Kevin Mitnick, Former Fugitive Hacker, Laments How The Game Has Changed
By 1992, federal agents were closing in on Kevin Mitnick, the FBI's most-wanted hacker. But he already knew this; he was watching them.
Mitnick broke into the local cell phone network, allowing him to detect when agents were near his apartment. When they were close, he removed evidence but left behind a box of donuts in the refrigerator, labeling them "FBI donuts" to annoy his pursuers.
Such games of cat and mouse are recounted in Mitnick's new book, "Ghost in the Wires," which details his life as a hacker and fugitive, breaking into computer networks, creating false identities and running from authorities.
Today, Mitnick, 47, runs his own computer security consulting firm and laments how hacking has changed since his youth. He says it has shifted from what he considered to be a hobby for computer enthusiasts to a global criminal enterprise.
"My drivers for hacking were intellectual curiosity, pursuit of knowledge and seduction of adventure," he said Monday at a book signing in New York City. "It was never about stealing money or writing malware."
Mitnick said he initially became a computer hacker because he loved magic. As a 10-year-old boy, he rode his bike to the magic store to learn how tricks were performed. In high school, he met a friend who introduced him to "phone phreaking," or playing pranks by hacking the circuits and switches of telephone companies. This drove him to greater conquests as a young adult, like stealing source code from IT companies, which drew heat from authorities.
In 1995, after three years on the run, Mitnick was arrested in Raleigh, N.C. He confessed to breaking into corporate computer networks and stealing software. After serving five years in prison, he was released in January 2000, but his plea agreement restricted him from using the Internet for three years and profiting from his story for seven years.
Mitnick said he still feels the same high from hacking into computer systems, even though companies now pay him to find and fix their security holes.
"I did get a huge endorphin rush when I was able to crack a system because it was like a video game," he said. "I get the same endorphin rush today when I get into a client's system. I really feel good about it. So I get paid for what I did illegally years ago."
Convicted computer hacker Kevin Mitnick is seen in this Jan. 21, 2000 file photo after being released from the Federal Correction Institute in Lompoc, Calif.
His book signing Monday night at The Half King Bar and Restaurant in New York was like a miniature version of the DefCon hacker conference in Las Vegas, where hackers demonstrate security flaws in various technologies. In addition to signing books, Mitnick showed how to steal credentials from security access cards and quickly search databases to find Social Security numbers. He also gave out his business card, which doubles as a lock-picking set.
Afterward, Mitnick sat down with The Huffington Post and shared his take on today's hacker world, the biggest cyber-security threats and how consumers can protect themselves from being hacked.
How has hacking changed?
Now it's a trend. Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business. You have the Russian Business Network that leverages hacking skills to commit crime, credit card theft, bank fraud, identity fraud and securities fraud. It's actually a smarter crime because imagine if you rob a bank, or you're dealing drugs. If you get caught you're going to spend a lot of time in custody. But with hacking, it's much easier to commit the crime and the risk of punishment is slim to none.
Is being a hacker today easier or harder?
It's harder in the sense that companies are more secure than they were in the '80s and '90s, but it's easier in the sense that now you have a community of security professionals that share exploit code, develop open source frameworks and have conferences on new security vulnerabilities. So there's a lot of information that is now available that could be used to compromise systems and networks that did not exist when I was a hacker.
Do you think there is more hacking occurring, or is it just being reported more often?
There's more because now hacking has become a mainstream type thing. Before it was computer geeks. The numbers were significantly less. For example, the first DefCon conference [in 1993] was a few hundred people. When I went to DefCon this year there were over 16,000 people.
What do you think of the hacker groups Anonymous and LulzSec?
I think LulzSec started off doing attacks because they perceived a wrong and it was more like sending a message. And then they got so much media attention and so many followers on Twitter that I think they continued because they loved the media attention. Then you had spinoffs because there are young kids who see all the media attention that these guys are creating and want to jump on the bandwagon.
What are the biggest threats to cyber-security today?
I think malware is a significant threat because the mitigation, like antivirus software, hasn't evolved to a point to really mitigate the risk to a reasonable degree. I think insecure web applications and social engineering [are significant threats]. All the major attacks on Lockheed Martin, RSA and Google have used spear phishing.
What should consumers do to protect themselves from being hacked?
If you're on an open wireless network, use VPN [virtual private network]. You could subscribe to a VPN service for $15 a month. Also, if you use a free email service, I highly recommend Google because they have two-step authentication. Make sure your desktop software is updated because that's where people are being attacked today -- Java, Flash, Adobe Acrobat, Windows Media Player, QuickTime. These type of client-side vulnerabilities are being exploited. There is a free product by Secunia called a "Personal Software Inspector" you can download for free. It helps mitigate the risk.
Loading comments… 
First Posted: 08/16/2011 2:28 pm EDT Updated: 01/11/2013 12:28 pm EST