney's Office in Denver or Los Angeles, they would send me a page to my pager.
And it actually tripped a couple times, but I got really nervous, but it turned out that it had nothing to do with me.
It was the U.S. Attorney's Office in L.A., but their civil division.
So I used to set up all these early warning system type schemes, if you will, to basically protect myself when I was on the run.
art bell
All right.
Skipping ahead, because we have a lot to cover here.
How did the FBI get you the second time?
kevin mitnick
Well, basically, we hacked in, me and this other guy in Israel hacked into this guy, Satomo Shimamura.
And this guy was a security researcher that worked out of UC San Diego.
And we thought, you know, at the time, we were very interested in the source code to the firmware on cellular phones.
And what these were were trophies.
So I hacked into many of the major cell phone companies to get the source code to the cell phone.
And it wasn't that I was trying to sell it or trying to do anything.
I wasn't giving it away or publicizing it.
It was simply as a trophy.
So we thought that this guy Shimamura, who had the source code to the Oki 900, which was a model of cell phone.
So we went and came up with a novel way to break into his system.
And nobody knew it at the time.
It was using what we call, well, it was manipulating how TCPIP worked with sequence numbers.
And I'm not going to get into the tech behind it.
So basically, using this novel attack, we're able to hack this guy.
And right away, I was like suspect number one.
So Shimamura went on kind of like a vigilante mission to help the FBI capture me as, you know, because, of course, I drew first blood.
And basically, what had happened, if you fast forward, is they were able to identify a cell phone number I was using in Raleigh, North Carolina, and run out with radio direction finding equipment to basically nab me.
And mind you, when I was on the run, I always, the first thing I would do is compromise the local telephone provider's infrastructure.
So, imagine I go to Raleigh, I already had control of all the phones in Raleigh.
And what I did is I set up the cell phone number that I was using so you couldn't trace it back.
So, basically, it would loop in the switch.
They had these switches with DMS-100 switches.
And I basically said if they tried to trace the call, a tech at the phone company, they couldn't do it.
But Shiva Moore was actually pretty smart.
He did a thing.
He basically said, well, we know Kevin is dialing into this internet service provider called Netcom, which was a popular internet service provider back in the dial-up days.
So why don't we search the call detail records, kind of like what I did with the FBI a couple years earlier, and see if any cell phones in Raleigh are calling the dial-up numbers.
So that's how they were able to identify the phone I was using, because I used to change my cell phone number every day.
So that's how they were able to go about that.
Then we went out with radio direction finding gear and found the apartment where I was living under a cover identity.
And they couldn't trace what apartment it was.
So around, again, I was a gym rat at the time, so I used to go working out at night all the time.
So I arrived home about 12.30, 1 a.m.
And immediately I went online to start my hacking stuff.
And I just had a weird gut feeling in my stomach that something was seriously wrong.
art bell
Kind of like a deer just before it's going to happen.
kevin mitnick
Yeah, yeah, just like something really bad's going to happen.
So I walk outside my apartment, and I could see the parking lot, and I scan the cars in the parking lot because I just have this overwhelming fear.
And then I go back in the apartment.
Well, it turned out that when they traced the radio signals, I went to the other side of the apartment.
But because I went outside and it looked suspicious at 1.30 in the morning that some guy is looking at the cars in the parking lot and goes back in his apartment, that's how the U.S. Marshal that was on the team to apprehend me actually saw me, and that's how they were able to nab me.
art bell
So they were probably afraid you made them.
kevin mitnick
Yeah, exactly.
unidentified
So they nabbed you.
art bell
This is the local sheriff?
kevin mitnick
No, it was the FBI.
art bell
FBI.
All right, you go to trial for what?
kevin mitnick
I didn't go to trial for anything.
Eventually, I was arrested.
I was put back into solitary confinement.
art bell
Back into solitary.
kevin mitnick
And then I was pretty much on this long road of dealing with the federal government for a number of years and ended up being sent back to Los Angeles.
And I sat in federal custody without a trial for about four and a half years.
We finally settled the case with the government.
And I ended up having to do about 10 more months in custody.
And then that case was over.
Then basically, that's kind of my troubles with the law at the time.
art bell
And that is.
So you spent how long in jail second time?
kevin mitnick
Five years.
About eight years, five years and eight years.
art bell
God.
Was it in general population at the time, or again, were you...
kevin mitnick
One of them was to go through a CIA debriefing because the government had thought, again, that I somehow hacked into CIA systems.
And when I agreed to do the debriefing, basically on my own activities, they basically never did it.
What I learned is the CIA used to have computers supplied by Digital Equipment Corporation.
And since I had thoroughly compromised DEC's internal network and had access to everything, they were afraid that I was going to put some code into the operating system to gain access to intelligence computer systems.
So I never did that, never was planning on it, but that was the fear.
So basically, I ended up in custody.
I was hacking.
I was breaking the law.
I thought it was a little bit overboard, some of the, you know, like holding me in solitary confinement for potentially launching nuclear weapons.
But, you know, but I'm so happy that I'm able to put all this stuff behind me.
I mean, you know, this was like, you know, I look at this as all this is behind me, and I get to kind of do the same thing.
art bell
I mentioned to the audience that now you hack for the Lord.
kevin mitnick
No, I actually, yeah, it's kind of like Pablo Escobar becoming a pharmacist, right?
So basically, companies hire me and my team to basically compromise their physical security, their technical security, basically everything's security to find whether or not they're vulnerable so they could shore up their defenses so they could resist a real bad guy coming along later and protect themselves that way.
art bell
And so you are employed in that manner now?
kevin mitnick
I have my own company.
So basically companies hire my company to do what we call, it's called penetration testing or ethical hacking.
And basically, and it's so interesting.
Every time I'm dealing with a client, it's a new puzzle.
And it's almost like it's not work.
It's actually a very enjoyable and fun job.
And when I started hacking, it was all for the intellectual curiosity, the challenge, the pursuit of knowledge, especially.
And so it wasn't about making money or causing damage like you hear about these days.
art bell
Yeah, but not from their point of view.
kevin mitnick
Right.
So now, you know, I get to kind of do the same thing I was doing before and have that enjoyment, but at the same time, earn a living.
So it's kind of a cool turnaround.
art bell
Make any good friends in prison?
kevin mitnick
No.
art bell
No.
kevin mitnick
Not really.
I mean, trying to think of who I met that was interesting.
art bell
Well, that's all right.
I don't really want to go there anyway.
unidentified
No plan.
kevin mitnick
No, not at all.
art bell
All right.
All right.
So now you are up on current hacking.
kevin mitnick
Yes.
art bell
This is pretty weird.
I'm getting a weird thing.
You're not sending this, are you?
New video message received.
Play at blah, blah, blah, www.blah, blah, decline.
Weird.
kevin mitnick
I wouldn't click that.
art bell
No, I didn't.
I didn't.
Okay, so now you're up on the current sort of state of the world hacking-wise, right?
kevin mitnick
Yeah, pretty much.
I mean, what we cover is mostly on the security testing side.
art bell
All right, so let's talk about some current stuff.
Like, for example, Sony.
I mean, that was really, really bad, what happened to Sony.
And for that matter, the White House, too.
So with regard to those two hacks, do you the government, of course, blamed China.
kevin mitnick
Oh, North Korea.
art bell
Oh, North Korea.
I'm sorry, North Korea, that's right.
Because of that stupid movie.
unidentified
Interview.
art bell
Yeah, it was actually a semi-funny movie.
kevin mitnick
I enjoyed it.
I watched it on YouTube, but I kind of skeptical of whether it was really North Korea because I really believe that Sony, you know, they have so much internet properties, if you will, that it really wouldn't be that hard to hack into their network.
art bell
I think it was China for the White House, right, that they blamed.
unidentified
Oh, yeah.
kevin mitnick
Well, every time you hear about a hack on a national security issue, it's always China or North Korea.
It's gotten to the point that every unsolved hack has to be China.
Now, mind you, I don't have access to the information the NSA has, so they might have access to certain information or knowledge that they have that squarely places the blame on North Korea.
But personally, I haven't seen anything through any transparency on the government's part to actually prove that's the case.
art bell
Well, they probably wouldn't give it out.
kevin mitnick
Well, you know, why not?
I mean, if they have evidence that it was them, why not?
art bell
Because, you know, even that might show their capabilities.
So at least that's what they can claim.
kevin mitnick
Yeah, maybe if they're reading Kim Jong-un's email, they don't want to tell the public about it.
I could understand.
art bell
All right.
So you don't necessarily think it was North Korea.
kevin mitnick
I don't know.
I really don't know.
Again, I'm skeptical because I know how easy it would probably be to hack into Sony.
And in fact, when the hackers did this doxing, what doxing is where they hack into a target and just expose all their internal information, there were some documents in there that show that Sony's internal security wasn't really up to par.
And mind you, the CEO, Michael Linton of Sony Pictures, his domain password to get his email remotely, I can give it to you, it's changed.
It was Sony, S-O-N-Y, M-L, which is his initials, followed by a three.
unidentified
So you kind of wonder, like, how can this guy pick such a stupid password?
kevin mitnick
I mean, I already know, like, the pattern.
I'm sure next month it would have been ML4.
The one after that, ML5.
So they really had sloppy security.
And so it's not surprising if it would be surprising if anybody couldn't hack them, to be honest with you.
art bell
My God, that's lax.
I mean, I worked for a company a couple of years ago.
They sent me a computer, and with it came a key fob.
And this key fob would come up with a new security code for each time you would have to log in.
I'll tell you, I hated it so much, I sent them back the computer and the key fob, and I said, I don't want anything to do with your system.
Send me a laptop, plain old, plain Jane Windows 7 laptop, and you can take yours and make other use of it.
unidentified
Well, with that key fob, that key fob actually is a good idea.
art bell
I know.
unidentified
I know.
kevin mitnick
And people like you.
You don't want to be inconvenienced.
That's the mistake people make, and then they get hacked.
unidentified
I know.
art bell
Now, I do use programs to keep very close control of any possible problem.
kevin mitnick
What programs are those?
art bell
Well, I don't want to talk about it.
kevin mitnick
Okay.
art bell
I've got a lot of computers, and I'm not sure I should be giving out information on that kind of thing, frankly.
kevin mitnick
You're running Windows 7.
art bell
Yes, and I'm being invited to get Windows 10, by the way.
Should I do that or should I not?
kevin mitnick
Where's the link coming from?
art bell
Your personal opinion.
Oh, it's coming from Microsoft.
kevin mitnick
I'll give it a shot.
I've heard good things about Windows 10.
art bell
Actually, I have too, to be honest with you.
I have.
Windows 8, yeah, not so much, but Windows 10.
Good rep. All right, hold it right there.
We'll be right back.
I'm Art Bell.
unidentified
I know you deceived me, now here's a surprise.
I know that you have, cause there's magic in my eyes.
I can see you.
Got to love me, got to love me tonight.
Got to love me, baby.
On a big arrived from the High Desert and the American Southwest.
This is Midnight in the Desert, exclusively on the Dark Matter Digital Network.
To call the show, dial 1-952.
Call Art.
That's 1-952-225-5278.
art bell
Now, you may have thought that sounded strange, but that was just your provider dropping packets on you.
No.
How's Ross?
Happens to me once a night, at least.
Welcome back, everybody.
Kevin Mitnick is my guest.
I'm Art Bell.
We're talking about hacking, actually.
And here he is once again.
So this half hour, you know, people really want to call.
I've got to cover a lot of territory with you on new stuff.
And by the way, somebody sent a message, Kevin, that says, Art, Windows 10 is good.
But he says, thank you, Keith, whoever this is.
You no longer are able to play DVDs.
It erases the feature, and you have to buy a program to keep watching DVDs, true or false.
unidentified
Hmm.
kevin mitnick
Not sure on that one.
I never heard of that one.
Do I buy a program to keep playing DVDs?
art bell
Well, that's what he says.
You know, I get messages on a computer as I do the show, and that's what he's saying.
kevin mitnick
Okay, let's go to the next one.
art bell
Yeah, I don't like that.
All right.
Maybe it's not true.
Maybe he just had trouble.
You know, it could be.
All right, so I keep getting these calls, and so it's got to be one of the latest things from Microsoft.
Hello, an Indian voice says to me, I'm from Microsoft, and the last time your computer booted up, we detected a virus.
And then they would have you go to your computer and go through all kinds of gyrations, which lead inevitably to something horrible.
Now, I never let it go that long.
My friend Paul, he gets these calls as well.
And he took one of the guys and he kept him going, I think, for about an hour, maybe an hour and 10 minutes, you know, playing dumb, like, would you please go to run?
I can't find run.
You know, I mean, just really giving the guy.
kevin mitnick
I know what you're talking about.
I had the same thing happen, and I actually posted the audio to my website where this guy from the support, I think he called it the Windows Support Center.
And the guy was calling from India, obviously.
art bell
Oh, yeah.
kevin mitnick
And he was telling me that they keep getting messages, my computer's infected.
And then he was trying to step me through the process of trying to clean up the infection.
So I kept this guy on the line going for a while, and then I had to actually go to an appointment I had, but I actually recorded it.
And I'm looking for it on my website where I posted it.
It's actually quite funny.
art bell
Right.
Paul did that, but after an hour and 10 minutes, he told the guy, oh, I've got Apple.
What happened is the guy called him back and called him every name in English that he could think of and his family and everything else and then every Indian curse word he could hurl at him.
I think called him twice.
He was so angry.
Oh, well, if you go along with this and you do as they say, they're going to inject a virus into your system, and it's probably a pretty serious one.
Is that the one where you've got to pay to get your computer back?
kevin mitnick
No, that's ransomware.
So what these guys will do is they'll use a program.
They'll have you install a program so they can connect to your computer.
Yes.
And then what they'll do is they'll go ahead and, you know, right in front of you, download some malicious software to your computer and basically then try to sell you a product that cleans up the infection.
So it's basically a money-making scam, and it's been going on for quite some time.
Ransomware is different, is this is a type of malware that will encrypt your files or will pretend to encrypt your files and it will require you to pay a ransom to unlock your files using cryptography, if you will.
They'll encrypt the files.
And if you don't do it, you don't get access to your files.
There's even one case where there was a police department, I forgot exactly where in the United States, that actually was hit with this ransomware.
They actually paid the ransom.
art bell
Wow.
unidentified
Yeah.
Yeah.
art bell
Is it actually so serious, Kevin, or is there if you get hit with this ransomware thing, is there a way around it, or is it so tight you've got to actually pay?
kevin mitnick
Well, you have to think about how do you get hit with this stuff.
And usually the way you get hit with it is the bad guys are using typical social engineering, which is using spear phishing attacks or phishing attacks.
So what they do is they trick you as the user into doing something like opening up a file that sends in an email that contains the infection or clicking on a hyperlink.
If people don't do this, they're not going to get infected.
art bell
I get all that.
My question was, if you are infected with this and they want money, is there a way to get around it and get your system back or do you have to pay?
kevin mitnick
Well, I actually had a client call me that was infected with malware and infected with this ransomware.
And what the ransom was was $500.
So I told the client, I said, it's much cheaper just to pay the ransom.
And that's exactly what they did.
They got all their files back.
You know, in some cases, it depends on how much the ransom is.
And what people really need to do is start backing up their data.
I mean, if they back it up and, you know, and secure that backup, then even if they get infected with the ransomware, they could just restore the files and be done with it.
art bell
Okay.
So there might be a way around it, but it might be too expensive, depending on how much.
kevin mitnick
Well, it depends.
There's different types of ransomware that some is fake where it's not even encrypting your files.
In most cases, it's real, but a consumer usually can't figure that out on themselves.
They're going to need to know somebody that's pretty technically astute to be able to determine if it is, in fact, real.
So it really depends.
What you really need to do is find some expert that could help you out if that ever happens to you to find the best course of action.
I'm not saying that you just pay the ransom at all times.
In this particular case with this client, I just recommended it.
unidentified
Okay.
art bell
I formed a friendship sort of with a guy from Anonymous.
In fact, I had him on the air.
And we talked a little bit about Anonymous.
Now, he doesn't technically say he's in Anonymous, but if you read between the lines, you know, he probably is.
And so he's sort of a consultant of mine from Anonymous, sort of.
Would you think that's a wise idea or unwise?
kevin mitnick
Well, I mean, Anonymous is not really, it's kind of like a way that people think.
It's like anybody can kind of jump on this bandwagon of, you know.
art bell
No, this guy's a real McCoy.
kevin mitnick
Oh, he's a real McCoy.
So I actually think, you know, doing, you know, some of the stuff they're doing is kind of a bad idea because It actually doesn't, you know, they get a little bit of PR.
So if they hack into some police department and expose the officers' home addresses, for example, they get the PR, but they are never able to use that to get what they want.
In other words, they just never advance their agenda.
art bell
All right.
There is something on the internet that's below the internet.
You might call it the undernet.
You might call it the dark net.
What do you know about that?
kevin mitnick
Well, the dark net is like a kind of have you ever heard of Tor, George?
Like the 4 network?
It's some kind of a way to...
Well, the dark net, let's just say there's a way to actually.
art bell
I'm Art.
Yes, I know about Tor.
kevin mitnick
Oh, okay, great.
So perfect.
So, you know, the Dark Web, it's kind of like, you know, it's like these hidden services through Tor.
And there's a lot of, you know, illegal activity that occurs in these services, like with these services, like selling stuff that is illegal, you know, fake identities, for example, drugs.
If you recall, the guy that was running Silk Road was a dread pirate, Roberts, Ross Ulbritt.
He was actually caught even though he was using a Tor hidden service.
So there's a lot of services and information that you can buy on the dark web that is stolen data.
art bell
Okay, well, if you look up a darknet in search of information on the net, interestingly, one of the responses you get is the darknet is full of criminals and government agents.
And I'm thinking, how do you tell the difference?
kevin mitnick
Really can't.
I mean, in the case of the Silk Road investigation, apparently Ross Ubert had an administrator that was part of administrating Silk Road, and he was actually an undercover DEA agent.
So how do you really vet somebody's identity on the Internet?
It's extremely difficult.
art bell
And is there really a substantial difference between some criminals and government agents?
kevin mitnick
Well, I'm not going to answer that question.
art bell
Maybe you better not.
All right, so this following question comes from a movie.
kevin mitnick
Okay.
art bell
But I can't resist.
Could there ever be a fire sale?
kevin mitnick
Could there ever be one?
I doubt it.
I know what movie you're talking about.
You're talking about Die Hard, right?
art bell
Well, Die Hard?
Actually, no, it was a later one.
But the point is, a fire sale, let's explain it.
A fire sale, everything must go, right?
And so in this case, we're talking about a foreign power or a domestic agent of some kind disabling everything.
And that means streetlights, power, water, communications, you name it.
Disabling, you know, just attacking everything, a fire sale.
kevin mitnick
I know what you're saying.
I think it's far-fetched because the attackers would have to compromise such a great deal of a number of systems and remain undetected.
Now, mind you, remember when I, in the back of the 80s and 90s, when I compromised a lot of the telephone companies around the United States, I had complete control of a lot of switches at the time, but each set of prefixes required compromising a different switch and doing it and staying undetected and something like that.
So I think it's pretty far-fetched.
That's stuff that writers put in movies.
art bell
Well, maybe.
But you start hearing about some of the incredible hacks.
I think they believe that China got the names and IDs and socials of like OPM.
kevin mitnick
You're talking about the Office of Professional Management.
art bell
How many was it?
Millions, right?
kevin mitnick
It was millions.
But not only that, what the attackers were able to get, and this is allegedly China, was access to people's tops, when people go for a secret clearance, right?
They get all their psych backgrounds, their family backgrounds.
So the social security number is really easy to get.
I can look up anyone's social security number in 60 seconds on the internet.
But the attack on OPM was much, much more, much more personal data that was compromised and actually could be leveraged by a foreign national.
art bell
Let's talk about people's privacy.
I mean, the privacy of the people listening to this show right now.
If you really, really need privacy, is PGP any good?
And PGP, of course, means pretty good privacy.
Now, that was written and was said to be unbreakable.
I'm sure.
Well, I'm not sure.
Is that now still true or not true?
kevin mitnick
No, I think PGP is definitely a tool that people could use.
It's ordinarily used obviously to secure your email.
The problem is in configuration, normally the average person on the street can easily configure setting up what they call a private key and a public key.
And then they have to get the person that they're communicating with to do the exact same.
And there's actually a free version of PGP called GPG that anybody can download.
And it actually is a good way to definitely secure your email.
Now, mind you, when you send an email to somebody, you have to have their public key.
Well, one thing you have to make sure is that when you're sending, like if I'm sending an email to Art Bell, that I really have your public key, that it's not somebody else impersonating you.
art bell
Well, all right, look, let's define by who it's impossible.
In other words, the average person, the average even corporation perhaps could not decrypt it.
But if NSA wanted it, I assume they'd be able to read it.
kevin mitnick
I don't know of any known attacks that the NSA is using, at least according to the Snowden revelations, where they were able to crack PGP encrypted email.
art bell
Really?
kevin mitnick
Yeah.
I mean, yeah, I don't know.
In fact, just the opposite.
I mean, some documents that Snowden released, I remember there were some communications between GCHQ and NSA that they couldn't decrypt information that was protected using PGP.
art bell
How did you like the way Snowden addressed the NSA by saying, can you hear me now on Twitter?
kevin mitnick
I thought it was great.
I think it's fantastic.
It's like the only person he follows on Twitter is the NSA.
So that's kind of like an in-your-face type of behavior there.
But yeah, I kind of chuckled.
I'm actually curious of what security precautions he's taking to access Twitter.
art bell
Who knows?
I mean, they know he's in Russia.
I'm sure they probably know where he is anyway.
So if you were to give Ed Snowden any advice, what would you advise him in his current position?
kevin mitnick
Oh, I would definitely advise Ed Snowden that it would probably be a serious mistake to come back to the United States.
I think if he did, no matter what the U.S. government would promise him, right, that they would actually put him in the ADX Florence, which is a, it's like the most secure federal prison in Florence, Colorado, and he would sit there, you know, in solitary confinement for the rest of his life.
I wouldn't trust that they would really make any real deal with him.
I think they would actually lie to him to get him back to the U.S. unless he had access to some information that the government doesn't want made public that he could use as leverage.
Otherwise, I don't see any leverage he really has in that regard.
So I think if he's captured or voluntarily returns back to the United States, I can't really imagine that he wouldn't be locked up in a, again, an ADX Florence for a very long time.
unidentified
All right.
art bell
Well, you understand that.
kevin mitnick
That's my opinion.
art bell
You understand that half the country thinks he's a hero.
Half the country thinks he is a spy or not spy, a spy is a wrong word, a criminal.
Right?
unidentified
Yeah.
kevin mitnick
Public opinion doesn't matter with respect to Snowden because even in my case, they have this big free Kevin campaign about all the crazy things that were happening in my case.
And it didn't, I mean, it raised awareness with the public, but the courts don't care.
The U.S. Department of Justice doesn't care.
But it would be nice if he can come back into the United States and they could pardon him, grant him a presidential pardon.
That would be nice.
But I can't imagine that the Department of Justice would simply just cut him a deal.
That would be reasonable.
unidentified
Yeah.
art bell
Yeah.
How do you view him?
kevin mitnick
Well, I'm actually happy about, you know, I view him as a hero, that he was, you know, exposed, that the intelligence agencies in the United States were eavesdropping on us without a court order, without a warrant, and basically analyzing all communications.
I don't think, though, he should have revealed our operations against foreign governments.
I think he should have kept that secret and kept it to himself.
But I don't view him as a traitor.
I view him more as a whistleblower hero type than anything else.
art bell
Okay.
Well, then about half the country agrees with you, and the other half violently not so.
And so overall, your advice is, Ed, stay out of the country.
Well, that'd be Canadian advice.
kevin mitnick
I think so.
I mean, I kind of seen how the government works firsthand, you know, dealing with them for a number of years.
And I wouldn't trust it, you know.
And, you know, I think, you know, because of the information that, you know, he exposed that they would probably do any – The president of Bolivia was flying through European airspace, I don't know if it was a year ago or I don't remember the exact date.
And they forced him to land in Austria just because they thought Snowden was on the plane.
art bell
Yeah, yeah, I remember that.
kevin mitnick
So don't you think that's indicative that the U.S. government would go to great lengths to get him?
art bell
Probably lucky that plane didn't get shot down.
kevin mitnick
Yeah, well, that would have been a pretty big horror if it did.
So, yeah, I don't think they would have gone that far.
art bell
Well, there's no shortage of horrors going on, that's for sure.
I'm worried about the whole world right now, frankly.
All right, we're going to take a break.
I might have a question or two more, and then I would like to take some calls.
Are you up for that?
kevin mitnick
I'm up for it.
unidentified
Good.
art bell
Then stay right there.
unidentified
My guest is Kevin Mitnick.
art bell
And he's been a bad boy, and now he's a good boy, and acts only for the Lord.
I'm Art Bell, and this is Midnight in the Desert.
unidentified
Midnight in the Desert.
Midnight in the Desert.
Probably part of the Dark Matter Digital Network.
This is Midnight in the Desert with your host, Art Bell.
Now, here's Art.
art bell
Here I am.
And my guest is Kevin Mitnick.
Now, if you would like to speak to Kevin, if you've got a question for Kevin about perhaps your computer privacy, or maybe you've got a question about, I don't know, just about your computer, or if you've got a company, maybe you would like to hire Kevin to try and Break in.
I mean, that is what they do after all, and that is what Kevin does now.
He's on the right side of the law, and he identifies vulnerabilities, you know, in people's business systems, and this is their livelihood, so it's very, very important stuff.
If you would like to call, our public number is one Area Code 952-225-5278.
I'll give that to you again.
Area code 952-225-5278.
Now, there is another way to call.
It's called Skype.
If you have, I don't know, an iPhone, an Android, whatever, a pad, put Skype on it.
And once you've done that, oh, it's so easy.
Go to add a contact, little plus sign in Skype, and add us.
If you're in North America, America or Canada, add M-I-T-D 51, M-I-T-D 51.
If you are outside of the United States, we can accommodate you as well.
It's MITD55 or Midnight in the Desert, M-I-T-D55.
All right, here once again is Kevin.
And Kevin, before we take calls, I do want to ask this.
Is it safe and are you hidden sufficiently if you use what's called a proxy?
kevin mitnick
No.
art bell
No?
kevin mitnick
No, because the service you're using, the proxy service, they have your IP address.
Now, if you could connect to the initial connection to the internet per se, if you could conceal or disconnect that IP address from being associated with you, for example, by using a neighbor's Wi-Fi access point, then it probably is a lot safer.
But if you just simply use a proxy, it's not going to really law enforcement could subpoena the logs and find out where you are.
The same thing is with VPN.
I hear a lot about VPN providers that say, we keep no logs.
Even if we're subpoenaed by federal law enforcement agencies, we can't tell them anything about you.
I think that's 100% BS because working in the IT industry, you always need to have logs when you're troubleshooting problems.
And I can't imagine that these big-name VPN providers actually really turn it off.
So again, to really get a good level of privacy, you might think about, well, getting a burner device, like a cell phone or a burner wireless access point, and then not using that near your normal home or work if you really want to maintain your anonymity.
But then how do you go about buying it?
Do you walk into Verizon or T-Mobile and go buy that device?
No, because you're on camera.
You have to actually think about every step of the way.
Do you use Uber to go over to Walmart to buy it?
No, because your movements are tracked.
Do you use a rent-a-car?
No, because they have GPS.
So you have to really think about how are you getting the device you're using?
Is it truly a safe way of obtaining it?
Or is it really traceable?
And then where do you actually use that device?
And talking about a device to connect to the internet, like a prepaid wireless phone or a prepaid hotbot.
How do you acquire it and where do you use it from?
And then how do you use it?
Do you access, like if you're doing stuff, you want to maintain your anonymity, are you crossing that with the stuff that you're doing in real life, like checking your email, checking your Twitter account, going onto Facebook?
And there's so many ways people could make a mistake and get caught up and their real identity be identified, you know, their real identity be explained.
art bell
All right, very quickly.
Your favorite operating system, would you prefer Mac, Linux, or Windows?
kevin mitnick
VMS.
art bell
Really?
kevin mitnick
VMS is an operating system made by DEC that I actually got the source code for.
But that used to be my favorite.
I like Linux-based operating systems.
I like Ubuntu.
I like Gen2.
I like OSX.
I like Macs.
But I use them all.
art bell
All right.
All right.
Phones.
Android, iOS, or Windows phone?
kevin mitnick
I like iOS.
I like iPhones.
art bell
You really do?
You like iPhones?
Yeah, I do.
Me too.
kevin mitnick
I prefer iOS.
Windows are actually more secure than Androids.
You're hearing about vulnerabilities identified in Android all the time.
Then again, you hear about jailbreaks, jailbreaks that are identified in iOS.
So both operating systems have their share of security vulnerabilities, but I do like the iOS model better.
For example, if I'm installing an app, and an Android will ask you, do you want to give this app all these permissions?
And then once you do it, it never asks you again.
When you do that with an iPhone or an iPad, every time you're doing that function, like it wants your location, it's going to ask for your permission every time.
art bell
Now, Android is running some sort of anti-Apple ads showing that Apple Pay seems not to work.
You know, the person is swiping around and they can't get it to work, whereas Android just pays it off, boom, like that.
Are you a fan, number one, of these pay systems?
Are they fairly secure, more secure than a credit card, for example?
And number two, is it really true that Apple's pay system is having a problem?
kevin mitnick
Well, I haven't actually used Apple Pay personally, but I've read documents on it, and it seems reasonably secure of how they use their protocol, if you will.
But I actually haven't tried to attack Apple Pay yet.
And I'm curious of whether there's room to do, if they tokenize the information so you're predatory number.
art bell
Did you say use Apple Pay or attack Apple Pay?
kevin mitnick
Attack.
I haven't tried attacking it as part of a security task.
art bell
I see.
kevin mitnick
So I'm not sure personally whether or not of any vulnerabilities in Apple Pay to date.
unidentified
Okay.
art bell
You do good work for companies, right?
That is what you do.
And I want to give you a chance to promote that.
You have this ghost team, right, that claims to have a 100% success rate of being able to penetrate any system using technology and any social engineering.
You can use technology and social engineering.
You can get into any system out there.
How can it be 100%?
kevin mitnick
Well, basically, there's different types of security tests that companies have us do.
There's network testing to look at what network services they're exposing to the Internet that could possibly be attacked.
A company could have web applications like when you log on to Bank of America, for example, you're using a web application.
So there's different types of security issues.
When clients allow us to use social engineering, that means when we could try manipulating the humans that actually operate the computers and con them into doing something or exploit them that way, our success rate's 100%.
And it has been since we started with the company.
Now, mind you, if a client wants us to test a web app, we don't have 100% success rate at compromising a web app.
We have a high success rate.
But always when we're allowed to use social engineering, we always get it.
Because all we have to do is find one person.
art bell
Describe in detail, well, not that much detail, but as much as you can.
If you were given permission, let's say a large company, to go after them with social engineering, how would you do it?
kevin mitnick
Well, basically, what I had to do is first get a target list.
Who in the company would I be targeting with this attack?
I might move over to LinkedIn.
A lot of business people use LinkedIn, the social network, LinkedIn, and you can kind of identify the individuals that work at companies, their titles and positions.
You could use Salesforce has data.com, which gives you another way of getting that type of information.
So you're basically kind of building your target list.
And then what I would do is look at, well, what does this business do?
Who are their customers?
Who are their suppliers?
Who are their partners?
And then come up with an attack, come up with a situation that I would manufacture to get somebody on the inside to comply with a request, for example, to open up.
Imagine that I'm a new client or that I'm going to hire a law firm, for example.
The law firm is the target.
And I know that the attorney will want to read some documents about the issue or about the case.
What if I could send a booby-trapped PDF file to a partner at the law firm?
And as soon as they open up that PDF file, it exploits a problem with Adobe Acrobat.
And then I have full access to that lawyer's system.
So that's like one simple way that social engineering could be used to attack a system.
unidentified
Okay.
art bell
But you do admit that just doing it with computers and trying to make it through firewalls does not always work.
kevin mitnick
Say that again, Nerd?
art bell
Just using computers and trying to make your way through firewalls does not always work.
kevin mitnick
Does not always work.
But when we're testing web applications, you know, companies have web applications that are facing the internet.
art bell
Sure.
kevin mitnick
Our success rate is in the very high 90s.
But if somebody is saying, hey, test our wireless network and they've deployed it properly, they're using proper security technologies, then we might not get in.
Or if they're having us look at what network services are being exposed by their servers to the internet, if they're not exposing certain types of applications, if you will, that we could possibly exploit, then we're not going to get in.
art bell
All right.
I want to take a few calls here, if I can.
If they want to get in touch with you for work, how do they do that?
kevin mitnick
They can go to our website.
It's MITNIC Security.
That's M-I-T-N-I-C-Ksecurity.com.
unidentified
Okay.
All right.
art bell
Let's go to a quick guy on Skype.
Hello.
Oh, hey there, Art.
unidentified
How am I sounding?
art bell
How am I sounding all right?
unidentified
All right.
Much appreciated for the guests tonight.
It's really a pleasure to ask Kevin some questions.
Awesome program tonight.
art bell
Thank you.
unidentified
I wanted to ask Kevin one or two quick questions.
I have a bit of a background in computers, mainly due to my father.
He got MCSE certified in the early 90s, Cisco certification and all that.
And I kind of kick him in the butt now and again for not getting me more into it because I'm on my computer more or less far more than I should be.
I have a typing WPM of like 120 words a minute plus.
And I've always wanted to know where I can start amateurly without spending $10,000, $15,000, $20,000 a year on a university degree.
Where are you grabbing your network security guys, your server security guys?
How can somebody who has the drive, has the will, and wants to get into this sort of thing, where do they start?
kevin mitnick
Well, you know, what we actually look for is when people are interested in working with security is what's their experience, like for example, as a developer?
Like if we're looking for somebody that's going to assess the security of web applications, what's their development experience and what technologies, .NET, Java, what background do they have in systems and network administration and working as a DBA, actually working as a full-time job, but actually have knowledge in these areas of how things work.
And then looking to, there's a lot of universities that offer security degrees.
I know you already said you're not interested in going the university route.
I'm kind of self-taught myself from being a hacker back in the day.
But there's lots of good resources out there on the Internet you might want to look at.
There's a lot of, I remember there was some best-selling book on beginning penetration testing on Amazon.
I didn't actually look at the book myself, but I actually looked at the reviews, and the reviews were pretty high.
You might want to consider looking at that and downloading tools like Metasploit.
Metasploit is a very common penetration testing framework, if you will.
And becoming familiar with a lot of the tools like Metasploit and Nmap and kind of going around to different sites on the internet and learning a lot about security and looking at what tools and what techniques and processes you go through to actually test security controls on various operating systems, devices, and so on and so forth.
art bell
Either all of that color or if you want to impress Kevin, spend a year in your bathroom without coming out.
unidentified
All right.
Well, fair enough.
One other quick question, if I may.
Do you happen to have any of this sort of information, these recommendations, listed anywhere online, or would it be all right if I went through your company and sent an email asking for such recommendations?
That'd be really appreciated.
kevin mitnick
Yeah, just do an email.
There's also some courses you can take.
There's Offensive Security.
I think their URL is offensive-security.com.
I haven't taken the courses personally, but I have some friends that are security experts that have and say that they're very well done.
So you might want to look at taking some of these online courses that help you get familiar with how to, for example, doing an external perimeter test against a network, trying to learn more about how to exploit wireless networks or applications.
So there's definitely a lot of resources out there.
There's even a website that has a lot of videos.
unidentified
He can hear YouTube.
art bell
Yeah, he can send you an email.
So that's easy.
And when you're done with this, Kevin, you might want to run a jitter test on that line you're on, because I'm telling you, you're dropping packets.
kevin mitnick
Well, it's a hotel.
I know.
art bell
I'm just saying.
On the phone, you're on the air with Kevin Mintnick.
Hello.
unidentified
Hi.
First of all, Art.
You've been in the background on soundtrack for many years of late-night hacking spree, so thank you for coming back.
We used to hang out in the same circles.
I have a question for you regarding the novel attack against Sutomo Shimamura.
Did you come up with that approach or did someone else provide that exploit for you?
kevin mitnick
No, we were actually, I was working with this guy, JSZ.
It's actually detailed in Ghost in the Wires.
And we were talking about this method of exploitation.
And JSZ and I think two other individuals actually coded the attack.
I didn't actually code it, but I was discussing it and discussing the technique prior to the implementation of the code because we were trying to compromise Shimon Morris.
unidentified
And it may go down in history as one of the greatest attacks of all time.
Thank you.
art bell
You're very welcome.
kevin mitnick
You're welcome.
art bell
Does your chest puff out a little when you hear that?
One of the greatest security attacks of all time?
kevin mitnick
I don't really believe that.
I think there was a newer attack called Heartbleed, which I think was much better.
But anyway.
art bell
Well, I know, but he said it.
kevin mitnick
But we were like in discussions.
We were talking about techniques that could be used.
It wasn't like, you know, I didn't code the attack.
It was another group of people.
And it worked quite well, and it was quite novel for the time.
art bell
All right.
Kenny on Skype.
unidentified
Hi.
Hello.
This is Carly, his wife.
Okay, Kylie.
His account.
Okay.
I had a quick question.
I'm actually a bachelor's degree in cybersecurity.
And I was curious as to emerging areas in the field that you're interested in you think that are really good to kind of focus on as a new graduate.
kevin mitnick
Hmm, that's quite interesting.
Well, you know, I prefer, I like the area of security testing.
That's kind of what I focus on.
But I mean, there's different areas of security like doing forensics, you know, security implementation, you know, working with, you know, being a sales engineer, you know, for a company that's selling security products or actually building products.
I mean, there's so many areas of information security that, you know, what is your interest?
What do you like to do?
And give me some more information about that.
unidentified
I have a pretty wide background in the field of security, and I actually was just interested in areas of emerging software or companies that you feel have the biggest area for potential growth.
kevin mitnick
Well, again, potential growth, I always look at companies that have recently IPO'd.
And I'm trying to think, I don't really want to mention the names of companies, to be honest with you, on the air.
But one area that you might want to consider research in or focusing on, and it's a problem that hasn't been solved, is the problem of malware.
Pretty much it's not hard for any reasonable skilled attacker to bypass any of the antivirus products that are out on the market.
And some of the other products that have spun up by other companies could be bypassed as well.
So there hasn't been a solve yet to solve the issue of malware.
So that might be some area that you might be interested in focusing on that's still emerging.
Well, at least companies are trying to figure out ways to solve the problem.
art bell
I'm all for that.
unidentified
And is that already if I ask one more question?
Yes.
Okay.
I was wondering for your actual security system of choice, why you prefer that one the most out of all the other ones like Linux and all the popular ones, obviously.
kevin mitnick
Hey, wait, why do I prefer what now?
What security?
I never said I preferred any security system of choice.
Did You join the operating system?
art bell
Yes.
kevin mitnick
Oh, I said DMS because that was my favorite system to hack back in the day, so it was kind of a joke.
unidentified
I was like, okay.
All right.
And you mentioned PGP as being a secure way of actually communicating.
And I was just curious as to why, because in my 101 classes, they were mentioning that was already hackable back in 2005.
kevin mitnick
Well, I don't know anybody that's broken RS...
You know, the...
I don't know anyone that's broken PGP.
And I'd like...
If you could send me...
No, the PGP hasn't been broken.
Now, there's ways to steal keys by getting malware on some target machine and stealing the keys and stealing the keyring, of course.
There's those types of attacks, but PGP hasn't been broken per se if you just intercept the encrypted material.
art bell
All right, going to the phones.
Hello, you're on the air with Kevin.
unidentified
Hi, Art.
Hi, Kevin.
A couple of areas of interest.
One is with the shift from analog to digital telephony, how has that expanded or contracted phone freaking?
And the other thing is there's concern about smart TVs snooping on people.
And the governor here in California recently signed legislation concerning that.
But I'm thinking that might not be a bad thing because given the state of TV programming these days, it might be more entertained by me than I'm being entertained by it.
art bell
Yeah, there is that.
unidentified
So anyway, but the digital versus analog and phone freaking and also how does smart TV snoop on us?
kevin mitnick
All right.
Well, let's start with the phone freaking stuff.
Well, you know, back in the day when we're dealing with analog, we could use multi-frequency tones because it was in-band signaling per se and monkey with the phone network.
Today, that's all changed.
Now it's out-of-band signaling.
In fact, nowadays, anyone could go to the Apple App Store and download a Blue Box app, which would have been a felony to have back in the probably the 80s or the 90s.
As far as the smart TV stuff, that's definitely concerning from a privacy perspective.
There's already been hacks that I heard about about people that have the built-in webcam on their television about being able to enable that webcam and get access, obviously, to spy on somebody if they're on the same local network as the TV is on.
But also, a lot of this new technology, this new emerging technology, actually allows you to wake it up by speaking to it, like some of the gaming systems.
So you could actually talk to it, and it will wake up when you talk.
And then you have to wonder, where's that, what you're saying, that audio, where's that being sent?
Is it being sent to Microsoft?
Does Microsoft basically store that information somewhere, even though you're not actually commanding the actual device, but you have some device in your home that's actually intercepting your audio and passing it to some third party?
That's kind of scary.
unidentified
Well, I'm in trouble now because I've been talking back to my TV for years.
I better watch out.
art bell
All right, caller.
Thank you.
So I've got a question based on the last caller.
The last caller was on a cell phone.
And Kevin, he sounded like he was on a cell phone.
How long and when is it going to take, what is it going to take, for cell companies to begin to devote just a little more bandwidth so they don't sound like Bigfoot scat?
I mean, really, it's got to get better because it can't get worse.
kevin mitnick
Yeah, in fact, I remember that my friends, you know, Steve Wozniak, right when they had digital and analog devices, you know, still had analog, he always used analog phones because they sounded much better.
art bell
Same here.
kevin mitnick
Yes, exactly.
And now that we're in the digital world, we're kind of stuck with whatever provider that we're still going with.
art bell
Yes and no.
I mean, they've eventually got to move more toward the pin drop era.
And right now, you could drop a hammer and you might only hear it as a little distortion on a cell phone.
kevin mitnick
Yeah.
Yeah.
Well, I have no idea of when these cellular providers are going to actually improve the quality of their voice calls.
art bell
Well, the first one that does will get my business.
I'll tell you that.
I've heard T-Mobile was making a few moves in the bandwidth era.
kevin mitnick
I haven't kept my ear close to the ground on that issue.
I just figured when it happens, I'll be happy.
And until it does, you know, I'm just stuck using AT ⁇ T, unfortunately.
art bell
Well, me too.
But when it does happen, you'll hear it.
Mike on Skype, you're on here.
unidentified
Thanks for taking my call, Ark.
kevin mitnick
You bet.
unidentified
Two quick questions.
One is, I keep my passwords in a file and I cut and paste them in instead of typing them in.
Will that help with key loggers?
kevin mitnick
Well, I mean, if some attacker has a key logger on your system, they obviously could do much more than just simply key logging.
So they could probably just open up the file.
I think it's a bad idea to simply have an Excel spreadsheet or a text file and cut and paste.
Let me finish.
The other issue is I think it's much better rather than you choosing your own passwords that you use a password manager.
There's free ones like KeyPass and PasswordSafe, for example.
And that way you randomly generate passwords for all the different sites that you're visiting, for example, and then you protect that with a master password.
But again, if there's malware that ends up on your machine, the attacker could steal the database, keylog your master password, and it's game over.
So there you go.
unidentified
Well, thank you.
The second question is: Has anybody, either maliciously or trying to impress you, tried to hack you or your company?
kevin mitnick
I always get that question.
Well, they actually successfully hacked our web server that was managed by a third-party company.
Back in the day, we were paying like 50 bucks a month to this third-party company where we hosted our web server, and it was completely separate from our network.
And we didn't even have root administrative access to the web server.
We were able to upload and download files through FTP.
And this third-party company kept getting compromised.
And I think one of the reasons they kept getting compromised is because they handled our web server.
So after dealing with that a couple times, what we decided to do is we moved over to Firehost, which is now called Armour.
And they've done a really stellar job at making sure at least they're not going to get hacked, so we end up getting hacked after.
unidentified
Well, thank you very much, and glad to have you back, Art.
art bell
Thank you very much, and thank you for the call.
I'm thinking of going backwards.
Maybe technology has advanced so far that I need to begin using Netscape.
unidentified
Nobody will know how to hack that anymore.
kevin mitnick
Well, that's Firefox nowadays, right?
So that's not going to help you.
I think the Firefox browser is one of the most vulnerable browsers out there.
In fact, the NSA has these Fox Acid servers that they try to redirect you as their target.
art bell
Oh.
kevin mitnick
And it exploits vulnerabilities in Firefox to drop malicious software onto your system to monitor you.
art bell
Okay.
unidentified
All right.
art bell
Hold on, Kevin.
We're at a breakpoint, and we'll do one more segment.
Kevin Midnick is my guest.
unidentified
And we're...
Get a shiver in the dark.
It's raining in the fog.
Meantime.
art bell
Hope he's okay.
unidentified
This is midnight.
I love the river.
You stop and you hold everything.
He has some candy.
It's taste is on my mind.
Girl, you got me birthday another cup of wine.
Midnight in the desert doesn't screen calls.
We trust you, but remember, the NSA, well, you know.
To call the show, please dial 1-952-225-5278.
That's 1-952-CALLART.
Had to do that again, you know, honor of Kevin being here.
art bell
Kevin Midnick is my guest.
You're welcome to join us via phone line, standard or otherwise.
And, of course, on Skype.
Remember, we are MITD51 in North America, MITD55 out there in the rest of the world.
And here once again is Kevin.
And one more thing I want to bring up with you before we proceed, and that is this.
I have noticed, Kevin, that my bank, which I won't name, and my credit card company, which I also won't name, both have astoundingly good algorithms in place.
And in each case where I've had a problem lately, they have caught it bam, like that.
I mean, their computer algorithms must be so, so good because they know if that's me or somebody else doing it either by geolocation or by my buying habits or whatever it is, each time the bank or the credit card company has caught it, boom, like that.
Any comments?
kevin mitnick
I guess you've been lucky because in some cases the banks don't catch it.
art bell
Well, yeah.
kevin mitnick
Right.
And in your case, I guess, again, it's luck.
I hear myself echoing back.
art bell
Well, I didn't do anything different.
kevin mitnick
Okay, that's weird.
I hear myself talking in the background.
Anyway, when I think about financial security, people that want to protect their bank accounts from getting hacked, I think a very simple solution, people will spend $100 a year for their antivirus software.
Imagine if you just double it.
You just go buy a Google Chromebook and you use the Google Chromebook, you use the browser in what they call guest mode, so it doesn't save anything on the Chromebook.
And you only use that to log on to your credit card company, log on to your bank account, log on to your brokerage account at Morgan Stanley or Schwab, and you never keep any passwords, of course, on the computer you use for everyday use.
That's going to really make it really difficult for somebody to compromise you.
unidentified
Okay.
art bell
I assume you probably went back to your headset and your problem went away.
unidentified
Oh, yeah.
kevin mitnick
I'm back.
art bell
Jeff on Skype, you're on the air.
unidentified
Hey, great show, as always.
And Kevin, it's good talking to you.
So I'm a CISSP IT security professional.
Got a source fire certifications and blah, blah, blah, all that stuff.
Been doing it for a while.
And one thing that I'm noticing, well, first of all, one of my specialties is definitely penetration testing for internal organizations that I work for.
And ironically, I like magic too, which is really cool.
One of the things that I've noticed here that seems to be trending, Gardner put out a study here a while back about bimodal application development.
And of course, everybody who's anybody is using agile type management to where they're creating code and just dumping it in.
And I'll tell you, I will put out study after study, report after report, looking for internal vulnerabilities, external vulnerabilities in company systems, and they're paying big money for that stuff.
However, what I find out is this newer trend, it seems newer to me, in taking an offshoring, especially web app code, and they're having this stuff done like by India and resources and whatnot.
And I find out that companies seem to be pretty lax about giving some company that they don't even know the people who are working there access directly into their systems to write, test, debug, and produce this code.
And then, of course, the company puts it in production and they're saying, okay, well, it's good and it's safe.
I just seem to have a lot of concerns.
It makes me really nervous.
And I've seen a lot of companies do that.
I just wanted to get your thoughts on that.
Okay.
art bell
Kevin?
kevin mitnick
Can you hear me?
unidentified
Yeah.
kevin mitnick
Okay, great.
No, I completely agree with what you're saying, that you definitely should be concerned about where you're outsourcing your development.
But more importantly, no matter if it's India, China, or Indonesia, it doesn't matter as long as you're going through some processes that's actually going, you know, somebody, some team that's quite knowledgeable is going to actually analyze the code and look for potential security vulnerabilities in the code before it's actually deployed.
And what you just mentioned, that seemed to be a huge missing step in the process that basically web app has developed and deployed, and that's it.
But there needs to be some sort of security development lifecycle there of where any code, even updates to existing code, goes through some processes where that code is evaluated by security knowledgeable people to try to mitigate the chances that they're going to obviously introduce newer vulnerabilities.
unidentified
Sure.
art bell
Okay, quickly to the phones.
You're on the air with Kevin.
Hello on the phone.
Hendersonville somewhere.
Hello.
Going once, going twice.
Sorry about that.
You waited a long time.
Winnipeg, Manitoba, I think.
Hello.
unidentified
Hello, how are you?
Fine.
We'll just call me Root User.
Okay, anyways.
art bell
A user.
kevin mitnick
Root user.
art bell
Yeah, okay.
unidentified
Anyways, our great intro to the show with the Tommy Chong Easter eggsploit.
That was awesome.
art bell
Yes.
unidentified
Had to remark about that.
But anyways, I have a quick question for Mr. Mitnick about a system I'm currently repairing, working on right now.
It's a laptop.
And it was injected with probably a really, really technical source code.
And I was wondering your thoughts.
When you try to use it, apparently he's got something wrong.
art bell
All right, you're going to have to send us $29.95, and we're going to fix you right up.
And what's the problem, actually?
unidentified
Okay, well, when you try to put in the super user password, right, because I have elevated it, right?
Because the operating system wasn't a Linux-based operating system at the time.
So when you put in the super user password, when it's plugged in, it just fails and fails and fails.
You put it on battery, and then it'll go in the first time you put in the password.
Could that be a power grid type of attack?
kevin mitnick
I never heard of such a crazy thing.
I haven't either.
Yeah, it sounds like you have a unique issue.
And so wait a second.
You didn't even identify the operating system that you're running with.
Yeah, so I think with this caller, it's like a very weird call.
art bell
Well, you send us $29.95.
unidentified
Yeah.
The second question I have.
art bell
Well, you didn't answer the first one.
What operating system is it?
unidentified
Oh, okay.
Originally, when I believed that it got injected, it was Windows 7.
kevin mitnick
What do you mean injected?
art bell
Yeah, injected.
What does that mean?
unidentified
Well, like, when it got infected.
art bell
Oh, it's infected.
Very different than injected.
unidentified
It could have been SQL injected somehow or you know what I mean?
But like, infected, we'll say.
I'm like, trying to find the root of.
kevin mitnick
What makes you think that somebody used a SQL injection to compromise your Windows 7 laptop?
I think you said you had.
unidentified
I don't, but I just thought it was a power.
Because when you take it off of power and put it in on battery.
art bell
It feels obvious to me, sir, that it's coming through the power line.
kevin mitnick
It's a UFO.
art bell
It's an injected thing through the power line.
I don't think we can solve your problem, sir.
I appreciate it.
kevin mitnick
And I doubt anyone who used SQL injection on your laptop.
art bell
Bill on Skype, hello.
unidentified
Yeah, hello.
art bell
Can you hear me?
I hear you.
Great.
Although you're very far from your microphone, so if you would get close to whatever injects the audio into your computer, it would be better.
unidentified
Okay, how about that?
Way better?
art bell
Oh, way better, yes.
unidentified
Okay, I use Fedora.
I'm on Fedora 21.
It's the free version of Red Hat software.
Okay.
All right.
Now, they use what's called SE Linux.
kevin mitnick
Right.
unidentified
Which is a secure Linux.
kevin mitnick
Correct.
unidentified
Could you give us some input on that, the security measures or, you know, whatever?
That's all I had.
art bell
Okay, so you're just asking if this Linux you have is secure.
kevin mitnick
Well, yeah, it sounds like he's considering moving from Fedora to SE Linux.
I think that's your concern, it's more of a hardened OS.
So I'd recommend if you're definitely look at SE Linux.
And if you're interested in looking at the different features or pros and cons of it, you can just use Google.
art bell
Okay.
Let's go to Kurt.
Kurt, hello.
unidentified
Hey, Art, how are you doing?
It's Kurt in Tallison, Arizona.
art bell
Yes.
unidentified
I wanted to ask him, just today it was announced here in Phoenix that T-Mobile was hacked, about a million customers, all their information, everything about everybody.
art bell
Is there a way that he can trace back to who did that with his forensic work?
unidentified
Yeah.
kevin mitnick
Well, I couldn't tell you.
It's called an incident response.
So when a client gets compromised, they'll hire us to do an incident response.
And in some cases, you can't find who the attacker is because it's so easy to make it look like it's coming from anywhere in the world.
Or imagine you have the attacker who compromises one company system and then uses that as a jumping-off point to attack a second company.
So it all depends.
It depends on a lot of factors.
And I can't really say yes or no to whether I could actually trace back who hacked into CBS.
art bell
If they were really good, probably not.
unidentified
All right.
kevin mitnick
Probably not.
I mean, they just could have used a neighbor's wireless access point, for example.
It really depends on the sophistication of the people doing it.
But then again, people make stupid mistakes.
Like apparently, I read in the news today that the CTO of Uber's, you know, their major, their competitor had hacked into Uber from his home, and they were able to trace back the IP address, which I thought was, I thought that was like pretty insane for somebody.
Rule number one, like a fight club, or rule number one of hacking is you never do it from home or work.
I guess rule number one of fight club, because you don't talk about fight club, but with the hacking, you know, if anyone is going to do this from work or home, that's pretty careless behavior.
So this guy who recently allegedly hacked into Uber has indeed done it from home.
So I was surprised.
art bell
All right.
To the phones and Clearwater, Florida, probably.
unidentified
My name is Stan, and I'm interested in knowing if he could tell me if Snort is effective in deterring any type of infection, or what would he recommend?
kevin mitnick
Well, Snort is good for, you know, basically Snort is like an intrusion detection system.
You know, it's essentially free, I believe, open source.
And it basically is a signature-based system.
So basically, if you're running SNORT on a network, you could detect when any of the signatures that are currently being used are triggered as some sort of attack.
But that's not going to really problem.
unidentified
One problem is that I try to get information from all types of sources.
And say, for instance, like Geek Squad tells me that you have to go out and try to find the tech, and you're not going to be able to do that, they tell me.
Who would I be able to find?
kevin mitnick
What are you trying to do?
What are you trying to accomplish?
art bell
All right, what are you trying to do, Caller?
unidentified
Properly install the software so I could use it.
kevin mitnick
What software?
Snort?
unidentified
Snort software.
kevin mitnick
Well, I can't walk you through how to installing Snort is actually quite easy.
I mean, if you're running a Linux-based operating system, you could just, well, depending on which one, you could use Apt, Aptitude, or YAM, right, to install it.
But then you have to configure it, and you have to configure the different rule sets to detect certain attack signatures that might end up being used over your network.
art bell
Either that or get a razor blade, lay it out, use a $100 bill.
kevin mitnick
Yeah, it's kind of a complex question for this type of issue.
art bell
Yeah, it obviously is.
Hello there on the phone.
You're on with Kevin.
Hello?
Yes, there you are.
kevin mitnick
Yes.
unidentified
Mr. Mill, Mr. Minnick, I was just curious if you were familiar with any of James Bamford's work, particularly the Shadow Factory.
And they have their, at least they used to have their yearly trade show at Crystal City by Fort Meade.
art bell
Do you have any idea what he's speaking about, Kevin?
kevin mitnick
Yeah, well, James, about Bamford is an author of, well, I remember he authored Puzzle Palace.
And I'm not familiar with any new works that he's done, but he's asking something about Bamford, and I'm unclear what he's trying to say.
art bell
Well, that was my perfect example of what a cell phone sounds like.
Probably in a marginal coverage area, but nevertheless, that's what it sounds like.
And that is, and has been one of my major complaints now for years.
They're going to get better.
kevin mitnick
Well, maybe they'll move back to AMPS or NAMPs, go back to analog.
art bell
No, they're not going to go back to analog.
They can allocate more bandwidth, and they can make it sound much better.
I mean, if Skype can sound as good as it sounds, you're not going to tell me that there's not a way for the cell phones to sound better.
It's just that they're trying to squeeze a bazillion of us in a very tiny little pipe.
Is that fair?
kevin mitnick
Yeah, no, I agree with you.
art bell
All right.
Hello there.
unidentified
You're on the air with Kevin Mitnick.
Hello, Art, and hello, Kevin.
Kevin, could you talk about the fun times you used to have on 435?
It was a radio repeater, your ham radio days, and you used to shut off.
How you used to shut up.
art bell
Yeah, I know all about 435, Southern California, yes.
kevin mitnick
Yeah, so the Renegade repeater.
Yeah, I remember the good old days.
You know, back, God, I haven't been on 435 for, you know, for years.
art bell
Is it still raging, Color?
unidentified
Yes, it is.
It's in Southern California, obviously.
You know that, and we always have fun on here.
But Kevin, you should tell people that people used to dare you to shut their home phones off.
Oh, yeah, recently their phone would shut off.
kevin mitnick
Have you ever heard of Richard Burton art?
I mean, he was a pretty, you know, he was the only one that I think was prosecuted by the FCC.
Anyway, when I was during my younger years, me and Burton used to go at it.
And I think at one time I turned off his phone or something when I was like 15.
But anyway, that's a longer story.
art bell
Yes, you know, the FCC is beginning to shut down a bunch of field offices.
A lot of people are not all that happy about that fact.
And then of course there's others in Southern California that are happy.
kevin mitnick
I remember I had to do the code and everything, and now it's just so much easier.
art bell
It's surprising.
I know.
It's too easy.
Kevin, My friend, as always, thank you for being here.
It has been a pleasure.
And once again, you're going to have a new book, right?
kevin mitnick
Yeah, it's called The Art of Invisibility.
It hopefully will be out in under a year, and it's going to basically teach people that aren't so technically astute how to protect their communications, their email, their text messages, their voice calls, how to kind of get off the grid so your nosy neighbor, your significant other, your boss, your parents, or law enforcement or the NSA can't easily monitor your communications.
art bell
That's quite a group.
All right, my friend.
Thank you, and we'll do it again one day, of course.
kevin mitnick
Thank you for having me on your show, Arpur.
It's always a pleasure.
art bell
Kevin Midnick, take care.
A pleasure indeed.
That was a lot of fun.
All right.
Well, it's Thursday already.
So tomorrow is Open Lines.
If you have a special line that you think would be particular fun, you can email me.
The correct email address is Art Bell at KNYE.
That's kilowatt, Nancy, Yokohama, Easy.
Don't get this.
Most people get dyslexic and do it the wrong way.
So it's artbell at knye.com.
From the high desert to the world's time zones and all of you living within, good night.
Export Selection