All Episodes
Previous Next
Oct. 8, 2015 - Art Bell
02:22:08
Art Bell MITD - Kevin Mitnick Hacking
| Copy link to current segment

Time Text
From the high desert and the great American southwest, I bid you all good evening, good
morning, good afternoon, whatever the case may be, wherever you are, and welcome to Midnight
in the Desert, the program that covers every single time zone around the world, just like
a blanket.
you We keep it warm at night.
I guess we warm it up during the day over there too, right?
Anyway, welcome to the program.
We have two simple rules.
No bad language, and no using the restroom during the show.
Now, the second rule is actually only one call per show.
Those are just listener checks.
Alright, first thing I want to do tonight is correct my email.
I said last night that you could email me ideas for tomorrow night's Open Lines session, where anything goes.
And I mean ideas about, you know, what special line we could have that would be really fun.
And I gave you the wrong email address, so let me correct that tonight.
If you would like to email me a suggestion, That you think would be fun to explore with people on the air.
You know, just use as a special line.
I mean, it's going to be open lines, right?
But special lines are fun.
The correct email is artbell at k-n-y-e dot com.
That's kilowatt nancy yokohama easy.
artbell at k-n-y-e dot com.
Sorry about that.
I'm sure a lot of you had bounced emails.
All right.
I do want to give a little news here, because I'm afraid there is news.
It's never good.
Confronting insurmountable obstacles, he said.
The majority leader, Kevin McCarthy, suddenly withdrew from the contest for Speaker of the U.S.
House on Thursday, shocking everybody just before the vote and producing an ever deeper chaos for divided Congress said he we need a new face now people were looking at him in disbelief and you know nobody can know what happened on TV you know I watch a lot of political type shows right
And somebody would have handed him a slim 10x10, 10x11 manila envelope, and he would have opened it, his face would have blanched, and he would say, OK, I'm out.
That'd be how it would happen on TV.
I'm not saying that happened here.
But there was shock.
Russia continues to help us to death in Syria.
Clashes intensified sharply on Thursday between Syrian troops and insurgents in central and northwestern Syria.
Part of what a top general called a clearing operation near government strongholds on the coast.
This is really getting serious.
They fired 26 long-range missiles into Syria.
Well, actually, Four of them did not make it into Syria and exploded instead in Iran.
Turkey is getting involved.
Now, look, I don't want to scare anybody, but we did a show not long ago on nuclear war that I would recommend to you.
Go back in the archives.
If you're a time traveler and you can hear the older shows, it was, what, about a week ago or so?
We did a show on nuclear war.
What World War III would be like.
And again, I don't want to scare anybody.
But US and Russian jets are brushing wingtips up there.
So to speak.
That's metaphor.
They're not really brushing wings.
But you don't need to with modern jets.
You can shoot somebody down at 30 or 40 miles away.
This is really, really getting serious.
Allies are becoming involved.
Enemies more involved.
Big enemies even more involved.
Could it lead to World War Three well?
I have friends in high places.
Three-lettered places.
And they're beginning to worry.
And if they worry, we should worry.
I'm not saying that World War Three is right around the corner.
Yeah, but it could be.
This really is scary stuff.
You see Russia and the U.S.
beginning to mix it up in the skies, bombing different targets with different things in mind over the same country in the Middle East, or that area, and you just know it's going to be trouble.
When President Obama arrives in Oregon on Friday, he's going to find a timber town still in mourning over the shooting that killed eight community college students and teacher Butt.
He will also find a deeply held emotion, something like anger, seething over his calls for new gun restrictions.
People don't like that.
I don't like that.
We have the right to bear arms.
What's wrong, I will say it a million times, if I must, is it's a mental health problem, not a gun problem.
The President himself actually made a small reference to a mental health problem the other day, during his speech, the emotional speech, after the shooting.
Now this is shocking and interesting at the same time.
Dr. Alan Stern, you may have heard, sparked absolutely frenzied speculation that the space agency NASA was about to announce a groundbreaking discovery after saying scientists had found something amazing on the icy planet.
That's like saying something wonderful.
He also referred to the planet as alive during a speech to students.
And so everybody went berserk.
Even Richard last night was going, my God, what could it be?
What could it be?
He even was quoted as telling a meeting, NASA won't let me tell you what we're going to tell you on Thursday.
It's amazing!
But...
With so many NASA announcements, this one, there was huge disappointment when he took to the social media to squash all this, saying, well, he had no idea how the remarks had been misinterpreted using the handle, At New Horizons 2015 sent a series of tweets, in which he then retreated from his own personal account, debunking the idea, even the idea of an imminent announcement, much less something amazing.
He wrote, there is a false rumor going around, there's gonna be a big new Horizon Science announcement tomorrow, completely false.
Asked by a fellow user whether he had been misquoted, he replied, I have no idea how it was misinterpreted, but it was.
So that's one you gotta wonder about, too.
I mean, do you suppose That the torsion field was bearing down on him from above, and he decided he can't release the information?
I don't know.
Any more than I know about the speaker thing.
All right, so coming up after the break, we have somebody special tonight.
We have Kevin Knitnick.
Hacker extraordinaire.
Kevin is simply the world's most famous hacker.
Once one of the FBI's most wanted because, well, he hacked into 40 major corporations just for the challenge.
And they sent him to jail just for the challenge.
Kevin is now a trusted security consultant to the Fortune 500 and governments worldwide.
Kevin and the Global Ghost Team, how's that for a name, now maintain 100% successful track records in being able to penetrate the security of any system they're paid to hack into using a combination of technical exploits and social engineering.
And he will also be here in a moment to tell you how he and Tommy Chung alone, instead of the whole Chinese government, hacked successfully into Sony.
We'll tell you all about that.
Stay right where you are.
This is Midnight in the Desert.
I'm Art Bell.
We trust you.
But remember, the NSA... Well, you know.
To call the show, please dial 1-952-225-5278.
That's 1-952-CALL-ART.
By far and away my favorite.
Alright everybody, if you think you're ready, here comes the most famous hacker in the world, otherwise known as Kevin Mitnick.
Kevin, welcome to Midnight in the Desert.
Hey, it's great to be back on your show again, Art.
Yep, nice to have you.
So, how did you and Tommy do it?
I cannot confirm or deny anything.
Yeah, we'll talk about Sony later.
Alright, so you've got a long and somewhat sordid history behind you, and it always serves well at the beginning.
I mean, it's been how many years since we talked?
I don't know, a lot.
Wow, at least maybe four or five years.
At least.
That's when you were at Clear Channel.
I don't remember how long ago that was.
Oh, that was a long time ago.
That was more than that.
Time is compressing as you're getting older.
Uh, yep, that's true.
Maybe I'll have to create a new identity for myself and make myself younger.
Yeah, I actually, uh, you're good luck with that.
I, you know, I left there in about 2003, so that gives you some clue.
Oh, wow, I didn't realize it's been that long.
Well, it's great to be back on your show again.
I missed your shows on the air, so it's actually fantastic to have you back on.
Thank you, and it's kind of nice, because no matter where you are, whether you get a radio station locally or not, you can get us.
You know, we're on the internet worldwide.
All right, so your infamous background.
How you got started, how you got stopped.
Well, actually, like, how I got started with computer hacking was for my love of magic.
So, when I was a young boy, around 10 years old, I used to ride my bicycle over to the magic store, and I always wanted to know how the magicians, or it actually, well, they weren't magicians, they were kind of sales magicians, would actually do their magic tricks, right?
And I just loved doing this stuff and amazing my friends, and when I, I met, when I went to high, when I was in high school, I met this other kid in high school who could actually work magic with a telephone.
And he could do all these tricks, like he could get, you know, my unlisted number.
He could add what they called custom calling features to my phone.
And back in those days, it was like three-way calling, call waiting, call forwarding.
He could just do anything.
And I was just like, I was just, you know, wowed.
And I just wanted to learn how I can do what he did because it was so cool at the time.
And this was a, this was what they called phone freaking.
Right.
And this is kind of the predecessor to hacking.
And, you know, not only was I involved in this, but if you recall, Steve Jobs and Steve Wozniak, back in the mid-70s, were also involved in phone phreaking.
A little bit differently, they built these boxes called blue boxes.
Blue boxes, it's just a device that emits a certain frequency tones called multi-frequency.
And 2600 Hz was, you know, the initial tone that you would use before you used a blue box.
Actually, officer, it's just a blue box, officer.
That's all it is.
Yeah, that's all it is.
But maybe you could paint it a different color than, you know, evade the cops.
But anyway, so they... So Woz, you know, was the technical genius.
And there was this article in the 1971 issue of Esquire magazine And there was another gentleman named John Draper, who's known as Captain Crunch, was interviewed in this article and then was read it and, you know, and he learned, I think it was called Little Secrets of the Blue Box.
And then they wanted to build one, right?
Because it was so cool to be able, it wasn't making a free phone call that was so exciting.
It was actually being able to manipulate my bell and, you know, route a call, like for me to sit at a pay phone in Los Angeles, call the time in Australia.
Now, I've interviewed Draper a number of times, by the way.
Oh, you have?
Oh, sure, yeah.
He's actually living in Vegas now, if you'd believe that.
But, in any event, so... So are a lot of people absconding from the law.
Not that he is, but... Wait a second, I live there, too.
Well... But I'm not absconding.
You're further proving my point.
So, anyway...
So Woz was the technical guy behind this, and he actually learned from Draper.
Actually, Draper and Woz met, and he was able to actually build one of the boxes.
Woz actually showed it to me in 2000 when we did a documentary together called The History of Hacking.
And then Jobs had the idea, well, how can you build this box?
You know, I should notify you, buddy.
I'm sorry to interrupt, but you're dropping a packet every now and then.
That's the hotel I'm in.
I'm sorry.
That's all right.
I just thought I'd let you know.
Or somebody's hacking the connection.
There you go.
I'll speak slower.
So in any event, Jobs had the idea, hey, let's sell these at Berkeley's campus and make some money.
And that was the actual initial funding for the Apple I board.
So kind of Apple computers started from this, from dabbling and phone freaking, if you will.
So it's quite an interesting story.
In fact, there's going to be a new Steve Jobs movie, I think, out Friday here in the States.
Right.
So I'm excited to see it.
Oh, really?
Okay.
But in any event, so I was just, like, so fascinated with this phone-freaking stuff.
I just wanted to learn all about it.
I remember when I was a kid, I would go on these dumpster diving missions at the phone company, and what dumpster diving is, is when you're looking in the trash.
For discarded manuals and information and intercompany directories and I remember at one time we found a bag of trash, you know, a small little bag and somebody had gone to the trouble of ripping up this document and, you know, tiny bits of paper.
It must have taken them an hour or two.
And actually diving into a dumpster is kind of social engineering in your world, right?
Not really social engineering.
Social engineering is kind of more...
Manipulating a target, but we actually took these bits of paper and put it together at the local Winchell's Donut House in LA, and it was the entire username and password list to the system called Cosmos, and with Cosmos, you could actually, you know, create telephone service, or if you have, you could, you could basically do anything at the time, and it gave you all this power over the phone company.
Oh man, you must have been king for a while.
Yeah, yeah, for, yeah, for quite some time, you know, I think at least over a decade.
So I was so amazed with this, like, phone-freaking stuff that I just delved into this, even to the point where I would be staying up late, you know, talking to other people with similar interests, and I'd always be late for school.
Right.
I mean, so it kind of, like, overtook my life for a little bit.
And then I met this other kid in high school that knew about all the things I could do with the phone.
And I was also in the amateur radio at the time, so when I was like 13 years old, I passed my general test, and I was always fascinated with the ability to use a thing called an autopatch, and I know you know what that is.
I do, and we'll tell the audience, but Kevin, let me, I forgot to announce in my opening, This will be news for you and pretty warm news.
Are you still a ham?
Oh no, they took your ticket, huh?
No, no.
They went to take my ticket because of my hacking stuff.
Yes.
But I went to a hearing in DC.
It cost me like $20,000.
Right.
And, you know, a higher lawyer.
You got it back?
Yeah, they basically, they had a hearing to see if I was rehabilitated enough to have my amateur radio ticket back, and they gave it back.
So I still have it.
Unfortunately, I haven't had time to use it, but I still have the ticket.
All right, well, guess what?
It was announced today that the Heathkit company is back in business.
No way.
Way.
Serious?
Yeah, I'm serious.
Folks, they built kits for ham operators, kids, everybody, so you could learn about electronics.
And many of us have been mourning the passing of HeathKid now for a long, long time.
HeathKid is back in business.
So if you want to get your kid a kit and start him down the road toward electronics, and then, of course, illicit hacking like Kevin has done, not really.
Getting them into electronics.
Get a Heathkit.
Really, seriously.
Free advertising for Heathkit.
But there you go.
They announced it today.
Hey, you know Art, I built my first 2 meter handheld, 2 meter radio handheld.
It was a Heathkit.
There you go.
That I bought from this place called Henry Radio, if you remember them in L.A.
They were like, you know, one of the old school places.
And I remember, again, I was 12 or 13 years old.
So, back to the story.
So... Well, wait, wait, wait, wait.
Go ahead.
Okay.
Stop you again.
You had a Heathkit story.
I've got one.
Tell me.
My first transmitter was an AT-1.
That's the first one I think they ever made, actually.
So, I didn't have a receiver, Kevin.
So, I built the... I ordered the Heathkit AC-3 that went with it.
And I started to build it, but I didn't read the manual sufficiently.
And in the manual, it talked about clipping lead lengths.
So, when I put a resistor or a capacitor in, I thought, well, it's got to be the right size wire, and so I used all the wire involved.
Well, when I finished building the kit, I had what looked like spaghetti sticking out of the bottom of it.
Yeah.
Because all the leads were, you know, like two inches long.
So they were all sticking out, and when I put it in the case, before I gave it a try, it squished them all down.
So when I plugged it in, Um, well, you can imagine.
Close your eyes and imagine.
But there was smoke and fire.
Oh, no.
Oh, oh, yes.
So if you don't clip the leads, you know, you end up with stuff that sticks, you know, a couple inches.
It's a sad story.
Anyway, go ahead.
Now you can resume.
Well, when you're talking about radio, you know, when they try to take my ham ticket, you know, I'm glad they didn't know about something that I did in my younger years, because remember, I got my amateur radio license about 13, is I used to have so much fun when I was about 16 years old, I guess I was a junior in high school, taking over McDonald's drive-up windows.
Oh, that can still be done, you know.
That can still, so I remember the frequency was 154.6 MHz, and I forgot the PL, the sub-audible tone, but, you know, what you could do is when somebody would drive up to make an order, I'd be using, like, a 5-watt handheld, which would overpower their small little transceivers they'd wear on their head, and when customers would drive up, I'd get to take their order.
And, you know, Kevin taking their order is a lot more entertaining than Donald taking the order.
You know, I'm going to tell you what I wanted to do.
I didn't do it, Kevin, but you'll appreciate it.
You know, in Walmart, they all have headphones and little radios.
In Walmart.
And so, I was thinking, how fun would it be to drive into the Walmart parking lot Announce yourself as the president of Walmart International Visiting, and the first, oh, I don't know, 35 employees to make it out the front door into the parking lot get $1,000 each.
And then just watch.
Oh yeah, that would definitely be entertaining.
But I would never, of course, do that.
Of course not.
So anyway, when I was playing with this McDonald's, you know, people would drive up, I'd take their order, I'd tell them they're the 100th customer, you know, your order's for free.
My favorite is when the cops would drive up, you know, cops would drive up, I'd go, hide the cocaine, hide the cocaine!
Oh, God!
I wish I could have just seen this guy's face, you know, when he drove up to the drive-up
window, but it got to the point that the manager of this McDonald's, this was in Sherman Oaks,
California, on Ventura Boulevard, and this guy was walking out into the parking lot,
he's like looking at all the cars, you know, he's looking, you know, trying to see, well,
who's playing around with the system, and then he didn't see anything, right?
So then his next move was to walk up to the drive-up window speaker, and he actually bends
down to look inside, like somebody was like hiding inside, and of course I keyed down
the mic, I go, what the hell are you looking at?
And this guy flies back about 10 feet.
I mean, hands down, I would say that was my favorite kind of radio trick, but I'm glad the FCC never knew about it.
And moreover, it should be pointed out, the statute of limitations has long run out on that.
Yep, yep.
I'm a little bit older than 16.
So when I was in high school, this other kid said, Hey, Kevin, you know, you might be interested in computers.
And I was kind of, eh, you know, like, I wasn't so interested.
I was more interested in the telephony side.
And back in those days, it was all electromechanical switching, crossbar, what they called step by step.
And so I decided, okay, I'll go meet the instructor, you know, and maybe it would be interesting.
So I meet this guy, this guy named Mr. Chris.
I still remember his name.
And the, you know, I get introduced, and then the instructor's going, well, what's your prerequisites?
Are you a senior?
No.
Did you have these classes yet?
No.
He says, I can't let you in.
And then the other student goes, hey, show Mr. Chris what you can do with the telephone.
Right?
And then it was like watching a guy watching David Copperfield perform.
Right?
I mean, the guy was just like, oh, my God.
And immediately says, I'm letting you in the class.
And wouldn't you know, like the first assignment, this was a programming class, Fortran.
The first programming assignment was to write a Fortran program to find the first 100 Fibonacci numbers.
And at the time, I thought that was the most boring application of writing a Fortran program that they could think of.
So instead, I thought, hey, it would be cool to write a program to steal the teacher's password.
You know, at least that had some utility to it.
So, I didn't know anything about coding, and, you know, I just read, read, and read, and at the time I read a lot about the operating system they used in high school at the time, and I actually wrote this program that was a login simulator, kind of today they call it phishing, and what we used in the time, if you remember this, we had these old Olivetti terminals, they had acoustic coupler modems that would go 110 baud, that's about 10 characters a second, if you could imagine, And they would never, the instructor, when he would log on to the computer, you know, at the Los Angeles Unified School District, he would always stay dialed in and never hang up the phone to re-log in.
So, basically what my program did was it simulated the login process.
So, I was able to steal his password.
He never knew about it.
And so, it came around time to turn in the assignment.
And he came up to me and goes, where's your Fibonacci assignment, Mr. Mitnick?
And I, hey, I didn't do it.
I'm sorry.
I was busy.
And he goes, wait a second.
I stuck my neck out to let you in the class.
You know, even though you didn't have the prerequisites, and you're going to embarrass me by not even doing the work?
And I said, well, I ran a different program in Fortran.
It was a little bit more complex.
You might like it.
And he goes, what is it?
I said, the one to steal your password, isn't it?
blah blah blah blah.
You're the birth and nurturing of what will grow up to be a hacker and a criminal.
We will not hide.
Anybody could be that guy.
Not as young and music high.
Wanna take a ride?
Well, maybe once.
He's not really a criminal.
your ticket when you call one nine five two call art that's one nine five two
two two five fifty two seventy eight all right how Kevin Mitnick is here and you
know joking around about criminals well maybe once he's not really criminal he
works and hacks only for the Lord now actually Um, welcome back, Kevin.
You are there, right?
Kevin?
Kevin!
Kevin!
I'm here.
I was muted, sorry.
Ah, good Lord.
He's a computer guy, too.
Alright, um, so where were we?
You threw me all off now.
We were talking about, uh, when I was in high school, and I wrote that, uh, and the computer instructor allowed me in the class, and he gave me an assignment to write the first, to find the first 100 Fibonacci numbers using Fortran, and said I wrote a program to steal his password.
And got an A. That's what we're talking about.
So when I showed him the program, I mean, first of all, he was, like, shocked that I had his password all this time, but he actually, you know, Took the program, put it up on the chalkboard, and showed all the other students and gave me a whole bunch of attaboys that this was the coolest program that he's seen.
So back when I was in high school, the ethics taught, at least to me and to others, was hacking was a cool thing.
You know, there were no laws against it.
And that's kind of how I started on my path into this hacking endeavors.
So you were bad to the adolescent bone.
Yeah.
All right, so there you are in high school, got away with an A, or I figure went in and put it in one way or the other, got an A. No, no, didn't have to put it in.
Okay.
Yeah, it was just way too easy.
So at some point between the phone tricking and the hacking in high school, at some point there you turned the corner with computers.
How did that happen?
What do you mean by turn the corner?
You mean... Turn the corner.
In other words, from phone phreaking and messing around in school, you somehow then graduated to, I don't know, bigger and more dangerous things.
Oh yeah, well, you know, I started more hacking into the phone company, because at the time I was definitely interested in In phone freaking, then I took the ability of learning about computer systems to breach Pacific Bell and General Telephone's computer networks and gain control of, you know, what, you know, phone company switches, if you will.
So, basically had the ability to do anything with anybody's phone service in, you know, in California at the time, California, Nevada.
And that's kind of what, and we did it not really for any, you know, not any malicious purposes.
It was more for pulling pranks, like, changing uh... what they call the line class code in the
switch on the phone number what that did is
change the type of service so now we go in and change you know our friends
uh... home phones to pay phones you know every time they'd make a call say
please deposit your twenty five cents up to the point of changing up
changing their service to a prison phone so they could only make a lot called and
i also know about seem to recall that phone freaks uh... would get together on dead trunks and they would
speak with each other now i only know these things of course because uh...
i've interviewed so many people like you And please, folks, don't call yet.
They're calling now, and we're not ready for calls.
But anyway, so there would be like party line conversations between phone freaks, right?
Yeah, I remember those days.
Yes, and I would imagine you were, well, with some of the information you had, you must have been kind of like a king back then.
Well, I didn't really associate with many people.
I had a few, you know, close friends that also were into the same type of hobby, and we just wanted to learn everything there was.
So we would, you know, we would talk to others more to, you know, acting like a sponge to get more information.
But we weren't really, it wasn't like I'd sit there and hang out on these conference lines just to talk to people.
That wasn't really interesting.
What I wanted to do was learn the information.
How can I get better?
At gaining more control over telephone company computer systems to pull pranks.
That was really the initial goal back in those days.
Alright, a couple of myths possibly about you, or not myths, you can clear them up.
The whistling you've already covered, but was there something about nuclear weapons, really?
Oh well, oh yeah, so if you fast forward, back to like 1989, I was arrested by the FBI and... Oh, well let's stop here.
How did the FBI get on to you?
Well, one of the guys that was kind of hacking with me got upset with me and he basically called the FBI and told them what I was doing.
So it was basically You were ratted out. He didn't know what I was doing at the
time and so he acted as an informant and basically told him what's going on.
So you were ratted out. Essentially. Yes. Yeah. Exactly.
And he did this why?
Because you were in a tiff with him?
Well, I'll tell you the story.
We'd constantly be betting against each other to see who could do the better hacking.
The bet was always $150.
I'll tell you the story.
So we'd constantly be betting against each other to see who could do the better hacking.
And the bet was always $150.
Dinner for two at Spago's, we figured that's $150.
And I kept winning.
And then he got upset about it and said, well, I'm not going to pay you.
And I said, oh yeah, you're not, you know, even though, you know, we, we, we have this bet going.
He goes, no, I'm not paying you.
And I said, okay.
Then I figured I'd like to, you know, kind of play, play a joke on him.
So, you know, and so what I did is I, on a Friday when he was getting paid, I called up the company and represented, I was with the internal revenue service.
And that we're faxing over our garnishment order, so please don't, you know, please do not give him his check!
And the whole idea was just to inconvenience him for the weekend.
It was like a joke, a practical joke, but he got really, really angry over the whole thing, and then went to his boss and told him all the hacking we were doing, and then they both called the FBI together.
So that's basically how I got caught, was, you know, other people knew what I was doing and informed on me.
That's sad.
Well, the FBI apparently did not get you right away, or you were on the lam for a while, or what?
Well, that was later, so I was basically... Okay, so... So this was your first... So I was arrested.
All right, so this was your first brush with the FBI.
Yeah, first brush, right?
Okay, all right.
I ended up in court, in federal court, and I was arrested on a Friday, and I was in custody at Terminal Island Federal Prison for the weekend, which wasn't fun at all.
And I end up in court, and I'm positive I'm going to get bailed out.
It just matters how much is the bail going to be.
So I end up in federal court, and I walk in, and this attorney walks in that's going to immediately represent me, a federal public defender.
He goes, have you ever been outside the country?
I go, no.
Have you ever had a passport?
No.
And we go into court, and the federal prosecutor starts telling this judge, not only do we have to hold Mr. Mitnick without bond because he's such a danger to the community, we have to make sure he can't get access to a telephone.
And then he goes on to say, if Mr. Mitnick has access to a telephone, even a pay phone in custody, he could dial up to the modem at NORAD, And he could whistle into the modem, and communicate with the modem, and instruct it to pass the launch codes to the ICBMs and start a nuclear war.
And you're telling me this judge... I started laughing!
This judge bought it?
The judge bought it!
Well, the judge maybe didn't buy it, but... Didn't matter.
Didn't matter.
And so I was held in what they call the hole in the Metropolitan Detention Center in L.A.
for almost a year.
The only way I got out of the hole... A year?
A year in solitary confinement.
The only reason I got out was I agreed to plead guilty.
So the prosecutor told my attorney, if Kevin just, you know, does what we want... Wait a minute.
What were the actual charges?
Possession of unauthorized access devices.
So I had access codes to be able to dial into MCI, which was a long-distance carrier, and then hacking into DEC, Digital Equipment Corporation, and getting access to source code of one of their security tools that acted as an automated hacker, because I wanted to learn how the tool worked.
Well, that's fairly serious, actually.
Anyway, there were serious charges.
So in any event, you know, later on, after about a year, I was able to get out of there because... Before we even leave this, what's it like to spend a year in solitary?
It was pretty tough.
Can you imagine, you know, like all your listeners going into their bathroom, you know, in their home and shutting the door behind them and not leaving for a year?
Now, mind you, they allowed you to shower.
For, you know, three times a week, they'd let you go into this recreational area that wasn't so much bigger, you know, one hour a day.
Only I can imagine that after an extremely spicy dinner.
Otherwise... But I'm telling you, I mean, it was pretty horrific, and I wonder how that actually affected me today, but the idea that you're just locked in this cell 23 out of 24 hours a day for a year.
It was just an incredible amount of like, I asked myself today, how did I get through such an ordeal?
And I just did.
You just adapt.
Right.
Well, what did you do?
I mean, did you sit in your cell and just sort of think?
Did you think about computers?
Did you think about women?
What did you think about?
I thought about escaping.
Really?
Really.
So that's kind of like what I thought about, but I had, you know, they allowed me because I wasn't there for being, you know, disciplinary reason.
They allowed me to get a Walkman radio, which passed a lot of time and reading books and, you know, sleeping, you know, so a lot of sleeping, but it was a pretty... Weren't they afraid you'd rearrange the radio and set off a hydrogen bomb?
But, you know, I'll tell you one thing.
So, imagine I'm in solitary confinement in a federal prison, facing, what, 400 years for hacking into Digital Equipment Corporation.
And, okay, remember how they said I was so dangerous, I couldn't be near a telephone, so the judge... Okay, now you suddenly got closer to the mic and you sound better.
I don't know what you did, but...
I'm holding the mic to my face.
I'll start doing that.
So anyway, the judge made a special order that I was only allowed to call five people at the time, and that was my mother, my grandmother, my attorney, my father.
Like, I had five people on the list that I could call, and so imagine I'm in solitary confinement, and at the time I was married, and I could only call my wife some number at the time.
And she was always at work, and funny enough, she worked at General Telephone in Thousand Oaks.
So that was pretty funny.
But in any event, when they would allow me to make a phone call, it was always during the day, so the guard would shackle my hands, shackle my feet, walk me over to this room that had three payphones, and the handset cords were quite long, and then the guard would take out this log book, he'd say,
who do you want to call, and he'd tell me who I want to call,
he would dial the number with a zero in front of it because it always had to be collect,
and he'd hand me the phone, and he'd sit in the chair watching every move that I made.
And then I was thinking.
Just waiting for you to whistle.
No, no, no.
Well, maybe.
But it got even better than this because I figured I had nothing to lose.
What else could they do to me?
I'm in solitary confinement in a federal prison.
It can't get any worse.
So I figured, OK, I'm going to try to beat their system.
So what I did is I would, you know, I'd pace back and forth when I was on the phone.
I'd be scratching my back, rubbing my back against the payphone, you know, facing the guard.
And then I thought, okay, I'm gonna give this a shot.
I really wanted to talk to my wife at the time who was actually at work,
and her number wasn't on the list, the work number wasn't on there.
So basically, I put my hand behind my back and I hung up the switch hook,
and I knew, then I put my hand in front of me and just acted like I was rubbing my back
against the phone again, and I knew I had 18 seconds before it would start going
to what they call a reorder, like a fast busy tone, Right.
And then I reached back, you know, and back at me and acted like I was scratching my back, and I dialed zero plus, you know, the work number, And I was pretty good with using a touchstone pad.
It wasn't that hard.
Sure.
And as I was walking, I acted like I was in conversation because, you know, because the operator was going to call, come on and say, who's the call from?
So I'd say, well, you know, tell, you know, tell uncle Mitchell that, that Kevin said hi.
And when I said the word Kevin, that's when the operator's asking who the call is from.
And I was able to do this right to call anybody they wanted for like, you know, three to four weeks.
And then one morning, about six in the morning, my cell door opens, and it's the executives of the prison, the associate warden, like two of them, the captain, you know, I thought that, you know, maybe a family member had died, something really serious was going on.
Right.
So they brought me into this room, and they sat me down.
And then the captain, he's the head of security, goes, Mitnick, how are you doing it?
And I go, excuse me?
How am I doing what?
He says, well, we're monitoring your phone calls downstairs.
We're actually recording all of them.
You know, you do have notice about this.
And somehow our officer is watching you every second and you're somehow redialing the phone.
How are you doing it?
And then I remarked to him, I said, I don't know what you're talking about.
Do you think, you know, what do you think I am?
David Copperfield?
Right.
Right.
And, uh, yeah, he didn't like my sense of humor.
So they, you know, threw me back in the cell.
And then a couple of days later, Pacific Bell was out and they were installing a phone jack in the hallway near my, where my cell was.
And I was thinking, are these guys stupid enough to actually put a phone in my cell that's like restricted to calling certain numbers?
That was what going through my head.
They couldn't be that stupid.
So, when it ended up that I actually had to make a call, it was a little bit different.
The guard brought a phone.
He plugged it into the jack.
He dialed the number and then put the handset through the trap door, you know, where they feed you in the cell.
So the only thing I could touch was the handset.
So I kind of felt like Hannibal Lecter in the Silence of the Lambs.
Man, what a story.
That's a year in solitary.
Yeah, so I even was hacking from solitary confinement.
All right, so we assume eventually Somebody says, you know, we've got to make a deal with Mitnick and they come to you and they cut a deal.
Did you get away with time served?
No.
No?
Actually, they basically said, hey, deal with us.
We'll let you out of solitary.
You'll spend four more months in custody, and then you'll be inked out.
So basically, I kind of got really tired of being in solitary, so I'd admit I murdered JFK.
It didn't matter.
I didn't care.
So I just signed on the dotted line, and then that ended that part of the story.
Good.
Um, and then, so you were still in custody, but in GenPOP?
Yeah, right.
They moved me over to this place called Lompoc.
It was a camp in Lompoc, California, and I had to, you know, sit there.
Actually, nice place.
I hear it's quite nice.
Yeah, they had a tennis court, swimming pool.
Got to meet some federal judges that were in there.
It was kind of cool.
Some senators.
Kind of like the creme de la creme of criminals.
Yes, of course.
It was quite interesting.
All right, that was experience number one with the FBI, right?
Or was that the only one?
No, no, no.
Then I was out on supervised release, and I'm trying to make a long story short, and what had happened is I kind of got out of hacking at the time.
I got into being a gym rat, so I'd be working out all the time.
I kind of moved my interest in working out and stuff like that, and moving away from From the hacking, and then all of a sudden I had a horrific experience happen to my family.
My brother, my half-brother, he was found dead in his car on the passenger side in a bad area of Los Angeles.
So then I go, I knew the cops weren't interested in really investigating this, that he would just be some sort of statistic.
And I was pretty close to my brother at the time, and I just had to find out what was going on.
I started, you know, getting back into hacking to get into the systems to find out, you know, to look at phone records that might help me identify or figure out what actually happened to my half-brother.
Wow.
I mean, how did hacking help you do that?
Well, I suspected somebody.
We had somebody else in the family, actually, an uncle, who was heavy into using heroin.
And I immediately thought, well, maybe my brother hooked up with my uncle, and something was going on there.
So the first thing I did was get what they call the call detail records of my uncle, my uncle's cell phone at the time, to get his location, where he physically was during the last 48 hours, and anybody that he called.
So I was kind of becoming somewhat of a private investigator to figure out what had happened to my brother.
Yes, unfortunately, I found out my initial instinct was correct, because my half-brother's, well, my uncle's former wife, when he passed away, had come clean with the story that he was definitely the guy behind it, and told me the entire story.
So, unfortunately, my hacking skills didn't help me uncover that it was him at the time, but I found out later that I was absolutely 100% spot-on.
Gotcha.
All right.
Hold tight.
We're in a short break here.
It's half the hour.
Kevin Mitnick is my guest.
He's really something.
As it goes on, you'll see what I mean.
I'm Art Bell.
Well this is Midnight in the Desert.
These calls are unscreened for your listening pleasure.
Call 1-952-CALL-ART.
That's 1-952-225-5278.
Sure is true, we don't screen calls.
No need to.
Whatever comes, comes.
You know, if it's really bad, I've got a button I can push and erase you.
Really sounds bad, doesn't it?
Uh, listen, I wanted to do a fellow a favor, and so he emailed me.
The lumen thing that I use for my back?
He can't seem to get the number, so I'm going to give it to him slowly.
This thing actually works.
It's the only thing that ever has.
So, are you ready?
Got your pencil.
You wrote me a long email about this.
It is area code 828-863-4834.
area code eight to eight
eight six three or eight three four
one more time hope you're writing this down
Area code 828-863-4834.
Like I say in the commercial, it's not cheap, but it works.
And in all my life, nothing else has.
So I use it every single day.
All right, you're back on, Kevin.
Great to be back on your show.
All right, so that was mix-up one with the FBI.
Without ruining the story, jump to number two.
Sure.
You know, I was kind of explaining it before we went to break, and so what had happened is, uh, we already talked about number one.
The number two was a much longer and complicated story that started with, uh, me getting back into the hacking, you know, to investigate why my brother was found dead in a car.
Right.
And, uh, and then I started, like, heavily getting back into this because it was just, uh, just was kind of attractive to me at the time.
Irresistible.
well as irresistible yes and uh...
and i remember that uh...
that the government at the time had uh...
uh...
sent this guy uh... getting justin peterson is the most uh...
also known as as faking was uh... eric hines
They sent this guy who had been involved in credit card fraud and other activity to see what I was up to because they told him it would be a real feather in your cap if you can get some evidence that, you know, Kevin Mitnick is doing something wrong.
So, actually, they were still after you, Kevin.
Yeah, they were still after me, so I kind of figured it out kind of quickly, and then I started investigating the FBI.
And trying to figure out what they were doing, to the point where I hacked into Pactel Cellular in Los Angeles, because back in those days... Listen, I'm sorry to disturb you.
You're a little bit distorted.
Now, I don't know whether you're speaking loudly and far from the mic, or you need to adjust the volume or something, but this time you just began to get a little distorted, like you were hitting it too hard.
Sorry about that.
How's it now?
Was that good?
Yes, better.
Okay.
Maybe I was just getting too excited.
Yeah.
Oh, I understand.
And so they sent this guy to sort of make friends with you and see if he could get you.
Exactly.
So what had happened is I kind of figured out what was going on kind of quickly.
And to fast forward a little bit, I decided, well, I'm going to find out who's investigating me and why they're doing it.
What I ended up doing is I hacked into Pacific Bell Cellular, and back in those days there was only two cell phone providers in Los Angeles, LA Cellular and Pactel Cellular, and I was able to successfully get in, and the first thing I was looking at was the call detail records, that's the real-time, like, billing records to try to identify who Has a cell phone, you know, that it's, that's, you know, provided by their services provided by Pactel that calls this informant guy because I was able to figure out, you know, his home phone number.
And that's another story in itself.
And, um, and then I was able to identify these like five to six phone numbers that were calling him quite frequently.
And then I looked at their billing records and saw that they were calling internal numbers at the FBI.
So it wasn't hard to figure out that the cell phone numbers of the team of FBI agents that
were working with this guy.
So I set up this early warning system.
I was working as a private investigator in Calabasas, which is a suburb of LA.
And I set up this early warning system that basically using a device like a radio scanner
and using a particular software, I was able to monitor the cell site in Calabasas over
radio to determine whether or not any of these cell phone numbers registered, which means
that they're physically in the same location.
So I set up this early warning system for the FBI and nothing had happened I kind of forgot about it and about three weeks later I walked into the office and I heard this loud beeping coming from my office as I walked into it and I go like what's going on this is weird and I looked at the computer and the early warning system had been tripped.
And I go, Oh my God, you know, one of the numbers came up and I, and I knew who had the number because what these agents would do is they'd call their voicemail all the time.
So I'd see this number that was constantly repeating.
And so I called the voicemail and then it would say, hello, you know, this is, you know, this is Ken McGuire with, you know, FBI squad, you know, three or whatever.
And then I knew the names that were attached to the cell phone numbers.
So, this guy, Ken, the guy who was, you know, the lead guy that was, you know, kind of my hand ratty and, you know, catch me if you can.
So, this guy was the lead guy trying to capture me, or catch me doing something wrong.
And so, at the time, I looked at this, you know, capture, and two hours earlier, when I was sound asleep, this guy, Ken, had called a payphone across the street from my apartment at the market.
And I'm going, and I'm thinking to myself, Why?
Why?
That doesn't make any sense.
Like, why is he calling a payphone?
He's at my, in my, at my apartment.
Well, in, you know, complex, two hours and I'm sleeping.
They know where I live.
You know, why didn't they knock on the door?
You know, what are they doing?
They're not there to arrest me.
So then immediately I realized what was going on is they were there to get a description of my apartment premises for a search warrant.
And I go, oh, so that's what they're doing.
So, of course, you know, I immediately went home.
I cleaned out anything that would be interesting to the government.
You know, anything electronic.
Sure.
I put it over at a friend's house.
And then because I was such a smart ass at the time, I decided to go over to the local donut shop.
And I bought an assorted dozen donuts.
And I wrote with a sharpie on the box, FBI donuts.
I stick it in the refrigerator.
And then, on a piece of paper outside the refrigerator with a magnet, I put FBI donuts inside, like with the Intel logo.
I used to say Intel inside, or whatever.
I made it FBI donuts inside.
So, they actually raided me the next morning at 6 a.m.
At 6 a.m., they were trying to key into my door, but I opened it.
And all these federal agents, you know, storming into my apartment in my small one-bedroom apartment and the only thing they found were the FBI doughnuts.
They were pretty pissed.
So, this is another reason why the government, I think, came down on me quite hard, is because I was such a smartass and... Well, I mean, okay, so, they obviously, or did they arrest you on the spot, and so what for?
No, they didn't.
No, they have no evidence that I was doing anything, you know, they have no concrete evidence.
Alright, but after FBI doing us, they hated your guts even more.
I think so.
I think I ruffled a few feathers.
Alright, so then, how did they eventually get you?
Well, eventually, you know, you fast forward.
I lived in Denver, Colorado.
I was working for a law firm.
And then I left there and went to Seattle and worked as a help desk analyst at a hospital there.
And then eventually, well, what happened in Seattle, I was nearly caught.
Back away a little more from the mic.
You're getting very excited.
Okay.
So, I was living in Seattle, and I was almost apprehended there.
And I was able to get away before they knew that it was Kevin Mitnick.
And that's, again, a longer story.
Why were they after you?
In other words, if they didn't arrest you back in the donut days, why are they now hunting you down like a dog?
Oh, because at the time, you know, around the donut days, about a month later, they issued a warrant for my arrest for violating my probation.
Because what they figured out that I had done is, again, you know, this is a real long story, and I actually have a best-selling memoir out there called Ghosts in the Wires.
All these stories are inside there.
Okay, so what did you violate?
Well, what had happened is I routinely used to check Okay.
see if I was being wiretapped, if you'd believe it.
And what I used to do is use what we call the social engineering attack.
I'd call the central office and I'd impersonate security or something, and I would try to
find out if they had certain types of devices in the central office, and then if they did,
I'd have the frame technician go ahead and trace out the connections and give me the
So basically, I was able to call the central office to find out if the phone company had any active wiretaps going at the time.
So what I did is I called the Calabasas central office, I acted like I was with security.
My con was, was, hey, I'm with, I'm with this, uh, with this, you know, I'm with the Pac-Bell security and we, we, we, we have an ongoing case in Canoga Park and we need to know if we have any of our boxes over there because we're going to have to move them to Canoga Park for this investigation.
So the frame tech goes offline and he says, Oh yeah, we have three.
And I go, Oh my God, because at the time I was staying at my dad's apartment and he had three phone lines.
Right.
Right?
So, what had happened is I had the FrameTech trace these connections out and I realized the wiretaps weren't on me, they were on this private investigation company called Teltec Investigations.
And so, I was so ecstatic, because I was so worried that I was being wiretapped, but it turned out to be on some other target.
So, I went home that night, and I told my dad we're having dinner, and I said, hey dad, I was checking to see if we had any wiretaps on the line, you know, over, you know, normal conversation over dinner.
And my dad looks at me like I'm some nut, like I'm living in some, like, spy novel, that, you know, none of this is true.
It's like a figment of my imagination.
It was quite funny.
And then I tell him, well, luckily it wasn't on us, Dad, but it's kind of funny, it's on this PI firm called Teltec.
And then what had happened is he goes, wait a second, I know the manager.
He lives in this building.
He's a friend of mine.
So, a guy named Mark, so he invited him over.
I told him the story, and then immediately they offered me a job, and my job was to find out Who was wiretapping them and why?
Well, you already knew, right?
No, I knew the phone company was doing it, but the phone company was doing it on behalf of the law enforcement.
That's right, of course, yes.
Right?
Yes.
So, they wanted me to figure out what was going on, and I said, hey, that would be kind of interesting.
And so, when I was doing this, I did kind of cool favors for this guy, like I added Special custom calling features you couldn't get at the time.
Like, you know, caller ID.
They didn't have caller ID tariffs in California.
And I added it to this little guy's line.
And so, when the phone company, you know, when they figured out what was going on later, what the violation of probation was, was I was able to find out the phone number of the law enforcement officer.
It was a sheriff, a guy named David Simons.
Who was working the case against Teltec.
And what I did is I hacked into this guy's voicemail.
So basically, I could find out the status of the investigation, and that was the violation charge.
Yeah, that sounds like a dividend violation.
Yeah, definitely.
But you know, the coincidence is this guy, David Simon, so, you know, much later, I'm commissioned to write my first book on social engineering, and it's called The Art of Deception, so my agent finds me this co-author, and his name is Bill Simon.
And we're sitting around talking about all these stories, you know, about my past.
And the funny thing is, this guy David Simon, who I was monitoring for Tel-Tech investigations, is his twin brother.
Small world.
Okay, so you found out they were after you again.
Oh yeah, so he found out it was after me, and again, it's a very long story, and then I became a fugitive, if you will.
For how long?
About three years.
So for three years you were moving from place to place to place, evading the FBI?
It wasn't so hard.
You know, I was really good at creating new identity.
So I think I actually had, you know, good government identity.
And my first identity was, you know, paying homage to Harry Houdini, because my first cover identity was Eric Weiss.
And that's Harry Houdini's real name.
Of course, the FBI had no sense of humor, but I thought it was quite funny.
I'm sure you've learned by now, from Donuts to whatever, they don't... Yeah, Harry Houdini.
They don't like Harry Houdini.
Right.
They don't have a sense of humor.
Government guys that The ones that carry guns, no sense of humor at all.
None at all.
So anyway, so I was working in a law firm in Denver and I remember one of my jobs was, well, one of my duties in the law firm as a system admin was actually, you know how lawyers are, they'll bill you for using a paperclip.
So basically they put me in charge of, you know, maintaining the phone system to make sure that all the
attorney calls were built to the right attorney-client matter.
So basically what I did is I added my own covert code in the system that
if anybody in the law firm had called the FBI in Denver or Los Angeles or the
U.S. Attorney's Office in Denver or Los Angeles, they would send me a page to my
pager.
And it actually tripped a couple times, but it you know, I got really nervous, but it turned out that it
had nothing to do with me.
It was the U.S.
Attorney's, Attorney's Office in LA, but their civil division.
So I used to set up all these early warning system type, uh, you know, schemes, if you will, to, you know, to basically protect, you know, myself when I was on the run.
Alright, uh, skipping ahead because, you know, we have a lot to cover here.
Um, how did the FBI get you the second time?
Well, basically, me and this other guy in Israel hacked into this guy, Satomo Shimomura.
And this guy was a security researcher that worked out of UC San Diego.
And we thought, you know, at the time, we're very interested in the source code to the firmware on cellular phones.
And what these were, were trophies.
So I hacked into many of the major cell phone companies to get the source code to the cell phone.
And it wasn't that I was trying to sell it or trying to do anything.
I wasn't giving it away or publicizing it.
It was simply as a trophy.
So we thought that this guy, Shimomura, who had the source code to the Oki 900, which was a model of cell phone.
So we went and came up with a novel way to break into his system.
And Nobody knew it at the time.
It was using what we call, well, it was manipulating how TCP IP worked with sequence numbers.
And I'm not going to get into the tech behind it.
So basically using this novel attack, we're able to hack this guy.
And right away, I was like suspect number one.
So Shimomura went on kind of like a vigilante mission to help the FBI capture me as, you know, because of course I drew first blood.
And basically what had happened, if you fast forward, is they were able to identify a cell phone number I was using in Raleigh, North Carolina, and run out with radio direction finding equipment to basically nab me.
And mind you, when I was on the run, the first thing I would do is compromise the local Telephone providers, infrastructure.
So imagine I go to Raleigh, I already have control of all the phones in Raleigh.
And what I did is I set up the cell phone number that I was using so you couldn't trace it back.
So basically it would loop in the switch.
They had these switches, DMS-100 switches, and I basically said if they tried to trace the call, a tech, at the phone company, they couldn't do it.
But Sheila Moore was actually pretty smart.
He did a thing, he basically said, well, We know Kevin is dialing into this internet service provider called Netcom, which was a popular internet service provider back in the dial-up days.
So, I don't want to search the call detail records, kind of like what I did with the FBI a couple years earlier, and see if any phones, any cell phones in Raleigh are calling the dial-up numbers.
So that's how they were able to identify the phone I was using, because I used to change my cell phone number every day.
Um, so that's how they were able to go about it.
They went out with radio direction finding gear and found the apartment where I was living under a cover identity.
And they couldn't trace what apartment it was.
So, around, again, I was a gym rat at the time, so I used to go working out at night all the time, so I arrived home about 12, 12.30, 1 a.m., and immediately I went online, you know, to start, you know, my hacking stuff.
Yes.
And I just had a weird gut feeling in my stomach that something was seriously wrong.
Kind of like a, kind of like a deer just before it's going to get shot.
Yeah, yeah, just like something really bad's going to happen.
Yes.
I walk outside my apartment and over I could see the parking lot and I scan the cars in the parking lot because I just I just have this overwhelming you know fear and then I go back in the apartment well it turned out That when they traced the radio signals, I went to the other side of the apartment, but because I went outside and it looked suspicious at 1.30 in the morning that some guy is looking at the cars in the parking lot and goes back in his apartment, that's how the U.S.
Marshal that was on the team to apprehend me actually saw me, and that's how they were able to nab me.
So they were probably afraid you made them.
Yeah, exactly.
So they nabbed you.
This is a local sheriff?
No, it was the FBI.
Alright, you go to trial for what?
I didn't go to trial for anything.
Eventually I was arrested.
I was put back into solitary confinement.
Back into solitary?
And then I was, you know, pretty much on this long road of dealing with The federal government for, you know, a number of years and ended up being, you know, sent back to Los Angeles and I sat in federal custody without a trial for about four and a half years.
We finally settled the case with the government and I ended up having to do about ten more months in custody and then that case was over.
Then basically that's kind of Yeah, my troubles with the law at the time.
And that is... So you spent how long in jail, second time?
Five years.
Five years?
My God!
Was it in general population this time, or again were you... Again, I was in solitary initially until we agreed to...
Certain requests of the government, one of them was to go through a CIA debriefing because the government had thought again that I somehow hacked into CIA systems and when I agreed to do the debriefing, basically on my own activities, they basically never did it.
What I learned The CIA used to have computers supplied by Digital Equipment Corporation, and since I had thoroughly compromised DEC's internal network and had access to everything, they were afraid that I was going to put some code into the operating system to gain access to intelligence computer systems.
So, I never did that, never was planning on it, but that was the fear.
So, basically, I ended up, you know, in custody.
No, I was hacking.
I was breaking the law.
I thought it was a little bit overboard, some of the, you know, like holding me in solitary confinement for, you know, potentially launching nuclear weapons.
But, you know, but I'm so happy that I'm able to put all this stuff behind me.
I mean, you know, this was like, you know, I look at this as all this is behind me and I get to kind of do the same thing.
I mentioned to the audience that now you hack for the Lord.
No, I actually, it's kind of like Pablo Escobar becoming a pharmacist, right?
So, basically, companies hire me.
and my team to basically compromise their physical security, their technical security,
basically everything's security to find whether or not they're vulnerable so they could shore up
their defenses, so they could, you know, resist a real bad guy coming along later and protect
themselves that way. And so you are employed in that manner now? I have my own company.
So basically, companies hire my company to do what we call, it's called penetration testing or ethical hacking.
Right.
And basically, and it's so interesting.
It's, you know, every time I'm dealing with a client, it's a new puzzle.
And it's almost like it's not work.
It's actually a very enjoyable and fun job.
And when I started hacking, it was all for the intellectual curiosity The challenge, the pursuit of knowledge especially, and so it wasn't about making money or causing damage like you hear about these days.
Yeah, but not from their point of view.
Right.
So now, you know, I get to kind of do the same thing I was doing before and have that enjoyment, but at the same time earn a living.
So it's kind of a cool turnaround.
Make any good friends in prison?
No.
Not really.
I mean, trying to think of who I met that was interesting.
Well, that's all right.
I don't really want to go there anyway.
No plan.
No.
Not at all.
All right.
So now you are up on current hacking.
Yes.
This is pretty weird.
I'm getting a weird thing.
You're not sending this, are you?
New video message received.
Play at blah, blah, blah, www.blah, blah, decline.
Weird.
I wouldn't click that.
No, I didn't.
Okay, so now you're up on the current sort of state-of-the-world hacking-wise, right?
Yeah, pretty much.
I mean, what we cover is mostly on the security testing side.
Alright, so let's talk about some current stuff.
Like, for example, Sony.
I mean, that was really, really bad, what happened to Sony.
And, for that matter, the White House, too.
So, with regard to those two hacks, the government, of course, blamed China.
No, North Korea.
Oh, I'm sorry, North Korea, that's right.
Because of that stupid movie.
The interview!
Yeah, it was actually a semi-funny movie.
I enjoyed it.
I watched it on YouTube, but I'm kind of skeptical of whether it was really North Korea, because I really believe that Sony, you know, they have so much internet properties, if you will, that it really wouldn't be that hard to hack into their network.
I think it was China for the White House, right?
That they blamed?
Oh yeah, well every time you hear about a hack on a national security issue, it's always China or North Korea.
It's gotten to the point that every unsolved hack has to be China.
Now mind you, I don't have access to the information the NSA has, so they might have access to certain information or knowledge that they have that Squarely places the blame on North Korea, but personally I haven't seen anything, you know, through any transparency on the government's part to actually prove that's the case.
Well, they probably wouldn't give it out.
Well, why not?
I mean, if they have evidence that it was them, why not?
Because, you know, even that might show their capabilities.
So, at least that's what they can claim.
Yeah, maybe if they're reading Kim Jong Un's email.
They don't want to tell the public about it, I can understand.
Alright, so you don't necessarily think it was North Korea?
I don't know.
I really don't know.
Again, I'm skeptical because I know how easy it would probably be to hack into Sony, and in fact, when the hackers, you know, did this like, you know, doxing, you know, what doxing is, is where they hack into a target and just expose all their, you know, internal information.
Right.
Um, there were some documents in there that, um, uh, that showed that Sony's internal security wasn't really up to par.
And, and mind you, the CEO, Michael Linton, Don't give it out, you know.
domain password to get his email like remotely like don't give it out you know
don't give it to you it's changed it was Sony s o n y m l which is his initials
followed by a three so you have wonder like how can this guy pick such a stupid
password I mean, I already know, like, the pattern.
I'm sure next month it would have been ML4.
The one after that, ML5.
So they really had sloppy security.
And so it's not surprising.
It would be surprising if anybody contacted them, to be honest with you.
My God, that's lax.
I mean, I work for a company.
A couple of years ago.
They sent me a computer, and with it came a key fob.
And this key fob would come up with a new security code for each time you would have to log in.
I'll tell you, I hated it so much, I sent them back the computer and the key fob, and I said, I don't want anything to do with your system.
Send me a laptop, plain old, plain Jane, Windows 7 laptop, and you can take yours and make other use of it.
Well, with that key fob, that key fob actually is a good idea.
I know.
I know.
And people like you... I know.
You don't want to be inconvenienced.
That's the mistake people make, and then they get hacked.
I know.
Now, I do use programs to keep very close control of, you know, any possible problem, but... What programs are those?
Well, I don't want to talk about it.
Okay.
Fair enough.
I've got a lot of computers, and I'm not sure I should be giving out information on that kind of thing, frankly.
Or if you're running Windows 7.
Yes, and I'm being invited to get Windows 10, by the way.
Should I do that, or should I not?
Where's the link coming from?
Your personal opinion.
Oh, it's coming from Microsoft.
I'll give it a shot.
I've heard good things about Windows 10.
Actually, I have too, to be honest with you.
I have.
Windows 8, eh, not so much, but Windows 10 is a pretty good rep.
Alright, hold it right there.
We'll be right back.
I'm Art Bell.
I know you deceive me now here's a surprise.
I know that you have it cause there's magic in my eyes.
I can see...
You got me lovin' you, you got me lovin' you, baby.
It's alright.
You got me lovin' you, baby.
Wanna take a ride from the high desert and the great, great American Southwest?
This is Midnight in the Desert, exclusively on the Dark Matter Digital Network.
To call the show, dial 1-952-CALL-ART.
That's 1-952-225-5278.
Now you may have thought that sounded strange, but that was just your provider dropping packets on you.
No.
That was Ross.
Happens to me once a night, at least.
Welcome back, everybody.
Kevin Mitnick is my guest.
I'm Art Bell.
We're talking about hacking, actually.
And here he is once again.
So this half hour, you know, people really want to call.
I've got to cover a lot of territory with you on new stuff.
And by the way, somebody sent a message, Kevin, that says, Art, Windows 10 is good.
But he says, thank you, Keith, whoever this is, you no longer are able to play DVDs.
It erases the feature and you have to buy a program to keep watching DVDs.
True or false?
Hmm.
Hmm.
Not sure on that one.
I never heard of that one.
Okay.
Do you have the right program to keep playing DVDs?
Well, that's what he says.
You know, I get messages on a computer as I do the show, and that's what he's saying.
Okay, let's go to the next one.
Yeah, I don't like that.
Alright, maybe it's not true.
Maybe he just had trouble.
You know, it could be.
Alright, so, I keep getting these calls, and so it's got to be one of the latest things from Micro... Hello!
An Indian voice says to me, I'm from Microsoft, and the last time your computer booted up, we detected a virus, and then they would have you go to your computer and go through all kinds of gyrations, uh... which lead inevitably to something horrible now i i
never let it go that long
my friend paul uh... he gets these calls as well
and uh... he took one of the guys and he kept him going on for about and
our maybe an hour and ten minutes you know playing dumb like uh...
uh... would you please go to run i can't find run you know i mean just really
given the guy i know you're talking about i have the same thing happened
actually posted the audio to my website
uh... where the guy from the support uh...
I think he called it the Windows Support Center.
Yeah, that's right.
And a guy was calling from India, obviously.
Oh yeah.
And he was telling me that they keep getting messages, my computer's infected.
That's right.
And he was trying to step me through the process of trying to clean up the infection.
So I kept this guy on the line going for a while, and then I had to actually go to an appointment I had, but I actually recorded it.
And I'm looking for it on my website, where I posted it.
It's actually quite funny.
Right.
Paul did that, but after an hour and ten minutes, he told the guy, oh, I've got Apple.
What happened is the guy called him back and called him every name in English that he could think of, and his family, and everything else, and then every Indian curse word he could hurl at him.
I think called him twice.
He was so angry.
Oh, wow.
If you go along with this, And you do, as they say, they're going to inject a virus into your system, and it's probably a pretty serious one.
Is that the one where you've got to pay to get your computer back?
No, that's ransomware.
So what these guys will do is they'll use a program.
They'll have you install a program so they can connect to your computer.
Yes.
And then what they'll do is they'll go ahead and, you know, right in front of you, download some malicious, you know, software to your computer and basically then Try to sell you a product that cleans up the infection.
So, it's basically a money-making scam, and it's been going on for quite some time.
Ransomware is different.
This is a type of malware that will encrypt your files, or will pretend to encrypt your files, and it will require you to pay a ransom to unlock your files, you know, using cryptography, if you will.
They'll encrypt the files, and if you don't do it, you don't get access to your files.
There's even one case where there was a police department, I forgot exactly where in the United States, that actually was hit with this ransomware.
They actually paid the ransom.
Wow.
Yeah.
Is it actually so serious, Kevin, or if you get hit with this ransomware thing, is there a way around it, or is it so tight you've got to actually pay?
Well, you have to think about how do you get hit with this stuff.
And usually the way you get hit with it is the bad guys are using, you know, typical social engineering, which is, you know, using spear phishing attacks or phishing attacks.
So what they do is they trick you as the user I get all that.
doing something like opening up a file that's sent in an email that contains the infection
or clicking on a hyperlink.
If people don't do this, they're not going to get infected.
I get all that.
My question was, if you are infected with this and they want money, is there a way to
get around it and get your system back or do you have to pay?
Well, I actually had a client call me that was infected with this ransomware and what
the ransom was was $5,000.
So I told the client, I said, it's much cheaper just to pay the ransom.
And that's exactly what they did.
They got all their files back.
You know, in some cases, it depends on how much the ransom is.
And what people really need to do is start backing up their data.
I mean, if they back it up and, you know, secure that backup, then even if they get infected with the ransomware, they could just restore the files and be done with it.
Okay.
So, there might be a way around it, but it might be too expensive, depending on how much... Well, it depends.
You know, there's different types of ransomware that, you know, some is fake, where it's not even encrypting your files.
Right.
Sometimes, you know, in most cases it's real, but Okay.
A consumer usually can't figure that out on themselves.
They're going to need to know somebody that's pretty technically astute to be able to determine
if it is in fact real.
So it really depends.
What you really need to do is find some expert that could help you out if that ever happens
to you to find the best course of action.
I'm not saying that you just pay the ransom at all times.
In this particular case with this client, I just recommended it.
I formed a friendship sort of with a guy from Anonymous.
In fact, I had him on the air.
And we talked a little bit about Anonymous.
Now, he doesn't technically say he's in Anonymous, but if you read between the lines, you know, he probably is.
And so he's sort of a consultant of mine from Anonymous, sort of.
Would you think that's a wise idea or unwise?
Well, I mean, Anonymous is kind of like a way that people think.
It's like anybody can kind of jump on this bandwagon.
No, this guy's a real McCoy.
Oh, he's a real McCoy.
I actually think, you know, doing some of the stuff they're doing is kind of a bad idea because it actually doesn't They get a little bit of PR, you know, so if they hack into some police department and expose the officers' home addresses, for example, they get the PR, but they are never able to use that to get what they want.
In other words, they just never advance their agenda.
All right.
There is something on the internet that's below the internet.
You might call it the under-net, you might call it the dark-net.
What do you know about that?
Well, the Darknet is like a kind of... Have you ever heard of TOR, George?
Like the TOR network?
It's some kind of a... Don't cuss at me.
Well, the Darknet... Let's just say there is a way to... I'm Art.
Yes, I know about TOR.
Okay, great.
So, perfect.
So, you know, the Dark Web, it's kind of like, you know, it's like these hidden services through Tor, and there's a lot of, you know, illegal activity that occurs in these services, like, with these services, like selling stuff that is illegal, you know, fake identities for example, drugs.
If you recall the guy that was running Silk Road was a dread pirate, Robert,
he was actually caught even though he was using a Tor hidden service. So there's a lot of
things you could, a lot of services and information that you can buy
on the dark web that is stolen data.
If you look up a dark net in search of information on the net...
Interestingly, one of the responses you get is the darknet is full of criminals and government agents.
And I'm thinking, how do you tell the difference?
Really can't.
I mean, in the case of the Silk Road investigation, apparently, Ross Ubert had an administrator that was part of, you know, administrating Silk Road, and he was actually an undercover DEA agent.
So, you know, how do you really vet somebody's identity on the Internet?
It's extremely difficult.
And is there really a substantial difference between some criminals and government agents?
Well, I'm not going to answer that question.
Well, maybe better not.
Alright, so this following question comes from a movie.
Okay.
But I can't resist.
Could there ever be a fire sale?
Could there ever be one?
I doubt it.
I know what movie you're talking about.
You're talking about Die Hard, right?
Well, actually no, it was a later one.
But the point is, a fire sale, let's explain it.
A fire sale, everything must go, right?
And so in this case, we're talking about a foreign power or a domestic agent of some kind.
Disabling everything, and that means street lights, power, water, communications, you name it.
Disabling, you know, just attacking everything, a fire sale.
I know what you're saying.
I think it's far-fetched, because you'd have to... the attackers would have to compromise such a great deal of... a number of systems and remain undetected.
Now, mind you, remember when I... in the back of the 80s and 90s, when I compromised a lot of the telephone companies around the United States?
Yes.
I had complete control of a lot of switches, you know, at the time, but each... each, you know, set of prefixes required Compromising a different switch, and doing it and staying undetected, and something like that.
So, it is... I think it's a little bit... I think it's pretty far-fetched.
That's stuff that writers put in movies.
Well, maybe.
But, you know, you start hearing about some of the incredible hacks I think they believe that China got the names and IDs and socials of, like... OPM.
You're talking about the Office of Professional Management.
How many was it?
Millions, right?
It was millions.
But not only that, what the attackers were able to get, and this is allegedly China, was access to, you know, people's tops.
You know, when people go for a secret clearance, right, they get all their psych backgrounds, their family backgrounds.
So, the social security number is really easy to get.
I can look up anyone's social security number in 60 seconds on the internet, but the attack on OPM was much, much more personal data that was compromised and actually could be leveraged by a foreign national.
Let's talk about people's privacy.
I mean, the privacy of the people listening to this show right now.
If you really, really need privacy, is PGP any good?
And PGP, of course, means pretty good privacy.
Now, that was written and was said to be unbreakable, I'm sure.
Well, I'm not sure.
Is that now still true or not true?
No, I think PGP is definitely a tool that people could use.
It's, you know, ordinarily, you know, it's used, you know, obviously send, you know, to secure your email.
The problem is, you know, in configuration, normally the average person on the street can easily configure setting up, you know, what they call a private key and a public key.
And then they have to get the person that they're communicating with to do the exact same.
And there's actually a free version of PGP called GPG that anybody can download.
And it actually is a good way to definitely secure your email.
Now, mind you, when you send an email to somebody, You have to have their public key.
Well, one thing you have to make sure is that when you're sending, like if I'm sending, you know, an email to Art Bell, that I really have your public key, that it's not somebody else impersonating you.
Well, alright, look, let's define by who it's impossible.
In other words, the average person, the average even corporation, perhaps, could not decrypt it.
But if NSA wanted it, I assume they'd be able to read it.
I don't know of any known attacks that the NSA is using, at least according to the Snowden revelations, where they were able to crack PGP encrypted email.
Really?
Yeah.
I mean, yeah.
I don't know.
In fact, just the opposite.
I mean, some documents that Snowden released, I remember there were some communications between GCHQ and NSA that they couldn't decrypt information that was protected using PGP.
By the way, how do you like the way Snowden addressed the NSA by saying, can you hear me now on Twitter?
I thought it was great, and I think it's fantastic.
It's like the only person he follows on Twitter is the NSA.
So that's kind of like an in-your-face type of behavior there.
But yeah, I kind of chuckled.
I'm curious of what security precautions he's taking to access Twitter.
Who knows?
I mean, they know he's in Russia.
I'm sure they probably know where he is anyway.
If you were to give Ed Snowden any advice?
What would you advise him in his current position?
Oh, I would definitely advise Ed Snowden that it would probably be a serious mistake to come back to the United States.
I think if he did, no matter what the U.S.
government would promise him, that they would actually put him in ADX Florence, which is like the most secure federal prison in Florence, Colorado, and he would sit there in solitary confinement for the rest of his life.
I wouldn't trust That they would really make any real deal with him.
I think they would actually lie to him to get him back to the U.S.
unless he had access to some information that the government doesn't want made public that he could use as leverage.
Otherwise, I don't see any leverage he really has.
In that regard.
So I think if, you know, he's captured or voluntarily returns back to the United States, I can't really imagine that he wouldn't be locked up in a, again, an ADX Florence for a very long time.
All right.
Well, you understand.
That's my opinion.
You understand that half the country thinks he's a hero.
Half the country thinks he is a spy.
Or not a spy.
A spy is the wrong word.
A criminal.
Yeah, public opinion doesn't matter with respect to Snowden, because even in my case, you know, they had this big Free Kevin campaign about, you know, all the crazy things that were happening in my case, and it didn't... I mean, it raised awareness with the public, but the courts don't care.
The U.S.
Department of Justice doesn't care.
But yeah, it would be nice if he can come back into the United States and they could, you know, pardon him, you know, grant him a Yeah.
presidential pardon, that would be nice, but I can't imagine that the Department of Justice
would simply just cut him a deal.
That would be reasonable.
Yeah.
Yeah.
How do you view him?
Well, I'm actually happy about, you know, I view him as a hero, that he was, you know,
exposed that the intelligence agencies in the United States were eavesdropping on us
without a court order, without a warrant, in basically analyzing all communications.
I don't think, though, he should have revealed our operations against foreign governments.
I think he should have kept that secret.
And, you know, kept it to himself.
But I don't view him as a traitor.
I view him more as a whistleblower hero type than anything else.
Okay.
Well, then about half the country agrees with you, and the other half violently not so.
And so, overall, your advice is, Ed, stay out of the country.
Well, that'd be Canadian advice.
I think so.
I mean, I kind of seen how the government works firsthand, you know, dealing with them for a number of years.
And I went, I went trusted, you know, and, you know, I think, you know, because of the information that, you know, he exposed that they would probably do any, I mean, they brought down a presidential plane, the president of Bolivia.
Was flying through European airspace, you know, what, I don't know if it was a year ago, or I don't remember the exact date, and they forced him to land in Austria?
Oh, I remember that.
Because they thought Snowden was on the plane?
Yeah, yeah, I remember.
So, don't you think that's indicative that the US government would go to great lengths to, you know, to get him?
Probably lucky that plane didn't get shot down.
Yeah, well, that would have been a pretty big horror if it did.
So, yeah, I don't think they would have gone that far.
Well, there's no shortage of horrors going on, that's for sure.
I'm worried about the whole world right now, frankly.
All right, we're going to take a break.
I might have a question or two more, and then I would like to take some calls.
Are you up for that?
I'm up for it.
Good.
Then stay right there.
My guest is Kevin Mitnick.
And he's been a bad boy, and now he's a good boy, and that's only for the Lord.
I'm Art Bell, and this is Midnight in the Desert.
This is a video of me playing the game.
I'm playing this on my Xbox 360.
Probably part of the Dark Matter Digital Network.
This is Midnight in the Desert with your host, Art Bell.
Now, here's Art.
Here I am, and my guest is Kevin Mitnick.
Now, if you would like to speak to Kevin, if you've got a question for Kevin about perhaps your computer privacy, or maybe you've got a question about, I don't know, just about your computer, or if you've got a company, maybe you would like to hire Kevin to try and break in I mean that is what they do after all and that is what Kevin does now he's on the right side of the law and he identifies vulnerabilities you know in people's business systems and this is their livelihood so it's very very important stuff if you would like to call our public number is 1 area code 952
225-5278.
I'll give that to you again.
Area code 952, 225-5278.
Now, there is another way to call.
It's called Skype.
If you have, I don't know, an iPhone, an Android, whatever, a pad, put Skype on it.
And once you've done that, oh it's so easy, go to add a contact, Little plus sign in Skype.
And add us.
If you're in North America, America or Canada, add MITD51.
MITD51.
If you are outside of the United States, we can accommodate you as well.
It's MITD55.
Midnight in the desert.
MITD55.
Alright, here once again is Kevin and Kevin, before we take calls, I do want to ask this.
Is it safe?
And are you hidden sufficiently if you use what's called a proxy?
No.
No?
No, because the service you're using, the proxy service, they have your IP address.
Right.
Now, if you Could you, if you could connect to the initial connection to the internet per se, if you could conceal or disconnect that IP address from being associated with you, for example, by using like a neighbor's Wi-Fi access point?
You know, then, you know, it probably is a lot safer.
But if you just simply use a proxy, it's not going to really, uh, law enforcement could subpoena, you know, the logs and find out where you are.
The same thing is with VPN.
I hear a lot about VPN providers that say, we keep no logs, you know, even if we're subpoenaed by, you know, federal law enforcement agencies, we can't tell them anything about you.
I think that's a hundred percent BS.
Okay.
Because working in the IT industry, you always need to have logs when you're troubleshooting problems.
And I can't imagine that these big-name VPN providers actually really turn it off.
So, again, to really get a good level of privacy, you might think about, well, getting a burner device,
you know, like a cell phone or a burner wireless access point, and then not using that near your normal home or
work if you really want to maintain your anonymity.
But then, how do you go about buying it?
Do you walk into Verizon or T-Mobile and go buy that device?
No, because you're on camera.
No, you have to actually think about every step of the way.
Do you use Uber to go over to Walmart to buy it?
No, because your movements are tracked.
Do you use a rental car?
No, because they have GPS.
So you have to really think about how are you getting the device you're using.
Is it truly a safe way of obtaining it?
Or is it really traceable?
And then where do you actually use that device?
I'm talking about a device to connect to the internet, like a prepaid wireless phone or a prepaid hotbot.
How do you acquire it and where do you use it from?
And then how do you use it?
Do you access Like, if you're doing stuff you want to maintain your anonymity, are you crossing that with the stuff that you're doing in real life, like checking your email, checking your Twitter account, going on to Facebook?
And there's so many ways people can make a mistake and get caught up, and their real identity be exposed.
Alright, very quickly, your favorite operating system, would you prefer Mac, Linux, or Windows?
VMS!
Really?
VMS is an operating system made by DEC that I actually got the source code for, but that used to be my favorite.
I like Linux-based operating systems.
I like Ubuntu, I like Gentoo, I like OSX, I like Macs, but I use them all.
Alright, alright.
Phones.
Android, iOS, or Windows Phone?
I like iOS.
I like iPhone.
You really do?
You like iPhones?
Yeah, I do.
Me too.
I prefer iOS.
I think they're actually more secure than, you know, Androids.
You're hearing about vulnerabilities identified in Android all the time.
Then again, you hear about jailbreaks, you know, jailbreaks that are identified in iOS.
So, both operating systems, you know, have their share of security vulnerabilities, but I do like the iOS model better.
For example, if I'm installing an app, Right, and in Android, it'll ask you, you know, do you want to give this app all these permissions?
And then once you do it, it never asks you again.
When you do that with an iPhone or an iPad, every time you're doing that function, like it wants your location, it's going to ask for your permission every time.
Now, Android is running some sort of anti-Apple ads, showing that Apple Pay seems not to work.
You know, the person is swiping around and they can't get it to work, whereas Android just pays it off, boom, like that.
Are you a fan, number one, of these pay systems?
Are they fairly secure, more secure than, you know, a credit card, for example?
And number two, is it really true that Apple's pay system is having a problem?
Well, I haven't actually used Apple Pay personally, but I've read documents on it and it seems reasonably secure, you know, of how they use their protocol, if you will.
they use their protocol, if you will.
But I actually haven't tried to attack Apple Pay yet.
And I'm curious of whether there's room to do, if they tokenize the information so you're like,
you're credit card number.
Did you say use Apple Pay or attack Apple Pay?
Attack.
I haven't tried attacking it as part of like a security test.
I see.
So, I'm not sure personally whether or not, you know, of any vulnerabilities in Apple Pay to date.
Okay.
You do good work for companies, right?
That is what you do, and I want to give you a chance to, you know, promote that.
You have this ghost team, right, that claims to have a 100% success rate of being able to penetrate any system using technology and any social engineering.
You can use technology and social engineering.
You can get in any system out there.
How can it be 100%?
Well, basically, There's different types of security tests that companies have us do.
There's network testing to look at, you know, what are they, you know, what network services they're exposing to the internet that could possibly be attacked.
A company could have web applications, like when you log on to, like, Bank of America, for example, they're using a web application.
But, you know, so there's different types of security issues.
When clients Allow us to use social engineering.
That means when we could try manipulating the humans that actually operate the computers, and con them into doing something or exploit them that way, our success rate's 100%.
And it has been since we started with the company.
Now, mind you, if a client wants us to test their web app, we don't have a 100% success rate at compromising a web app.
We have a high success rate, but always when we're allowed to use social engineering, we always get it right.
All we have to do is find one person.
Describe in detail.
Well, not that much detail, but as much as you can.
If you were given permission, let's say a large company, To go after them with social engineering, how would you do it?
Well, basically what I do is first get a target list, you know, you know, who in the company, you know, would I be targeting with this attack?
I might, you know, move out, move over to LinkedIn.
A lot of, you know, business people use LinkedIn, you know, social, you know, you know, the social network, LinkedIn, and you can kind of identify the individual, you know, individuals that work at companies, their titles and positions.
You could use, you know, Salesforce has data.com, which gives you another, You know, another way of getting that type of information.
So you're basically kind of building your target list.
And then what I would do is look at, well, what does this business do?
You know, who are their customers?
Who are their suppliers?
You know, who are their partners?
And then come up with an attack, come up with a situation that I would manufacture to get somebody on the inside to comply with the request.
For example, To open up, like, imagine that I'm a new client, or that I'm going to hire a law firm, for example.
The law firm is the target.
And I know that the attorney will want to read some documents about the issue or about the case.
What if I could send a booby-trapped PDF file to a partner at the law firm, and as soon as they open up that PDF file, it exploits A problem with Adobe Acrobat, and then I have full access to that lawyer's system.
So that's like, you know, one simple way that social engineering could be used to attack a system.
Okay, but you do admit that just doing it with computers and trying to make it through firewalls does not always work.
Say that again, Nurt?
I said, just using computers and trying to make your way through firewalls does not always work.
Does not always work, but when we're testing web applications, you know, companies have web applications that are facing the internet.
Sure.
Our success rate is in the very high 90s, but if somebody is saying, You know, they're using, you know, proper security technologies that we might not get in.
Or, you know, or if they're having us look at what network services are being exposed by, you know, their servers to the Internet.
You know, if they're not exposing certain types of Uh, applications, if you will, that we could possibly exploit, then we're not going to get it.
All right.
I want to take a few, uh, few calls here, if I can.
Uh, if they want to get in touch with you for work, how do they do that?
They can go to, uh, our website.
It's Mitnick Security.
That's M-I-T-N-I-C-K security dot com.
Okay.
All right.
Let's go to, uh, QuakeGuy on Skype.
Hello.
Oh, hey there.
How am I sounding?
Uh, sounding all right.
All right, much appreciated for the guest tonight.
It's really a pleasure to ask Kevin some questions.
Awesome program tonight.
Thank you.
I wanted to ask Kevin one or two quick questions.
I have a bit of a background in computers, mainly due to my father.
He got MCSE certified in the early 90s, Cisco certification and all that, and I kind of kick him in the butt now and again for not getting any more into it.
Because I'm on my computer more or less, far more than I should be.
I have a typing WPM of like 120 words a minute plus, and I've always wanted to know where I can start
Amateurly without spending ten fifteen twenty thousand dollars a year on a university degree. Where are you
grabbing your?
network security guys your your Server security guys how can somebody who who has the the
drive has the will and wants to get into this sort of thing?
Where do they start?
Well, you know what what we actually look for is when you know people are in you know in are interested in working
with security is What's their experience like for example as a developer?
Like, if we're looking for somebody that's going to assess the security of web applications, what's their development experience and what technologies, you know, .NET, Java, you know, what background do they have in systems and network administration and working, you know, as a DBA.
Not actually working as a full-time job, but actually have knowledge in these areas You know, how things work, and then looking to, you know, you know, there's a lot of, you know, universities that offer security.
I know you already said you're not interested in going the university route.
Now, I'm kind of self-taught myself, you know, from not being a hacker back in the day, but there's lots of, you know, good resources out there on the internet you might want to look at.
There's a lot of, you know, I remember there was some best-selling book on beginning penetration testing on Amazon.
I didn't actually Look at the book myself, but actually looked at the reviews and the reviews were pretty high you might want to consider Looking at that and look in downloading tools like Metasploit.
Metasploit is a very common penetration testing you know framework if you will and becoming familiar with a lot of the tools like Metasploit and Nmap and Kind of you know going around to different You know, sites on the internet and learning a lot about, you know, security and looking at, you know, what tools and what techniques and processes you go through to actually, you know, test security controls on various operating systems, devices, and so on and so forth.
Either all of that color, or if you want to impress Kevin, spend a year in your bathroom without coming out.
All right, well, fair enough.
One other quick question, if I may.
Do you happen to have any of this sort of information, these recommendations, listed anywhere online?
Or would it be all right if I went through your company and sent an email asking for such recommendations?
That'd be really appreciated.
Yeah, just don't email.
There's also some courses you can take, you know.
There's Offensive Security.
I think their URL is, you know, offensive-security.com.
They have some, you know, I haven't taken the courses personally, but I have some friends that are security experts that have and say that they're very well done.
So you might want to look at, you know, taking some of these online courses that help you, you know, get familiar with, you know, how to, you know, for example, doing an external perimeter test against a network, you know, trying to learn more about, you know, how to exploit wireless networks or applications.
So there's definitely a lot of resources out there.
There's even a website that has a lot of videos.
Alright, so anyway, he can send you an email, so that's easy.
And when you're done with this, Kevin, you might want to run a jitter test on that line you're on, because I'm telling you, you're dropping packets.
That's a hotel, so unfortunately.
I know, I know, I know.
I know, I'm just saying.
On the phone, you're on the air with Kevin Mitnick.
Hello.
Hi.
Hi.
First of all, Art, you've been back on Soundtrack for many years of late-night hacking sprees, so thank you for coming back.
We used to hang out in the same circles.
I have a question for you regarding the novel attack against Tsutomu Shimomura.
Did you come up with that approach, or did someone else provide that?
Exploit for you.
No, we were actually, I was working with this guy, J-S-Z, it's actually detailed in Ghost in the Wires, and we were talking about this method of exploitation, and J-S-Z and I think two other individuals actually coded the attack.
I didn't actually code it, but I was discussing it and discussing the technique prior to the implementation of the code, because we were trying to compromise human market.
And it may go down in history as one of the greatest Tax of all time.
Thank you.
You're very welcome.
You're welcome.
Does your chest puff out a little when you hear that?
One of the greatest security attacks of all time?
Yeah, I don't really believe that.
I think there was a newer attack called Harplead, which I think was much better.
But anyway... Well, I know, but he said it.
I mean...
Well, we were, like, in discussions.
We were talking about techniques that could be used.
It wasn't like, you know, I didn't code the attack.
It was another group of people that were, you know, and it worked quite well, and it was quite novel for the time.
All right.
Kenny on Skype.
Hi.
Hello.
This is Kylie, his wife.
Okay, Kylie.
His account.
Okay.
I had a quick question.
I'm actually a bachelor's degree in cybersecurity, and I was curious as to emerging areas in
the field that you're interested in, you think that are really good to kind of focus on as
a new graduate.
Hmm, that's quite interesting.
Well, you know, I prefer, I like the area of security testing.
That's kind of what I focus on.
But I mean, there's different areas of security like doing forensics, you know, security implementation, you know, working with, you know, being a sales engineer, you know, for a company that's selling security products or actually building products.
I mean, there's so many areas of information security that, yeah, what is your interest?
What do you like to do?
And give me some more information about that.
I have a pretty wide background in the field of security and I actually was just interested in areas of emerging software or companies that you feel have the biggest area for potential growth.
Well, again, with potential growth, I always look at companies that have recently IPO'd.
I don't really want to mention the names of companies, to be honest with you, on the air, but one area that you might want to consider research in or focusing on, and it's a problem that hasn't been solved, is the problem of malware.
Pretty much, it's not hard for any reasonable skilled attacker to bypass any of the antivirus products that are out on the market, and some of the other products that have spun up by other companies could be bypassed as well.
So, there hasn't been a solve yet to solve the issue of malware.
So, that might be some area that you might be interested in focusing on that's still emerging.
Companies are trying to figure out ways to solve the problem.
I'm all for that.
Is it alright if I ask one more question?
Yes.
I was wondering, for your actual security system of choice, why you prefer that one the most out of all the other ones like Linux and all the popular ones, obviously.
Why do I prefer what now?
What security?
I never said I preferred any security system of choice.
You're talking about the operating system?
Yes.
Oh, I said VMS because that was my favorite system to hack back in the day, so it was kind of a joke.
I was like, okay.
You mentioned PGP as being a secure way of actually communicating,
and I was just curious as to why, because in my 101 classes, they were mentioning that was already hackable back in 2005.
Well, I don't know anybody that's broken RS.
You know, I don't know anyone that's broken PGP.
And I'd like, you know, if you could send me... It hasn't been done.
Okay.
No, the PGP hasn't been broken.
Alright.
Now there's ways to, like, you know, steal keys by getting malware on some target machine and stealing, you know, the keys and stealing the key ring, of course.
There's those types of attacks, but PGP hasn't been broken, per se, if you just intercept the encrypted material.
Alright, go on to phones.
Hello, you're on the air with Kevin.
Hi Art, hi Kevin.
Hey.
A couple of areas of interest.
One is with the shift from analog to digital telephony, how has that expanded or contracted phone phreaking?
And the other thing is there's concern about smart TVs snooping on people, and the governor here in California recently signed legislation concerning that.
But I'm thinking that might not be a bad thing, because given the state of TV programming these days, It might be more entertained by me than I'm being entertained by it.
Now there is that.
So anyway, but the digital versus analog and phone phreaking and also how does smart TV snoop on us?
All right, well, let's start with the phone phreaking stuff.
Well, you know, back in the day when we're dealing with analog, we could use, you know, multi phreak.
You know, multi-frequency tones, because it was in-band signaling, per se, and, you know, monkey with the phone network.
Today, that's all changed.
Now it's out-of-band signaling.
In fact, nowadays, anyone could go to the Apple App Store and download a Blue Box app, which would have been a felony to have back in the, you know, probably the 80s or the 90s.
As far as the smart TV stuff, you know, that's definitely concerning from a privacy perspective, There's already been, you know, hacks that I heard about,
about, you know, people that have, you know, the built-in webcam on their
television about being able to enable that webcam and get access, obviously, to, you
know, spy on somebody if they're on the same local network as the TV is on.
But also, a lot of, you know, this new technology, this new emerging technology actually allows you to wake it
up by speaking to it, like some of the, you know, gaming systems.
So you could actually talk to it, and it will wake up when you, you know, when you talk.
And then you have to wonder, like, what, where's that, where's that, what you're saying,
that audio, where's that being sent?
Is it being sent to Microsoft?
Does Microsoft basically store that information, you know, somewhere, even though, you know,
even though you're not actually commanding the actual device, but you have some device
in your home that's actually intercepting your audio and passing it to some third party, that's kind of scary.
Well, I'm in trouble now because I've been talking back to my TV for years, so.
I better watch out!
Alright caller, thank you.
So I've got a question based on the last caller.
The last caller was on a cell phone.
And Kevin, he sounded like he was on a cell phone.
How long and when is it going to take, what is it going to take for cell companies to begin to devote just a little more bandwidth so they don't sound like Bigfoot scat.
I mean, really.
It's got to get better, because it can't get worse.
In fact, I remember that my friend Steve Wozniacki, right when they had digital and analog devices, still had analog, he always used analog phones because they sounded much better.
Same here.
Yes, exactly.
And now that we're in the digital world, we're kind of stuck with whatever provider that we're going with.
Well, yes and no.
I mean, they've eventually got to move more toward the pin drop era.
Right now, you could drop a hammer and you might only hear it as a little distortion on a cell phone.
Yeah.
Yeah, well, I have no idea of when these cellular providers are going to actually improve the quality of their voice calls.
Well, the first one that does will get my business.
I'll tell you that.
I've heard T-Mobile was making a few moves in the bandwidth era.
I haven't kept my ear close to the ground on that issue.
I just figured when it happens, I'll be happy.
And until it does, I'm just stuck using... I'm stuck on AT&T, unfortunately.
Well, me too.
But when it does happen, you'll hear it.
Mike on Skype.
You're on the air.
Thanks for taking my call, Art.
You bet.
Two quick questions.
One is, I keep my passwords in a file and I cut and paste them in instead of typing them in.
Will that help with keyloggers?
Well, I mean, if some attacker has a keylogger on your system, they obviously could do much more than just simply keylogging.
So they could probably just open up the file.
I think it's a bad idea to simply have an Excel spreadsheet or a text file and cut and paste.
Okay, let me finish.
The other issue is, I think it's much better, rather than you choosing your own passwords, that you use a password manager.
You know, there's free ones like KeePass and PasswordSafe, for example, and that way you randomly generate passwords for all the different, you know, sites that you're visiting, for example, and then you protect that with a master password.
But again, if there's malware that ends up on your machine, the attacker could steal the database, keylog your master password, and it's game over.
So, there you go.
Well, thank you.
The second question is, has anybody, either maliciously or trying to impress you, tried to hack you or your company?
I always get that question.
Well, we actually successfully hacked our web server that was managed by a third-party company.
Back in the day, we were paying like $50 a month to this third-party company where we hosted our web server.
And it was completely separate from our network.
And we didn't even have root administrative access to the web server.
We were able to upload, you know, and download files, you know, through FTP.
And this third-party company kept getting compromised.
And I think one of the reasons they were kept getting compromised is because they handled our web server.
So, after dealing with that a couple times, and what we decided to do is we moved over to Well, thank you very much, and glad to have you back, Art.
Thank you very much, and thank you for the call.
I'm thinking of going backwards, you know?
Maybe technology has advanced so far that I need to begin using Netscape.
Thank you very much and glad to have you back, Art.
Thank you very much and thank you for the call.
I'm thinking of going backwards, you know?
Maybe technology has advanced so far that I need to begin using Netscape.
Nobody will know how to hack that anymore.
Well, that's Firefox nowadays, right?
So that's not going to help you.
The Firefox browser is one of the most vulnerable browsers out there.
In fact, the NSA has these Fox Acid servers that they try to redirect you as their target and exploits vulnerabilities in Firefox to drop Malicious software onto your system to monitor you.
Okay.
Alright.
Hold on, Kevin.
We're at a break point, and we'll do one more segment.
Kevin Mitnick is my guest.
And, uh, we're... That was a sneeze.
Hope he's okay.
Hope he's okay.
This is midnight.
Kevin Mitnick is my guest.
But remember, the NSA, well, you know.
To call the show, please dial 1952-225-5278.
That's 1952, call, Art.
I have to do that again, you know, in honor of Kevin being here.
Kevin Mitnick is my guest.
You're welcome to join us via phone line, standard or otherwise.
And of course, on Skype, remember, we are MITT51 in North America.
MIT Heat 5.5 out there in the rest of the world.
And here, once again, is Kevin.
And one more thing I want to bring up with you before we proceed, and that is this.
I have noticed, Kevin, that my bank, which I won't name, And my credit card company, which I also won't name, both have astoundingly good algorithms in place, and in each case where I've had a problem lately,
They have caught it, bam, like that!
I mean, their computer algorithms must be so, so good because they know if that's me or somebody else doing it either by geolocation or by my buying habits or whatever it is, each time the bank or the credit card company has caught it, boom, like that.
Any comments?
I guess you've been lucky because in some cases The banks don't catch it.
Well, yeah.
Right.
And in your case, I guess, again, it's luck.
I hear myself echoing back.
Well, I didn't do anything different.
Okay, that's weird.
I hear myself talking in the background.
Anyway, when I think about financial security, people that want to protect their bank accounts from getting hacked, I think a very simple solution People will spend a hundred bucks a year for their antivirus software.
Imagine if you just double it.
You just go buy a Google Chromebook.
And you use the Google Chromebook.
You use the browser in what they call guest mode, so it doesn't save anything on the Chromebook.
And you only use that to log on to your credit card company, log on to your bank account, log on to your brokerage account at Morgan Stanley or Schwab, and you never keep any passwords, of course, on, you know, the computer you use for everyday use.
That's going to really make it really difficult for somebody to compromise you.
Okay.
I assume you probably went back to your headset and your problem went away.
Oh yeah, I'm back.
Jeff on Skype, you're on the air.
Hey, great show as always, and Kevin, it's good talking to you.
So I'm a CISSP IT security professional, got a source fire certifications and blah blah blah, all that stuff.
Been doing it for a while.
And one thing that I'm noticing, well, first of all, one of my specialties is definitely penetration testing for internal organizations that I work for.
And ironically, I like magic too, which is really cool.
One of the things that I've noticed here that seems to be trending, Gardner put out a study here a while back about bimodal application development.
And of course, everybody who's anybody is using agile type management to where they're creating code and just dumping it in.
And I'll tell you, I will put out study after study, report after report, looking for internal vulnerabilities, external vulnerabilities in companies' systems, and they're paying big money for that stuff.
However, what I find out is this newer trend, it seems newer to me, in taking an offshoring Especially web app code and they're having this stuff done like by India and resources and whatnot.
And I find out that companies seem to be pretty lax about giving some company that they don't even know the people who are working there access directly into their systems to write, test, debug, and produce this code.
And then, of course, the company puts it in production and they're saying, OK, well, it's good and it's safe.
I've just seemed to have a lot of concerns.
It makes me really nervous, and I've seen a lot of companies do that.
I just wanted to get your thoughts on that.
Okay.
Kevin?
Can you hear me?
Yeah.
Okay, great.
No, I completely agree with what you're saying, that you definitely should be concerned about, you know, where you're outsourcing your development.
But more importantly, no matter if it's India, China, or Indonesia, it doesn't matter as long as you're going through some processes that's actually going, you know, somebody that, you know, some team that's quite knowledgeable is going to actually analyze the code.
And look for potential security vulnerabilities in the code before it's actually deployed.
And what you just said, you just mentioned, you know, that was, that seemed to be a huge missing step in the process that basically web app is developed and deployed and that's it.
But there needs to be some sort of security development life cycle there of where any code, even updates to existing code, goes through some processes where that code is evaluated by security knowledgeable people to try to mitigate the chances that they're going to obviously introduce newer vulnerabilities.
Sure.
Okay, quickly to the phones.
You're on the air with Kevin.
Hello?
On the phone.
Hendersonville somewhere.
Hello.
Going once.
Going twice.
Sorry about that.
You waited a long time.
Winnipeg, Manitoba, I think.
Hello.
Hello, how are you?
Fine.
We'll just call me Root User.
Okay, anyways... User?
Root User.
Yeah, okay.
Anyways, our great intro to the show with the Tommy Chong Easter Eggsploit.
That was awesome.
Yes.
Had to remark about that.
But anyways, I have a quick question for Mr. Mitnick about a system I'm currently repairing, working on right now.
It's a laptop, and it was injected with probably a really, really technical source code.
And I was wondering your thoughts.
What do you mean by technical source code?
Yeah, apparently he's got something wrong.
Alright, you're going to have to send us $29.95.
And we're going to fix you right up.
What's the problem, actually?
Okay, well, when you try to put in the super user password, right?
Because I have elevated it, right?
Because the operating system wasn't a Linux-based operating system at the time.
So, when you put in the super user password, when it's plugged in, it's It just fails and fails and fails.
You put it on battery and then it'll go in the first time you put in the password.
Could that be a power grid type of attack?
I've never heard of such a crazy thing.
I haven't either.
Yeah, it sounds like you have a unique issue.
And so, wait a second, you didn't even identify the operating system that you're running with?
Yeah.
Yeah, so I think with this caller, it's a very weird call.
Well, you sent us $29.95.
The second question I have... Well, you didn't answer the first one.
What operating system is it?
Oh, okay.
Originally, when I believe that it got injected, it was Windows 7.
Injected?
What do you mean, injected?
Yeah.
Injected.
What does that mean?
Well, like, when it got infected.
Oh, infected.
Infected.
Very different than injected.
Sort of.
Well, it could have been SQL injected somehow, or you know what I mean, but like, infected, we'll say.
Uh-huh.
Trying to find the root of... And what makes you think that somebody used a SQL injection to compromise your Windows 7 laptop, I think you said you had?
Well, I don't, but I just thought it was, like, because when you take it off of, like, power and put it in on batteries... Well, it's obvious to me, sir, that it's coming through the power line.
It's a... It's a UFO!
It's an injected thing through the power line saying... An alien!
I don't think we can solve your problem, sir.
I appreciate it.
And I doubt anyone used SQL injection on your laptop.
Bill on Skype, hello.
Yeah, hello.
Can you hear?
I hear you.
Great.
Although, you're very far from your microphone, so if you would get close to whatever, you know, injects the audio into your computer, it would be better.
Okay, how about that?
Is that any better?
Oh, way better, yes.
Okay, I use Fedora.
I'm on Fedora 21.
It's the free version of Red Hat Software.
Okay.
Alright.
Now, they use what's called SE Linux.
Right.
Which is a secure Linux.
Correct.
Could you give us some input on that?
The security measures or, you know, whatever?
That's all I have.
Okay, so you're just asking if this Linux you have is secure?
Well, yeah, it sounds like he's considering moving from Fedora to SELinux.
I think it's your concern.
It's a more of a hardened operating, you know, more of a hardened OS.
So I'd recommend if you're definitely look at SELinux.
And if you're interested in looking at the different features of pros and cons of it, you could just use Google.
Okay, let's go to Kurt.
Kurt, hello.
Hey Art, how you doing?
It's Kurt in Tullis in Arizona.
Yes.
I wanted to ask him, just today it was announced here in Phoenix that T-Mobile was hacked.
About a million customers, all their information, everything about everybody.
Wow.
Is there a way that he can trace back to who did that?
In other words, forensic work.
Yeah.
Well, I couldn't tell you.
It's called an incident response.
So when a client gets compromised, they'll hire us to do an incident response.
And in some cases, you know, you can't find who the attacker is because it's so easy to make it look like it's, you know, it's coming from anywhere in the world.
Or imagine, you know, you have the attacker compromises one company system and then uses that as a jumping off point to attack a second company so uh... so it all depends you
know it depends on on you know a lot of factors and you know i can't really
say uh... yes or no to whether you know i could actually trees
back to act in this year if they were really good probably not
on.
All right.
Probably not.
I mean, they just could have used a neighbor's wireless access point, for example.
It really depends on the sophistication of the people doing it.
But then again, people make stupid mistakes, like apparently I read in the news today that The CTO of Uber's, you know, their competitor had hacked into Uber from his home and they were able to trace back the IP address, which I thought was, I thought that was like pretty, pretty insane for somebody.
You know, rule number one, like a fight club, rule number one of hacking is you never do it from home or work.
Yeah.
I guess rule number one of Fight Club is you don't talk about Fight Club, but with the hacking, you know, if anyone is going to do this from work or home, that's pretty careless behavior.
So this guy who recently allegedly hacked into Uber has indeed done it from home.
So I was surprised.
All right.
To the phones and Clearwater, Florida, probably.
My name is Stan and I'm interested in knowing if you could tell me if snort is effective In deterring any type of infection or what would he recommend?
Well, Snort is good for, you know, basically Snort is like an intrusion detection system.
You know, it's essentially free, I believe, open source.
And it basically is a signature-based system.
So, basically, if you're running Snort on a network, you could detect when any of the signatures that are currently being used are triggered as some sort of attack.
But that's not going to really... What?
One problem is that I try to get information from all types of sources and say for instance like Geek Squad tells me that you have to go out and try to find the tech and you're not going to be able to do that they tell me.
Who would I be able to find?
What are you trying to do?
What are you trying to accomplish?
Alright, what are you trying to do, caller?
Properly install the software so I could use it.
What software?
Snort?
Snort software.
Well, I can't walk you through how to install it.
Installing Snort is actually quite easy.
I mean, if you're running a Linux-based operating system, you could just, well, depending on which one, it gives you the aptitude to install it, but then you have to configure it, and you have to configure the different rulesets to detect certain attack signatures that might end up being used over your network.
Either that or get a razor blade, lay it out, use a $100 bill.
Yeah, it's kind of a complex question for this type of show.
Yeah, it obviously is.
Hello there, on the phone, you're on with Kevin.
Hello?
Hello?
Yes, there you are.
Yes, Mr. Mill, Mr. Mindick, I was just curious if you were familiar with and they have James Bamford's work, particularly the Shadow
Factory.
And they have their, at least they used to have their yearly trade show at Crystal City by Fort Meade.
Do you have any idea what he's speaking about?
Yeah, well, James Bamford is an author of, well, I remember he authored Puzzle Palace, and I'm not familiar with any new works that he's done, but he's asking something about Bamford, and I'm unclear what he's trying to say.
Well, that was my perfect example of what a cell phone sounds like, probably in a marginal coverage area, but nevertheless, that's what it sounds like, and that is And has been one of my major complaints now for years.
They're going to get better.
Maybe they'll move back to amps or amps, you know, go back to analog.
No, they're not going to go back to analog.
They can allocate more bandwidth and they can make it sound much better.
I mean, if Skype can sound as good as it sounds, you're not going to tell me that there's not a way for the cell phones to sound better.
It's just that they're trying to squeeze a bazillion of us in a very tiny little pipe.
Is that fair?
Yeah.
No, I agree with you.
All right.
Hello there.
You're on the air with Kevin Mindink.
Hello, Art, and hello, Kevin.
Kevin, could you talk about the fun times you used to have on 435?
It was a radio repeater, your ham radio days.
You used to shut up, Art.
You used to shut up.
Hey, Art, have you ever heard of 435?
Yeah, I know all about 435.
Southern California, yes.
Yeah, so the renegade repeater.
Yeah, I remember the good old days, you know, back... God, I haven't been on 435 for, you know, for years.
Is it still raging, caller?
Yes, it is.
It's in Southern California, obviously, you know that, and we always have fun out here.
But, Kevin, you should tell people that people used to dare you to shut their home phones off.
Oh, yeah.
Richard Burton would shut off.
Have you ever heard of Richard Burton, Art?
He was the only one that I think was prosecuted by the FCC.
Anyway, when I was, during my younger years, me and Burton used to go out and I think at one time I turned off his phone or something when I was like 15.
But anyway, that's a longer story.
Yes, you know the FCC is beginning to shut down a bunch of field offices.
A lot of people are not all that happy about that fact.
And then of course there's others in Southern California that are happy.
I remember I had to like do the code and everything and now it's just so much easier.
It's surprising.
I know.
It's too easy.
Kevin, my friend, as always, thank you for being here.
It has been a pleasure.
And once again, you're going to have a new book, right?
Yeah, it's called The Art of Invisibility.
It hopefully will be out in under a year, and it's gonna basically teach people that aren't so technically astute how to protect their communications, their email, their text messages, their voice calls, how to kind of get off the grid so your nosy neighbor, your significant other, your boss, your parents, or law enforcement or the NSA can't easily monitor your communications.
That's quite agreeable.
All right, my friend, thank you, and we'll do it again one day, of course.
Thank you for having me on your show, Art, it's always a pleasure.
Kevin Minnick, take care.
A pleasure indeed, that was a lot of fun.
All right, well, it's Thursday already, so tomorrow is open lines.
If you have a special line that you think would be particular fun, you can email me.
The correct email address is Art Bell, At K-N-Y-E.
That's Kilowatt, Nancy, Yokohama.
Easy.
Don't get dys... Most people get dyslexic and do it the wrong way.
So it's Artbell at K-N-Y-E dot com.
From the high desert to the world's time zones and all of you living within, goodnight.
Export Selection