In the mid-1990s, the hacker Kevin Mitnick was pursued by the FBI, then celebrated as a digital martyr.
Ghost in the Wires
By Kevin Mitnick (Little, Brown, 413 pages, $25.99)
By STEVEN LEVY
Though law enforcement and corporate IT people might disagree, there is something heroic about a hacker. Those who first adopted the term had little to do with criminality. Back then—we're talking 50 years ago—computers were expensive, well-protected servants of the powerful. Early hackers ventured beyond the user's manual, creatively exploring the possibilities of a tool limited only by their imagination. Since computer access was precious, sometimes they had to sneak their way into the systems—but they were motivated by a hunger to learn more and to perform ever more interesting tricks. Technical acumen was valued most of all, and to be called a true hacker was a badge of honor. (click below to read more)
By the 1980s, when personal computers had found their way into the bedrooms of teenagers, a different figure emerged—the young coder who cleverly used his skills to break into big institutions. Though these hackers often created messes and broke some serious laws, there was (and still is) a punkish allure to the idea that a kid in a bedroom could flip out the graybeards at NORAD.
Most of the players from that era have holstered their modems and faded into obscurity. A new generation, armed with vast armies of "bots"—third-party computers enslaved by means of viruses—uses dark hacker arts to steal, conduct warfare or make "hacktivist" political points. But like a cheesy '80s song that keeps picking up radio play, there is one hacker from cyberpunk times who remains an iconic figure: Kevin Mitnick. He first came to public attention as a messed-up California kid whose digital feats made him the focus of an intense FBI manhunt. Now 47, Mr. Mitnick, who is already the subject of a shelf of books recounting his misdeeds, has told his version of the story.
In "Ghost in the Wires: My Adventures as the World's Most Wanted Hacker" (written with William Simon), Mr. Mitnick portrays himself as worth rooting for, a savvy master rodent in a cat-and-mouse game, grinning past his whiskers as he stole the cheese from under the nose of the helpless fat cats. But he doesn't completely fit the hacker ideal that equates status with ninja-level technical skills. Many of the hackers I've met talk of having been transformed by an early encounter with technology. These stories commonly involve parents horrified to see appliances taken apart or rewired. But Mr. Mitnick's story isn't an escape into codes or soldering. A child of divorce abused by his mother's lovers, he was transformed by a friend's father's magic tricks. The lure wasn't so much the cleverness of the illusion as the trickery. "Magic was my original doorway into the art of deceiving people," he writes. What Mr. Mitnick really excelled at as a hacker was "social engineering"—basically, persuading or tricking people into revealing information. "Ghost in the Wires" is loaded with detailed accounts of how he studied the jargon of his targets—Nokia, Motorola, the California DMV—and figured out whom to impersonate when cajoling employees to turn over passwords that allowed him root access (i.e., god-like control) to their computer systems. Mr. Mitnick understood that an organization's biggest vulnerability is the reflexive willingness of its employees to assist each other. His attacks were like a novel virus introduced into a system that had no antibodies to fight it.
Some of his adventures are hair-raising. For instance, he gained entry to a Pacific Bell facility that enabled him to remotely wiretap any customer at will. But after a while, his triumphal accounts of his cons seem not only repetitive but a bit sadistic. And however often he turns to the reader for high-fives—"Who else would have had the balls to investigate the FBI at the same time the FBI was investigating him?" he asks—this joyride is ultimately a bummer. Mr. Mitnick paid a high price for his hacking. It got him arrested and incarcerated as a juvenile. (He couldn't resist hacking phones even as prison guards watched.) Later, his wife left him. His best friend informed on him. As he approached his 30th birthday, he was cut off from his family, running from pursuers and still chasing meaningless "trophies" of forbidden information. Sometimes he didn't even bother to examine prizes that took months of work to steal. After finally being caught, in 1995, he served five more years in prison.
Mr. Mitnick argues that his refusal to take that final step toward evil—using the info-goodies he swipes for personal gain—affirms his virtuous-hacker credentials. He seems baffled that he was worth a nationwide FBI hunt and is flabbergasted when the New York Times runs a front-page story about him. (That was when he realized he was doomed, and indeed he was soon arrested.) When he stole Netcom's database of more than 20,000 active credit cards, he was offended that news accounts didn't specify that it was all in fun. "I'd never had any intention of running up charges on them, and never did," he writes. "That would be wrong. My trophy was a copy of Netcom's computer database. Why is that so hard to understand?" By his own admission, however, he was less scrupulous when it came to wiretapping, intercepting email or even stealing identities to further his stunts.
Mr. Mitnick argues passionately that the authorities went overboard in his case—not only did he spend five years in jail, he was forbidden to touch a modem for another three. The hacker community saw him as a martyr and began a "Free Kevin" campaign. But by his own reckoning, his transgressions were prodigious, and now that the statute of limitations has passed, he gleefully recounts what the cops should have nailed him for.
Nonetheless, later events make Mr. Mitnick's exploits seem somewhat quaint, in size if not in method. The technique used to plunder Google's digital assets in China in 2009 came straight from his playbook: The thieves identified key employees, used known vulnerabilities in commercial software to gain access to their accounts and then swiped passwords to get broader access. Mr. Mitnick, now a security consultant, will be remembered as a coal-mine canary. The capers he conducted were harbingers of our current chaos, one that won't be solved with the high-profile arrest of a single cyberpunk.
—Mr. Levy is a senior writer at Wired and the author of "In the Plex: How Google Thinks, Works, and Shapes Our Lives."
Ghost in the Wires
By Kevin Mitnick (Little, Brown, 413 pages, $25.99)
By STEVEN LEVY
Though law enforcement and corporate IT people might disagree, there is something heroic about a hacker. Those who first adopted the term had little to do with criminality. Back then—we're talking 50 years ago—computers were expensive, well-protected servants of the powerful. Early hackers ventured beyond the user's manual, creatively exploring the possibilities of a tool limited only by their imagination. Since computer access was precious, sometimes they had to sneak their way into the systems—but they were motivated by a hunger to learn more and to perform ever more interesting tricks. Technical acumen was valued most of all, and to be called a true hacker was a badge of honor. (click below to read more)
By the 1980s, when personal computers had found their way into the bedrooms of teenagers, a different figure emerged—the young coder who cleverly used his skills to break into big institutions. Though these hackers often created messes and broke some serious laws, there was (and still is) a punkish allure to the idea that a kid in a bedroom could flip out the graybeards at NORAD.
Most of the players from that era have holstered their modems and faded into obscurity. A new generation, armed with vast armies of "bots"—third-party computers enslaved by means of viruses—uses dark hacker arts to steal, conduct warfare or make "hacktivist" political points. But like a cheesy '80s song that keeps picking up radio play, there is one hacker from cyberpunk times who remains an iconic figure: Kevin Mitnick. He first came to public attention as a messed-up California kid whose digital feats made him the focus of an intense FBI manhunt. Now 47, Mr. Mitnick, who is already the subject of a shelf of books recounting his misdeeds, has told his version of the story.
In "Ghost in the Wires: My Adventures as the World's Most Wanted Hacker" (written with William Simon), Mr. Mitnick portrays himself as worth rooting for, a savvy master rodent in a cat-and-mouse game, grinning past his whiskers as he stole the cheese from under the nose of the helpless fat cats. But he doesn't completely fit the hacker ideal that equates status with ninja-level technical skills. Many of the hackers I've met talk of having been transformed by an early encounter with technology. These stories commonly involve parents horrified to see appliances taken apart or rewired. But Mr. Mitnick's story isn't an escape into codes or soldering. A child of divorce abused by his mother's lovers, he was transformed by a friend's father's magic tricks. The lure wasn't so much the cleverness of the illusion as the trickery. "Magic was my original doorway into the art of deceiving people," he writes. What Mr. Mitnick really excelled at as a hacker was "social engineering"—basically, persuading or tricking people into revealing information. "Ghost in the Wires" is loaded with detailed accounts of how he studied the jargon of his targets—Nokia, Motorola, the California DMV—and figured out whom to impersonate when cajoling employees to turn over passwords that allowed him root access (i.e., god-like control) to their computer systems. Mr. Mitnick understood that an organization's biggest vulnerability is the reflexive willingness of its employees to assist each other. His attacks were like a novel virus introduced into a system that had no antibodies to fight it.
Some of his adventures are hair-raising. For instance, he gained entry to a Pacific Bell facility that enabled him to remotely wiretap any customer at will. But after a while, his triumphal accounts of his cons seem not only repetitive but a bit sadistic. And however often he turns to the reader for high-fives—"Who else would have had the balls to investigate the FBI at the same time the FBI was investigating him?" he asks—this joyride is ultimately a bummer. Mr. Mitnick paid a high price for his hacking. It got him arrested and incarcerated as a juvenile. (He couldn't resist hacking phones even as prison guards watched.) Later, his wife left him. His best friend informed on him. As he approached his 30th birthday, he was cut off from his family, running from pursuers and still chasing meaningless "trophies" of forbidden information. Sometimes he didn't even bother to examine prizes that took months of work to steal. After finally being caught, in 1995, he served five more years in prison.
Mr. Mitnick argues that his refusal to take that final step toward evil—using the info-goodies he swipes for personal gain—affirms his virtuous-hacker credentials. He seems baffled that he was worth a nationwide FBI hunt and is flabbergasted when the New York Times runs a front-page story about him. (That was when he realized he was doomed, and indeed he was soon arrested.) When he stole Netcom's database of more than 20,000 active credit cards, he was offended that news accounts didn't specify that it was all in fun. "I'd never had any intention of running up charges on them, and never did," he writes. "That would be wrong. My trophy was a copy of Netcom's computer database. Why is that so hard to understand?" By his own admission, however, he was less scrupulous when it came to wiretapping, intercepting email or even stealing identities to further his stunts.
Mr. Mitnick argues passionately that the authorities went overboard in his case—not only did he spend five years in jail, he was forbidden to touch a modem for another three. The hacker community saw him as a martyr and began a "Free Kevin" campaign. But by his own reckoning, his transgressions were prodigious, and now that the statute of limitations has passed, he gleefully recounts what the cops should have nailed him for.
Nonetheless, later events make Mr. Mitnick's exploits seem somewhat quaint, in size if not in method. The technique used to plunder Google's digital assets in China in 2009 came straight from his playbook: The thieves identified key employees, used known vulnerabilities in commercial software to gain access to their accounts and then swiped passwords to get broader access. Mr. Mitnick, now a security consultant, will be remembered as a coal-mine canary. The capers he conducted were harbingers of our current chaos, one that won't be solved with the high-profile arrest of a single cyberpunk.
—Mr. Levy is a senior writer at Wired and the author of "In the Plex: How Google Thinks, Works, and Shapes Our Lives."
No comments:
Post a Comment