by Mitnick Security Consulting
the untimely death of hacker legend and social engineer mastermind Kevin David Mitnick.
Mitnick’s exploits, both past and present, taught every hacker, from the underground to the Information Security industry, that there’s no limit to what curiosity and ingenuity can achieve. Moreover, this man had one hell of a redemption arc, going from the FBIs most wanted computer hacker to the industry’s leading cybersecurity consultant.
I first heard about the story of the prolific fugitive hacker Kevin Mitnick when I was a child. It was the mid-1990s, and Mitnick, who went by the hacker alias ‘The Condor,’ had been at the top of the FBI’s Most Wanted list for some time and was finally apprehended by the FBI after eluding law enforcement on a two-year-long manhunt. The stories about him were both terrifying and mesmerizing, especially since his crimes were that of curiosity and not for monetary gain or theft of trade secrets.
Mitnick was arrested on (14) counts of wire fraud, (8) counts of possession of unauthorized access devices, interception of wire or electronic communications, unauthorized access to a federal computer, and lastly, causing damage to a computer.
A lot of terms were being thrown around I didn’t understand, and neither did anybody else who wasn’t either a lawyer or in the underground scene at the time. I quickly forgot about the media uproar. But the media didn’t. It continued with its fervor because Mitnick wasn’t like anything the world had ever seen at the time. He was unique, and so were his so-called “crimes.”
This reminds me of a passage by The Mentor in his historic essay entitled, ‘The Conscience of a Hacker’ – commonly known as the ‘Hacker Manifesto.’
"But did you, in your three-piece psychology and 1950's technobrain ever take a look behind the eyes of a hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world…"
I know what some of you must be thinking right now. “Didn’t Mitnick steal thousands of credit card numbers? It’s curious to note that while he was accused of stealing trade secrets, he was never convicted of it. Also, while he was, in fact, found guilty of committing wire fraud, it was never proven in court, nor was it the focus of his charges – whether he had stolen money from the thousands of credit card numbers he obtained from the systems he compromised.
This isn’t unusual to me. As someone who joined the hacking scene during the time of his incarceration, it was common for hackers to collect and possess credit card numbers, even without having the intent to use them. Call it a dichotomy. The 3-digit PIN on the backs of credit cards was added in the early 90s because hackers had cracked credit card number algorithms and could generate working credit card numbers instantly. I used to have a credit card generator in the 90s.
He was the first for many things, especially in a world where the term “hacker” suddenly ceased carrying the connotation of a “tinkerer” and later a “programmer.” His prowess and ingenuity with telephony, computers, and telecommunications systems terrified the uneducated masses because he couldn’t be placed into a category that was easy to define. Why didn’t he steal the money? How could he access proprietary sensitive information without launching a single keystroke?
In retrospect, the words of The Mentor continue to resonate when I think of Mitnick. I feel like this is relevant because both The Mentor and Mitnick derived from an era where hackers just wanted to explore, push boundaries, and test the limits of their skills. Mitnick didn’t hack because he was malicious. He hacked because he was motivated by something else entirely.
“Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.”
Before Mitnick became a household name, if someone mentioned they were a hacker, they were met with shrugs and confused looks. After Mitnick, hackers were met with witchhunts. What isn’t understood is usually feared, and the fearful tend to raise converts to fear. Technology in the first couple of decades was still being explored, especially by general users and industries who largely didn’t become proactive until Y2K. Only a few possessed the inquisitive minds needed to exploit it and learn its depths.
The Free Kevin movement
After Mitnick was captured and found himself at the receiving end of a judicial lynch mobbing, the Free Kevin movement was born. The movement spread as quickly as a computer virus but with the polar opposite effect: the movement dispelled rumors and shattered the myths driving the whole hacker-Mitnick hysteria. They spread facts and labored to undo the groundwork of fiction pathed by a misinformed and exploitative media.
One way to put it is that we went from believing that Mitnick could start a nuclear war by whistling launch codes from a prison payphone to realizing how ridiculous that sounds. Moreso, we realized how disappointed we were that a judge actually believed that hype.
Protestors mobilized outside the prison where he was confined, holding Free Kevin banners. This caused prison authorities to place the prison on lockdown. Supporters also defaced websites across the world, bearing the image “Free Kevin.”
I didn’t fully understand the scope of this hacker’s story until I was 17 and had already received my baptism into the hacker underground. It was now 2001, and I watched the Kevin Mitnick documentary, Freedom Downtime, directed by the editor and chief of 2600 Magazine: The Hacker Quarterly.
From the time I was 11 until I was already a teenager, Mitnick had been fighting his case from jail for 4 and a half years, had spent 8 months in solitary confinement, and had just started his 5-year sentence, which, after spending most of this time already detained, counted toward the rest of his sentence.
By Mitnick Security Consulting
The documentary was itself a protest against the film Takedown (2000) by Miramax, which depicted a brazenly false portrayal of Mitnick (played by Skeet Ulrich) as being violent. It also featured a divergent, fictional narrative of Mitnick being convicted and serving a long-term prison sentence.
What’s bizarre is that at the time the film was in production, Mitnick had not even been to trial yet. This means he had yet to be found guilty of his charges in a court of law.
But the scriptwriters for this Hollywood film took the liberty of doing that for him. Regardless, he had spent nearly 5 years in jail, held without bail in a high-security detention center. The film profoundly taught us what the Free Kevin movement meant, and the movement taught us what happens to hackers when they’re caught.
In a world that lusts for sensationalism, Mitnick was crucified for the entertainment of the uneducated masses. He was the subject of rumors and myths and made out to be the “Darth Vader” of the cyber world.
Additionally, everyone seemed to be hungry to seize the opportunity to profit from his story. Books and articles were written about him without him even being interviewed, and yet he was legally bound to keep his mouth shut and not tell his own side of the story.
This was enforced with a gag order by the court as a condition of his supervised release. (Since we all know the government doesn’t lie.)
Then, on August 15th, 2011, Mitnick’s memoir Ghost in the Wires hit the bookshelves. At last, Mitnick was telling his version of events, and for the first time in over a decade, the world was listening. Also, for the first time, hackers everywhere began to rise up and cry out against the injustices in his case. It was a cry that was heard around the world.
A redemption arc like no other
How does someone, who was a repeat cybercrime offender of this magnitude, go into the prison system after having been egregiously subjected to unfair treatment at the whims of a justice system that barely comprehended the technicalities of his criminal charges and what he actually did, come forth and rise from the ashes of notoriety? That’s precisely what he did, and he did so without pursuing vengeance.
He went from chains to publishing four books, his last being his memoir, which became a New York Times bestseller. He went from being voiceless to being an extremely energetic and outspoken public speaker. Moreso, while journalists used to call him “lonely” as a means to insinuate that he had no life, Mitnick became surrounded by thousands that loved him and looked up to him as history’s greatest hacker-turned-cybersecurity penetration legend in which there is no equal.
For every one of those yellow journalists that wrote defamatory and sensational front-page news articles and biographies about him, Mitnick now gets the last laugh. I say this because Mitnick went from chains and ashes to blazing with career success, while those that tried profiting from the single-sided narrative driven by the media are just as unimpressive as they were twenty years ago.
by Jesse McGraw
The original article can be found here