I think it's safe to say from our previous articles on Bendelladj and Bogachev that the world will never look nor take any hacker for granted again. The digital era has almost engulfed the entire world we live in. As technology continues to advance, data will play a central role in our businesses and also in our daily lives. I’m certain that even though data brings us more efficient working business models, cybercrime will only flourish and will be the biggest beneficiary of this ongoing battle.
Ex-FBI Director Robert Mueller even goes to the alarming extent of stating: “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again”.
The Making Of A World Class Black Hat Hacker
I don’t think there are too many people who have seen both sides of the coin, and I am certain no one knows this scenario better than Kevin David Mitnick. Mitnick is currently an American computer security consultant, an author and a hacker who runs a security firm named Mitnick Security Consulting. He currently helps businesses test their company’s security strengths, weaknesses and potential loopholes (very much like here at Appknox). Mitnick, we can all arguably agree, has always been in the limelight, although not always for the right reasons. Here’s how he began his journey:
Mitnick from what we know grew up in Los Angeles and attended James Monroe High School. He was enrolled at Los Angeles Pierce College and USC. For a brief span of time, he worked as a receptionist for Stephen S. Wise Temple.
Kevin Mitnick's Early Start
His love for bypassing code began at the early age of 12. His main tools were reported to be social engineering and dumpster diving which helped him bypass punch card systems used in the Los Angeles bus system. He was said to have convinced a bus driver to tell him where he could buy his ticket punch for a so-called “school project.”
Following this, He was able to ride any bus in the greater LA area using unused transfer slips he found in a dumpster next to the bus company garage. Social engineering later became his primary method of obtaining information, which included usernames and passwords and modem phone numbers.
Brewing and Aging His Favorite Drink
It was evident by this time that Mitnick’s love for bypassing code and obtaining user data only grew, but it was also very evident that he was getting a little too carried away with his little successes and getting a little cocky as he drew more attention venturing out into bigger and even more daring activities.
Mitnick’s first unauthorized access to a computer network in 1979 at the age of 16, gave him access to The Digital Equipment Corporation (DEC) computer system (used for developing the RSTS/E operating system software). He was reported to have broken into DEC’s computer network and later cloned their software. This was one of the few and early crimes he was charged and convicted of, in the year 1988.
Following his conviction, he was sentenced to 12 months in prison which was followed by three years of released supervision by authorities. Near the end of his supervised release, Mitnick was recorded to have hacked into the Pacific Bell voice mail computers and was now really playing with fire (as if 12 months in prison wasn’t good enough). This was enough for officials to release an arrest warrant which had Mitnick fleeing from authorities and becoming a fugitive for about two and a half years.
Becoming America’s Most Wanted
After years of hiding, Mitnick was found and arrested at his apartment in Raleigh, North Carolina by a well-publicized manhunt. He was charged with federal offenses related to a two and a half year period of computer hacking which included computer and wire fraud. He was found with more than a 100 cloned cellular devices and multiple pieces of false identifications.
It was only in the year 1999 that Mitnick pleaded guilty to his accusations. He was sentenced to 3 years in prison plus an additional 22 months for violating prior terms of his 1989 supervised release sentence for computer fraud.
Striking Fear Into The Heart of America and The World
Mitnick totally served a five-year prison sentence, spending four and half years pre-trial and eight months in solitary confinement because according to Mitnick, the judge was terrified of him being fully capable of starting a nuclear war by simply whistling code into a pay phone. Apparently, the law officials convinced the same judge that he could somehow dial into the NORAD modem via a payphone from prison and communicate with the modem by whistling to launch nuclear missiles.
He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the internet. Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years.
In December 2002, an FCC judge ruled that Mitnick was mentally stable and well enough to possess a federally issued amateur radio license.
Not Your Stereotypical Climax (From a Black Hat to White)
In spite of having easy access to credit cards, social security numbers, and proprietary software, Mitnick was believed to have never spent a dime of other people's money. He never stole an identity nor pirated a line of code. His motive or addiction was a rather curious one but this, however, got him into a lot of trouble.
Mitnick still continues to wear the hat of a hacker but a hat of a different color. One he wears using legal and authorized compliances. He has written about all his exploits in a book called ‘Ghost in the Wires.'
Mitnick is also currently reported to be consulting for Fortune 500 companies and the FBI. He performs penetration testing services for the world’s largest companies and teaches Social Engineering classes to dozens of companies and government agencies.
Mitnick’s notorious credibility which once made him one of America’s most wanted now has him serving the very same companies he used to hack into. Amongst some of these names are companies like IBM, Nokia, Motorola and other large multinational corporations.
How Safe Is Your Data?
Mitnick very often used basic vulnerabilities in code to exploit and execute his illegal activities. Gartner states that 75% mobile apps fail basic security testing. Our study of mobile apps at Appknox shows that 90% fail the same.
PS: Always remember what a hacker is capable of doing on a web-based application, gives him more options to do on mobile.