Kevin Mitnick
^^ That picture is of Kevin literally breaking into my Mac using an authentication bypass we stumbled upon at BlackHat '21.
Kevin Mitnick was a very dear friend of mine, even though I had a hand in putting him in a federal lockup for 5 years. I also helped get him out. It's a long story.
He recently passed, and I have a ton of stories to tell about him.
Back in the 80's, Kevin was trying very hard to hack Novell. I was a network administrator. Of course, we had no idea it was Kevin, but things were happening that made it fairly obvious that we had a persistent threat. Phones ringing sequentially throughout the building (war dialing) and there were all kinds of other signals... we knew.
Late one night at home I got a phone call from a "Novell" employee. The "employee" wanted direct inbound dial access. Since, I was responsible for the entire network's inbound connectivity I knew this type of request request was abnormal and really outside of policy. I had a nice secure dial-back system for modems where you could not make a connection unless you were sitting at a known phone number. Not only that, any access required approval by a manager, and he had some story about working on a top-secret project called Snowbird (real) and he had to make some emergency code changes but he was in Vail on vacation in a hotel. He needed the coveted, policy-breaking, direct inbound modem access. Right. He was going by the name Gabe Nault, a real employee, and wouldn't you know it, the voice matched the greeting on Gabe Nault's voicemail conveniently mentioned his vacation in Vail. But it was still not feeling right, at all.
So, with the hair on my neck standing up because I had a pretty good feeling I was talking to the bad guy, I played it calm. I said, "Hey man, I'd love to help you out but I need you to do me a favor. I can't even do what you want from here at home, so I'll have to do it in the morning as soon as I get in to the office, but in case I forget please leave me a voicemail". He said he would do that, and that was that.
When I got to work, the voicemail was there and I immediately recorded it into a cassette recorder for safe-keeping, and that is what became the primary evidence in Kevin's case. It took some time to actually catch Kevin, though. There's a whole other book about how Tsutomo Shimomura took him down in Raleigh, NC. But as soon as he was caught, I was super excited to be the star witness in this high profile trial.
So, I was working very closely with the the prosecutors, including Christopher Painter and Ken McGuire for 5 years. Eventually, I got fed up with the delays and more than a little concerned that he hadn't even been given ANY chance to argue for bail or get access to tons of evidence (most of it from me). I asked why it was taking so long. I said "There are people who believe you are violating his civil right to due process". His response sent chills down my spine. I am a huge proponent of the rule of law, and here was pretty much the top prosecutor at the time in the DOJ telling me "Well, they say we are violating his rights but I say we are sending a message to other would-be hackers".
Think about that.
Our right to due process is the only thing that separates us from a banana republic. This was intolerable. If this was acceptable. it means it's OK to put ANYBODY in prison just to send a message to the people you want to intimidate. Your mom, for example.
Well, the rest of the conversation devolved into an idealistic tussle, and I ended up parting ways with the DOJ as a result. I immediately started trying to contact Kevin's lawyers but since all they knew was that I was the star witness on the side of the enemy, they didn't want to talk. I finally left a very convincing voicemail which resulted in me getting a call with both of his lawyers and the real Kevin himself the very next day. Keep in mind, up until that phone call, Kevin and I were real adversaries. Up until then, I had done everything possible to ensure we could get a conviction.
Soon after, Kevin was out of the lockup with a sort of plea deal, but the good thing is he got out. Honestly, he brought a lot of this on himself but that is no excuse for letting our government act like the Gestapo.
A short time later, I got a phone call from Kevin. It was a sincere apology. We decided to meet up, face to face. Of all the places we could have met, it ended up being at RSA in San Francisco and there was a reporter there named Eleanor Abrue. She wrote an article about our meeting, and it went kind of viral. The only thing I didn't like about the article was the misleading headline, "Mitnick Meets His Pigeon", which if you know anything is the exact opposite of true.
The fact is, the only reason we met was I was the only guy in the entire case that managed to trick him into leaving a really useful piece of evidence, the voiceprint from the voicemail. It ended up being the only evidence that was 'direct' evidence, proof that it was Kevin. Everything else was circumstantial. You can't cross examine a keystroke, for example.
Anyway, we hit it off when we met. Somehow, we became great friends in the process, and I have had a wonderful time watching him develop into a real man. I am truly sad he is gone as he was a big part of my life for the last quarter century.
I have to say, I loved this man like a brother and I will miss him more than I can say. I have promised to make sure his soon-to-be-born son is trained in the ways of the Jedi, Amateur Radio, and maybe a bit about staying out of prison. RIP Kev.
Yes, I insisted on taking Kevin to Alcatraz.
THE UNITED STATES V. KEVIN DAVID MITNICK
I. Proceedings to Date
With 25 counts of alleged federal computer and wire fraud violations still pending against him, the criminal prosecution of Kevin Mitnick is approaching its most crucial hour. In reaching this point, however, Kevin has already experienced years of legal battles over alleged violations of the conditions of his supervised release and for possession of unauthorized cellular access codes.
A. Settling the "Fugitive" Question
The seemingly unexceptional charges relating to supervised release violations resulted in months of litigation when the government attempted to tack on additional allegations for conduct occurring nearly three years after the scheduled expiration of Kevin's term of supervised release in December, 1992. The government claimed that Kevin had become a fugitive prior to the expiration of his term, thereby "tolling" the term and allowing for the inclusion of additional charges. After months of increasingly bold assertions concerning Kevin's "fugitive" status, evidentiary hearings were held in which the government was forced to concede that its original position in this matter was unsupported by the facts.
B. Sentencing
In June of this year Kevin was sentenced for certain admitted violations of his supervised release and for possession of unauthorized access codes. The court imposed a sentence of 22 months instead of the 32 months sought by the government. Since Kevin has been in custody since his arrest in February 1995, this sentence has been satisfied. We are currently preparing a request for release on bail.
During this stage of the proceedings, the government sought to impose restrictions on Kevin's access to computers which were so severe as to virtually prohibit him from functioning altogether in today's society. The proposed restrictions sought to completely prohibit Kevin from "using or possessing" all computer hardware equipment, software programs, and wireless communications equipment. After arguments that such restrictions unduly burdened Kevin's freedom to associate with the on-line computer community and were not reasonably necessary to ensure the protection of the public, the court modified its restrictions by allowing for computer access with the consent of the Probation Office. Nonetheless, the defense believes that the severe restrictions imposed upon Mr. Mitnick are unwarranted in this case and is, therefore, pursuing an appeal to the Ninth Circuit.
II. The Government Seeks to make an Example of Mr. Mitnick
One of the strongest motivating factors for the government in the prosecution of Kevin Mitnick is a desire to send a message to other would-be "hackers". The government has hyped this prosecution by exaggerating the value of loss in the case, seeking unreasonably stiff sentences, and by painting a portrait of Kevin which conjures the likeness of a cyber-boogie man.
There are a number of objectives prompting the government's tactics in this respect. First, by dramatically exaggerating the amount of loss at issue in the case (the government arbitrarily claims losses exceed some $80 million) the government can seek a longer sentence and create a high-profile image for the prosecution. Second, through a long sentence for Kevin, the government hopes to encourage more guilty pleas in future cases against other hackers. For example, a prosecutor offering a moderate sentence in exchange for a guilty plea would be able to use Kevin Mitnick's sentence as an example of what "could happen" if the accused decides to go to trial. Third, by striking fear into the hearts of the public over the dangers of computer hackers, the government hopes to divert scrutiny away from its own game-plan regarding the control and regulation of the Internet and other telecommunications systems.
III. Crime of Curiosity
The greatest injustice in the prosecution of Kevin Mitnick is revealed when one examines the actual harm to society (or lack thereof) which resulted from Kevin's actions. To the extent that Kevin is a "hacker" he must be considered a purist. The simple truth is that Kevin never sought monetary gain from his hacking, though it could have proven extremely profitable. Nor did he hack with the malicious intent to damage or destroy other people's property. Rather, Kevin pursued his hacking as a means of satisfying his intellectual curiosity and applying Yankee ingenuity. These attributes are more frequently promoted rather than punished by society.
The ongoing case of Kevin Mitnick is gaining increased attention as the various issues and competing interests are played out in the arena of the courtroom. Exactly who Kevin Mitnick is and what he represents, however, is ultimately subject to personal interpretation and to the legacy which will be left by "The United States v. Kevin David Mitnick".
______________________________
Donald C. Randolph
Ghost In The Wires Book I'm actually in this book. It is worth reading. All the details in it are true.