Final part of this interview is a Q&A section, where Kevin Mitnick answers viewer questions about his attitude to today’s hackers and other relevant matters.
Shannon Morse: Well, Kevin, right now we are going to have some awesome viewer questions for you. Alright, so the first one comes from Filipe. He asks: “What do you think about the recent hacking activities of groups like Anonymous and the release of classified documents on the web, like Wikileaks. And how would you contrast that to hacking back in the day?”
Kevin Mitnick: Well, it’s certainly a lot different from hacking back in the day. When I read about this stuff I go: “Wow, these guys have balls.” First of all, I look at Wikileaks; there wouldn’t be the Wikileaks without Bradley Manning. So, without Bradley Manning handing over all those documents, if he in fact did it, nobody would even known who they are. So, is it really Julian Assange, or is it Bradley Manning? That’s a question. But groups like Anonymous and especially LulzSec – it’s like “in your face”, right? “We’re going to do a DDoS attack against the CIA”, and today is “Fuck FBI Friday”, you know, and stuff like this. And I’m going: “I wonder how long it’s going to take before these guys are caught”.
And I’m looking at their Twitter feed – like, 300,000 people, and I’m looking at the times they tweet, you know, the type of language they’re using, and I kind of pinned it: I think these guys are in the UK, and eventually there were 2 guys arrested in the UK, they were leaders of the group. And it didn’t surprise me they were, like, 19-20 years old.
But the sophistication of their attacks – they’re using Low Orbit Ion Cannon to do server attacks – that’s stupid, because that’s doing a full TCP handshake, right? So there’s no way to spoof your source address – that’s when I’m thinking that’s kind of stupid. And then, more sophisticated users or members of Anonymous or LulzSec are really exploiting SQL injection. So, again, that goes to the answer: was I really that good or the security that bad? I think it really illustrates there’s a lot of low-hanging fruit out there, a tremendous amount. Look at Sony, what were they hacked – 22 times?
- I don’t even know. I stopped counting a long time ago.
– I bet their CSO is having a bad day. Of course it’s different, it’s subsidiaries that are being compromised, but it’s just like they went wild after Sony. I don’t know if that had to do with George Hotz and that whole suit against him for cracking the PS3, or if it was like: “Hey, this is a cool target.”
- Well, thank you Filipe. The second question comes from Nate, he says: “Who do you look up to?”
– Harry Houdini; Bruce Lee is one of my idols. I really look up to Steve Wozniak, because the guy is an amazing guy. He actually did the foreword of my book, which is amazing. I wasn’t expecting he would agree to it, but he did. Again, I like the spy type of genre; and, really, Harry Houdini, because I love magic still today; Bruce Lee, because he’s like the ninja in martial arts; and people like Woz, who are engineers and changed the world. I look up to people even like Steve Jobs; I never met the guy, but what he has created… in my pocket I have an mp3 player, I have an Internet browser and I have a telephone – all in one device. Without him being the captain of the ship I might not have that in my pocket.
- You might not have this laptop… yeah, same thing. Right, thank you Nate. The next question is from Andy, he says: “What are your views on the US Government laws like SOPA that limit our rights as citizens of the Internet?”
– It doesn’t surprise me, but it’s a law, from my understanding (I didn’t look at it in depth), that has no due process. If there’s now an infringement that the executive branch determines – they’re the judge and jury, and executioner – if they determine that something violates copyright, they can sit there and interfere. Basically, it stopped DNS resolution, and I think that’s terrible. As we learned, once we as Americans give up rights, like the Patriot Act, they’re forever gone, you never get them back.
What even surprised me, and I tweeted this the other day, is there was a law passed in Illinois, but I think it was recently reversed, where it was actually a felony to record the police. If you see a police officer beating a guy and you’re with your iPhone recording it – this guy was facing 75 years in prison. So I tweeted, I go: “This is proof that we’re actually in a police state.” Thank God, from what I understand, a judge stroke that down as unconstitutional, but just in that one state, doesn’t mean these other states won’t pass the same law. So someone has to get arrested, get a lawyer and, you know, jump through all those hoops.
- Let’s hope that doesn’t happen. Alright, the next question is from Jootsy. He says: “Kevin, in your book you describe your hacking as an addiction and it’s constantly your downfall and your savior. How would you describe the insatiable itch for hacking?”
– I’m still a hacker today, but to me it was like a complete passion. I don’t know if you can call it an addiction, or an obsession, or just passion, you know. I’m not a psychologist, but I just was compelled to do this because I loved it so much, and it drove me. Even today I do the same thing, except I do it with authorization and I get paid for it. But it’s still – I love hacking and pentesting, the only thing that is kind of the downside is I have to do a report. But that’s the deliverable. So you’re having fun figuring all these vulnerabilities in web apps, in people, in physical security, and then you have to write a very smart-looking professional report, and that’s kind of the work part, that’s like: “Ok, I’ve got to do the deliverable.”
- I guess it has to happen now and then. Alright, this one is from an anonymous entry; he says: “When you were a fugitive, what was the deciding factor for when to leave a place?”
– When I was a fugitive, if there was any sort of risk. My first place I went to was Denver, and in the book, in ‘Ghost in the Wires’, you’ll read that I actually was fired from my job at the law firm because they thought I was consulting on firm time because I’d always be on lunch on my cell phone – they didn’t realize I was running from the government and I wasn’t even paying for my cell phone calls.
And then I decided: well, it would be too risky to set up new identity in the same place, so I basically threw a dart… Well, I threw a dart and then I decided to look at Money Magazine to pick my new place. I would set up these early warning systems to be able to perceive a risk. Like when I was at the law firm, one of my jobs was supporting their telephone system for client matter billing. And so I put in some code into their system, that if anyone at their law firm called the FBI in Denver, or LA, or the US Attorney’s office in Denver and LA, it would send a message to my pager. So I had this early warning system, it tripped twice: I was freaking out but it turned out to be a false alarm – they were calling the civil division.
I always was one step forward – two steps back, or two steps forward – one step back. So I’d constantly be setting up these early warning systems, and if there was any time I should have stopped and got out, that was in Raleigh where I was eventually arrested. If destiny hadn’t taken me there, I probably would never be on this show, and maybe I’d be still living out there running.
- And then we would have never met. The next question is from anonymous ‘coward': “War Games, the Net, or Hackers?”
– War games. Sneakers, I think it’s a really good one. And I want to see ‘The Girl with the Dragon Tattoo’ that come out, the Swedish film. I’m really excited to see the English version, too. You’ve got this hot chick hacker – ok, cool!
- Alright, I’d like to thank you so much for coming on this show!
– Thank you Shannon!