What surprised you most about Kevin using “social engineering” to con people at the phone company at such a young age?
It really didn’t surprise me at all. At approximately the same age range myself and friends were all over the telephone systems.
Hackers like Kevin don’t sell information, damage files, or use other people’s credit card numbers. Do you think they still pose a danger to society?
No – they are not a danger to society. Instead they are a danger to corporations who overcharge for products.
If a child of yours was spending a lot of time on the computer working with computer code you didn’t understand, would your response be different as a result of reading this book? Do you believe that hacking like Kevin’s can really be an addiction, or was this claim just a ruse to try to fool a judge?
I don’t think my response would be so different. I was writing code and doing nefarious stuff when I was a kid. My parents simply figured it was harmless which for the most part, it was.
Why do you think it took the FBI so long to find Kevin?
I can explain this one having worked in state law enforcement. It takes time to build a case through data gleaned in investigations. Plus cops as a general rule aren’t the smartest people when it comes to tech.
The New York Times front-page story about Kevin was filled with false statements from a single source, a phone phreaker who had once been a friend of Kevin’s. Yet the statements— such as Kevin having broken into NORAD— were presented as fact. What is your view of this?
It’s typical spin. His story by itself isn’t so unique that it would impress a judge or jury. So they had to embellish it to make it appear he was more dangerous than he really was.
After Kevin’s release from prison in 1989, the FBI sent an informant to befriend Kevin, who encouraged him to hack into telephone company computer systems. Do you consider this unethical on the part of the government?
Yes in fact I do think it is unethical. It was basically entrapment.
FBI Special Agent Kathleen Carson solicited the victim corporations to state their losses exceeded $ 80 million based on the research and development cost of the software Kevin viewed or copied. Do you think this is a reasonable indicator of the harm Kevin caused?
No it is not. The simple act of copying it is not enough to assess value. In order for it to have been so, Mitnick would have had to sell the source code to others. He did no such thing.
Kevin’s first experience of face-to-face social engineering occurred when he saw his Uncle Mitchell have his business at the DMV taken care of on the spot, ahead of all the people waiting in line. What do you think Mitchell might have said to the DMV clerk to make this possible for him?
If it’s anything like my past experience with RI-DMV where a clerk, because she realized I was related to a friend of hers, fixed a five day tag I had on file. As to what Mitchell may have said, I have no idea.
Kevin was able to penetrate the FBI’s sting operation against him. With advances in computer security, do you feel confident that this would be possible today?
Yes I do believe so. In part of the book he mentions having a modified amateur radio handheld that he’d use to key up when they’d transmit encrypted, forcing them to go in the clear. Since then all Federal, State an Local agencies have gone with APCO P25 standards and it suffers the same issues as the older encrypted radios. In fact, even the P25 encryption has been hacked at this point. So law enforcement really has no safe way of communicating.
Do you believe Kevin Mitnick deserved harsh punishment, in an effort to deter other hackers, or do you think his punishment was excessive?
No he did not deserve harsh punishment or to be used to deter other hackers. He really did nothing but expose how lazy companies are about proper patching and deployment. And even to this day there are a number of companies that still have systems that are vulnerable.
Do you believe the Federal judge who ordered Kevin Mitnick detained without access to a telephone, which resulted in his being held in solitary confinement for nearly a year, really thought Kevin could launch a nuclear weapon by whistling into a telephone?
Having worked with police, prosecutors, and even judges I can resoundingly say yes the judge probably did think he could launch a nuke by whistling into a phone. Lets face it, people who become judges are usually former prosecution attorneys who draft the ridiculous charging documents for cases like this. So they just roll with the flow. I should got get a law degree, do the AG route for a couple years then get political (Well, already am!) and get appointed to the federal bench.
Just imagine, My I.S. degree coupled with the J.D.