Ghost in the Wires: My Adventures as the World's Most Wanted Hacker


Posted on by Ben Rothke

What’s the difference between Kevin Mitnick and Barak Obama?  Due to Mitnick, jobs were actually created.  During the 1990’s when Mitnick was on the run, a cadre of people were employed to find him and track him down.  Anyone who could have an angle on Mitnick was sought after by the media to provide a sound bite on the world’s most dangerous computer hacker.  Just one example is John Markoff, who became a star a journalist for his work at The New York Times, and a follow-up book and series of articles based on Mitnick. 

In Ghost in the Wires: My Adventures as the World's Most Wanted Hacker, the first personal account of what really happened; Mitnick says most of the stories around him were the result of the myth of Kevin Mitnick, and nothing more.  In the book, he attempts to dispel these myths and set the record straight.  

Some of the myths were that he was responsible for the phone of actress Kristy McNichol to be disconnected, and perhaps the most preposterous of them all, that he could whistle into a telephone and launch missiles from NORAD.  The latter myth was responsible for him spending a year in solitary confinement.  Mitnick notes that he thinks it was the federal prosecutor who got that idea from the movie WarGames.

But no one really knew Mitnick or what he was about.  Left on his own, he would likely have been harmless.  All he wanted to do was get into corporate sites, download code, play with the code and then move on to the next target.  It is undeniable that Mitnick committed crimes; but not reasonable for the FBI to have made him a top priority for capture. 

Perhaps the most widely stated myth about him is that he was strictly a social engineer without significant technical experience.  While it was his gift of social engineering that facilitated his ability to get a significant amount of information from unsuspecting individuals; in many places in the book, Mitnick details many technical Unix exploits that he carried out.  The book makes it clear that Mitnick had the deep technical skills necessary to execute on the information he illicitly obtained. 

While the book does have a lot of technical details, it mainly is about the human side of Mitnick. Chapter 1 is appropriately titled Rough Start and he details his early days of growing up in the Los Angeles area. 

These formative years as a hyperactive child, growing up with a single mom who had boyfriends that abused him and one who worked in law enforcement that molested him; may have been what led Mitnick to find solace behind a keyboard.  

Mitnick writes how his first hack and entry into the world of dumpster diving was to forge bus transfers so he could ride around Los Angeles to occupy his time while his mother was at work. 

In numerous places, Mitnick sincerely expresses his contrition for the pain he subjected his mother, grandmother, aunt, wife and others to. 

Above and beyond his rough start, Mitnick also notes how he had his share of bad luck.  He writes that too many times when he was growing up, including having to deal with various probation officers, unexplained failures in technology anywhere would be attributed to him.  When the phone of his probation officers went dead, he was assumed to be the culprit.

The reality is that the world did not know what to make of Mitnick or what to do with him.  It is pretty clear from the book and from every other account what Mitnick was never it in for the money.  He simply was a hacker whose goal was to gain root, and nothing more.  Such a notion was incredulous to law enforcement, and even to Ivan Boesky who Mitnick met in prison.  When he briefly sat with Boesky on a prison bench, he writes that when Boesky found out he did it for the hacking thrill, Boesky replied that “you’re in prison and you didn’t make any money.  Isn’t that stupid?”.

It is worthy to point out that Mitnick’s escapades were radically different from that of Frank Abagnale, whom Mitnick is often compared to.  In Catch Me If You Can: The True Story of a Real Fake, Abagnale writes that he impersonated an airline pilot, masqueraded as the supervising resident of a hospital, practiced law without a license, passed himself off as a college sociology professor and cashed over $2.5 million in forged checks; all before he was twenty-one.  For those myriad offenses, Abagnale served five years in prison, roughly the same amount of time that Mitnick served.  

In chapter 31, it details how Mitnick’s world turned upside down and the myth of Kevin Mitnick went took hold with the now infamous Markoff 1994 New York Times article Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit.  Mitnick writes that the article is what put the myth of Kevin Mitnick into overdrive, and would later embarrass the FBI into making the search for him a top priority.  It also provided a fictional image that would later influence prosecutors and judges into treating him as a danger to national security. 

Mitnick’s eventual capture is detailed in chapter 35 - Game Over.  He notes that Assistant US attorney Kent Walker made a secret arrangement to provide Tsutomu Shimomura with confidential trap-and-race information as well as confidential information from Mitnick’s FBI file.  This was done so Shimomura could intercept Mitnick’s communications without a warrant, under the premise that Shimomura was not assisting the agency, rather he was working for the ISP. 

Mitnick writes that he was never charged with hacking Shimomura, as it would have exposed the gross misconduct of the FBI, who apparently violated Federal wiretapping statues in the rush to track him down. 

Overall, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker is a most interesting read.  While the book does goes into technical details of how Mitnick carried out his attacks, editorWilliam Simon provides the editorial assistance needed and makes the book extremely readable and enjoying.  Muck of the books readability is due to Simon, and Mitnick acknowledges this. 

When a convicted felon writes a book emotions run high.  In some ways, Mitnick’s story is that of redemption.  He did wrongs, paid his dues and is trying to move forward. Something like that should be admired.  Never does Mitnick downplay his guilt or make Dan White-like excuses. 

Redemption displays itself in that we live in a society where a mayor can be convicted of illegal drug possession, failure to file tax returns and pay taxes, and despite a history of political and legal controversies, remain a figure of enormous popularity and influence on the local political scene of Washington D.C., and a former governor can be involved in a prostitution scandal, forced to resign, and then later join CNN as a political analyst. 

But some people will never let a person like Mitnick let go of the past.  In his review of the book, Rich Jaroslovsky, a technology columnist for Bloomberg News shows no sympathy for Mitnick when he pretentiously writes that “genius comes in many forms. Kevin Mitnick has at least two, neither particularly admirable”.  

The book ends with Mitnick’s release from prison and provides the reader with a fascinating story of one of the most recognized information security personalities.  Ghost in the Wires is an interesting account of one of the most well-known information security personalities. 

Mitnick’s years on the run were simply a media circus and the years after his parole found the terms of his probation so restricted that he could not touch a keyboard.  Ghost in the Wires: My Adventures as the World's Most Wanted Hacker is an autobiography long in coming and worth the wait.

 


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security anti-malware

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs