This entry reflects autobiographic facts provided by Kevin Mitnick during his interview at Hak5, specifically outlining social engineering tricks he used.
Shannon Morse: There were a whole lot of security flaws for a lot of corporates, a lot of companies that you write about in your book. Did you run into any kind of problems with those companies when you were writing the book?
Kevin Mitnick: No, because they don’t know about the book until they go read it. I mean, everything is 100% true, so I disclosed real names and real companies, and there’s no defamation in the book. So, as long as it’s true and it’s not under any type of protective order – I could write about it.
– That’s really surprising. I would have thought you’d have to go through a whole lot of legalities to be able to write some of the things in there.
– I had to go through more legalities on using pictures, when the pictures were taken by another party. I had to get signed releases, and I had to go through a lot of trouble, because in some of those pictures, I didn’t know who took them. Like, there was one of the guys named Justin Peterson, who was the government informant against me (using the handle ‘Eric Heinz’), and he was at SummerCon, and somebody else snapped the photo. So I found out who it was, and it took a long time. And especially one on screensavers: when I got off supervisor release they did a show, and I had to go because screensavers were the different companies, so I had to go to, like, Comcast and try to get them to legally release a picture, and it was like buying a house.
– So, was there anything that you couldn’t write about in the book? Like any kind of attacks that you wanted to talk about.
– Yeah, I can’t write about stuff that’s under protective order, because as part of my case the judge, because the government wanted it, put a protective order on stuff, the stuff I couldn’t talk about. But there were other hacks, because what actually happened is this book is 400 pages; I went way over word count. The book was only supposed to be 250-300. And my publisher was going to require me to take out a lot of the stuff, but they read it and loved it.
– Personally, I’m glad you included everything, because it’s interesting.
– One cool story is one of my social engineering, one of my favorite ones. This is like a rewind back to, like, 1984. I was in digital equipment corporation’s network. Their network was like my Disneyland, and I wanted to be able to sniff packets on the protocol called DECnet. And so this one company in San Fernando Valley, where I actually lived, developed a monitor sniffer tool for DECnet. So I wanted to get a copy. And I found out these guys ran their business out of a residence – that was, like, 2 guys. And they had a Vex computer and I was thinking: “How can I hack into it?” Because when I got the dial-up number and when I dialed up, it asked for system password. So there’s no way I’m going to be able to con them that way. So, what I did is I got an update tape from DEC, repackaged it and put, basically, a Trojan on the update tape, repackaged it up, shrinkwrapped it, put it in this box, and then I got a UPS uniform from a Hollywood shop.
– Oh yeah, those are so easy to find.
– I put on a hat, uniform, took a clipboard, and around 7 in the morning I knocked on the door, the guy answers. I woke him up, which was intentional – and I said: “UPS delivery, please sign,” and I was pushing myself into the door, and the reason why is: what do you think I didn’t have that would give me a way?
– An ID?
– UPS truck. No truck. So it took about 7 to 10 days.
– So, you didn’t buy a truck?
– No, I couldn’t afford it. I was, like, 18-19 years old. So, what happened is eventually, after about a week or 10 days they installed the update and I got in. But that was kind of cool because it was physical, it was kind of ‘James Bond-ish’ to me; it was kind of, like, you know: “Could I really pull it off?”
– That sounds actually really fun. So, were you worried about writing any of the different exploits you included here?
– No, I had to take a lot of technical exploits out, the reason being we wanted the book to be available to the general public.
– I noticed that. You made it really easy to understand a lot of more technical hacking aspects that you included in it.
– Yeah, like with .rhosts, which doesn’t really exist these days, but that I was able to explain and then I had different attacks, because, as it worked out, when one attack really works well, you just use it multiple times, it gets multiple targets. So, if you have a zero-day in Windows RPC, or in Apache, or RIS, you’re not going to sit there and try to use a different exploit for each target. You only use the same one over and over. So in a lot of the stories I used them differently. And then I illustrated it, and it becomes a fun read, because it’s calling up somebody over the phone pretending to be the help desk, saying that somebody reported a problem creating files with the period. I said: “Did you report it?”, and this guy, this engineer goes: “No, but can we try it out?” And I say: “Do you have .rhosts file?” And the guy goes: “No, what’s that?” I said: “Ok, let’s try creating one.” So he is creating a file that basically allows me into his system, and I say: “Ok, it works, so I’m going to cancel the trouble and now you can remove the file.” So it was all these different types of ways of using the social engineering and technical hacks to get in.
Read previous: Questions with Kevin Mitnick
Read next: Questions with Kevin Mitnick 3: Escaping Prosecution