• silicon.com
• Technology
• Security

By Elinor Mills, 23 June 2009 15:48

COMMENT

Kevin Mitnick, one of the most famous computer hackers, talks to CNET News about his days on the dark side and why he's now one of the good guys.

One of the first computer hackers ever prosecuted, Kevin Mitnick was labelled a "computer terrorist" after leading the FBI on a three-year manhunt for breaking into computer networks and stealing software at Sun, Novell and Motorola.

Known more for social engineering his way into networks than actually hacking them, Mitnick frustrated law enforcement by staying one step ahead of them.

Finally arrested in 1995, Mitnick pleaded guilty to wire and computer fraud charges and was released from prison in 2002. His notoriety has helped him get lucrative speaking engagements and launch a security consultancy, where he gets paid for doing some of the very actions that landed him in jail.

Here silicon.com's sister site CNET News talks to Mitnick about what got him interested in computers in the first place, the differences between hacking today and three decades ago, and whether it's wise to hire a former blackhat hacker to do security work.

CNET News: When did you start hacking?
Mitnick: When I was 16 or 17 years old, when I was in high school - 1979 time frame; before it was even illegal.

How did you get into it?
I became very interested in phones. I was a ham operator, an amateur radio operator, for about three years and in high school I met this other student whose dad was a ham radio operator and [he] had a hobby of phone phreaking and he introduced me to this.

He was able to do amazing things with the telephone system. He was able to get unlisted numbers. If he had my number he could get the name and address...He could do all these magic tricks with the phone system. I also had an interest in telephony over ham radio… [so] when the phone companies started converting over to electronic systems from electromechanical systems they used front-end computers to control it. So the phone company was in the process of automating their processes. To further my phone phreaking I needed to become familiar with the phone systems' computers. So that was my foray into hacking.

So you went from phone phreaking into hacking?
Yes. The phone company had this computer system called Cosmo, which stood for Computer System for Mainframe Operations. Well, my first hacking occurred as a student at Monroe High School in Sepulveda, in the San Fernando Valley. I met another student who was very heavy into computers and at this time it was the Commodore VIC-20. They offered a computer training course for seniors but I wasn't a senior so he introduced me to the professor. He wasn't going to let me into the class. So I did all these electronic tricks with the phone system and the teacher was amazed and he waived the prerequisites and let me in the class. I think he regrets that decision today.

What could you do with the phones then?
I think I demonstrated calling into comp systems. You could interact with them with your voice and control them by touch-tone. He gave me his name and the city he lived in and I was able to get his telephone number. I was able to interface my ham radio with the telephone system and dial into computers and access them through the touch-tone pad. At that time it was pretty advanced because you didn't have voice response systems then like you do today.

What's the hacking activity you are most proud of?
Ethical or unethical? You probably want to hear about when I was a hacker. I guess my intrusion into Motorola. I was able to call an employee at Motorola and convince her to send me the code for the MicroTAC Ultra Lite cell phone... Motorola had their whole campus protected by SecurID and I was able to use an elaborate social-engineering scheme by also manipulating the telephone network and set up call-back numbers within Motorola's campus. So I convinced a manager in operations to tell one of the employees to read off his RSA SecurID code any time I needed it so I could access the network remotely. That's how I was able to access their internal network and then I was able to use technical means to hack into their development servers for cell phones...I was able to find the source code to all the different cell phones.

I was interested in the MicroTAC series because it looked like a Star Trek communicator. I wanted to understand how these phones worked, how the codes controlled the processor. I wasn't interested in selling the source code or doing anything with it. It was more about the...