 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
Hacker Kevin Mitnick speaks out
|
| ||||
(IDG) -- Kevin Mitnick once made a hobby out of breaking into computer systems, causing many network administrators -- not to mention the FBI -- a lot of grief in the process. He spoke to the public Wednesday for the first time since being released from prison in January, telling a group of corporate managers in the computer-security field how to keep hackers like him out of their networks.
The 37-year-old was surprisingly polished, confident and good-humored. Wearing a dark suit and red tie, Mitnick told attendees at Giga Research's Infrastructures for E-Business conference that educating employees about good security practices will do more to protect a company than any technology.
Malicious hackers don't need to use stealth computer techniques to break into a network, he said. Often, they just trick someone into giving them passwords and other information -- a practice known among hackers as social engineering.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| The Standard.com |
| TechInformer: The Thinking Internaut's Guide to the Tech Industry |
| Would you hire a hacker? |
| Thwart hackers with a XyLoc wristwatch |
| Reviews & in-depth info at IDG.net |
| E-BusinessWorld |
| Industry Standard email newsletters |
| Questions about computers? Let IDG.net's editors help you |
| Industry Standard daily Media Grok |
|
Search IDG.net in 12 languages |
| News Radio |
Fusion audio primers
|
|
Computerworld Minute
|
"People are the weakest link," Mitnick said. "You can have the best technology, firewalls, intrusion-detection systems, biometric devices · and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything."
Mitnick, who lives in Thousand Oaks, Calif., a suburb of Los Angeles, was arrested in February 1995 and held without bail for four-and-a-half years. He served eight months of that time in solitary confinement. In March of this year, he pleaded guilty to wire fraud and computer fraud for accessing information on company networks. In an unrelated earlier case he had pleaded guilty to possessing and using an unauthorized access device for a clone cell phone.
He felt his chances of getting a fair trial were small. "There was too much risk," he said. "When you're in that position, you'll plead out to anything just to get out of jail."
He suspects the FBI made an example of him because he embarrassed the agency, which spent three years hunting him down. "When they were watching me and surveilling my movements, I was watching them," he said.
Mitnick is on parole until January 2003, under what he says are the "most restrictive parole-release conditions of anyone." His parole officer has allowed him to use a cell phone (which Mitnick suspects might be used to track his whereabouts), but he is prohibited from using a computer. He had to have someone else create the power-point presentation he prepared for the Giga conference and fax it to him.
As a condition of his supervised release, he also is barred from discussing the specifics of his case or from making any profit from telling his story for seven years. He paid just over $4,000 in restitution, down from the $80 million the government originally sought.
"I deserve to be punished for the illegal transactions, but not to the degree that I was," he said during a dinner interview.
In the meantime, he's getting a lot of job offers: Brill's Content magazine has hired him to write for its Contentville site, a security consulting firm wants him to serve on its board, and he might do a radio show about the Internet. Paramount wanted him to serve as a technical consultant on a movie about cyberspace, but a deal was never reached. An agent at United Talent Agency represents him. Mitnick's options are severely limited by the fact that he can't use a computer or travel outside central California.
Prior to being imprisoned, Mitnick worked as a private investigator, a systems administrator for Passkey Systems in Las Vegas and as a programmer in training at GTE (GTE) before they realized he was a phone phreaker -- someone who breaks into telephone networks. He was a ham radio operator at age 13 and became a phone phreaker at 16.
In addition to the advice he gave out Wednesday, Mitnick defended hackers, pointing out that they are a group whose skill set can be used for good or evil, like lock pickers. Hackers, even "mischievous" ones like he was, are motivated by intellectual curiosity and challenge and are attracted to the element of danger, he said.
Mitnick also noted that he didn't have criminal intent and never profited from his hacking.
"I used to be a prankster. I used to be a pretty good one," Mitnick said. "When I was into phone phreaking when I was a kid, we figured out how to intercept directory assistance for Rhode Island."
"Albert Einstein, in my mind, was a hacker," Mitnick added during a lunchtime Q&A session. "[He stretched] the technology to make things better."
Although the FBI was less than pleased that Giga executives invited Mitnick to deliver Wednesday's keynote speech, conference attendees found value in it.
"I had mixed emotions about listening to a guy" who was imprisoned for hacking into systems, said Alex Vance, director of systems performance at RaiLink in Raleigh, N.C., a subsidiary of the American Association of Railroads. "On the other hand, he has an expert perspective that could only come from one who has done it. And his point was well-taken that we probably as businesses don't have as much to fear from the traditional teenage hacker as we do from those who have done a cost-benefit analysis" to hacking into our systems.
Mitnick also discussed the ease with which people can get passwords and other information that help them gain access to networks without authorization through dumpster diving and other means.
His recommendations:
- Confirm that someone is who they say they are before giving out information.
- Don't pick easy passwords or ones that are real words (password-cracking tools can easily figure them out).
- Don't write passwords on Post-it Notes affixed to computers or other easy-to-find locations.
- Change passwords frequently.
- Use different passwords for different systems.
- Use shredders that destroy documents so they can't be reassembled.
- Physically destroy CDs and diskettes, because deleted or erased data can be recovered.
RELATED STORIES:
Mitnick schools feds on hacking 101
March 3, 2000
Feds warn hackers will be prosecuted; pro-Mitnick protest planned
June 2, 1999
Infamous computer hacker pleads guilty in deal with government
March 26, 1999
The trials of Kevin Mitnick
March 18, 1999
Legendary hacker signs plea bargain to win freedom in one year
March 18, 1999
RELATED IDG.net STORIES:
Who are you paying?
(PC World)
Securing online privacy
(InfoWorld)
Safe passage for corporate e-mail
(NW Fusion)
Getting to the bottom of a security breach
(SunWorld)
Recording industry asks hackers for help
(IDG.net)
Would you hire a hacker?
(CIO)
Thwart hackers with a XyLoc wristwatch
(PC World)
How to reduce risks from e-mail and the Web
(InfoWorld)
RELATED SITES:
Official Kevin Mitnick Web site
Mitnick speaks
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.