ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Mitnick schools feds on hacking 101

Industry Standard

March 3, 2000
Web posted at: 2:42 p.m. EST (1942 GMT)

(IDG) -- Reformed computer hacker Kevin Mitnick, donning a blue suit and tie but legally barred from carrying a cell phone or PalmPilot anywhere, told Congress Thursday that the U.S. government and private companies need to beef up security to prevent curiosity-seekers like him from breaking in.

During an exchange with the U.S. Senate Governmental Affairs Committee that was by turns comical and sad, the world's most infamous hacker explained to members of the same government that prosecuted him the means hackers use to infiltrate computer systems.

"Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems," Mitnick testified.

Mitnick, 36, who walked out of a federal prison in California in January for the first time in nearly five years, boasted to senators that he was able to break into all but one computer system he targeted during a 20-year hacking spree. He detailed how he persuaded employees of companies such as Motorola to divulge passwords, source code and other sensitive information by trickery. He suggested that federal and corporate workers be trained to recognize such techniques, which he called "social engineering," often the first line of attack.

Mitnick, who pleaded guilty on March 16, 1999, to five counts of wire fraud and computer fraud, and was given credit for about four years served, said outside the hearing room Thursday that his probation orders are too restrictive. He complained that he's being used as an example because of press reports and popular books, such as Katie Hafner and John Markoff's "Cyberpunk," which made it seem he was taunting the FBI during a three-year manhunt that ended in 1995 with his arrest.

  The future of war is information
  Diary of a hack attack
  No government comment on reported Mitnick deal
  Reviews & in-depth info at
  Industry Standard email newsletters
  Questions about computers? Let's editors help you
  Industry Standard daily Media Grok
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

A court order now bars him from using computers or cellular telephones "anything capable of accessing computer networks," he said in his testimony. He told reporters he is allowed to have a land-based telephone line, but doesn't know if he's legally allowed to use a bank's automatic teller machine or even the Stairmaster at the gym. He's also been barred from consulting to any individuals or groups engaged in "computer-related activity."

As a result of those restrictions, he said, he's unemployed right now.

Mitnick had been invited to testify and help the Senate panel figure out ways to keep the government's electronic networks safe from intruders. The Senate Governmental Affairs Committee is pondering passage of a bill to require government agencies to create anti-hacker programs, undergo yearly audits, and give the Office of Management and Budget the duty of information security oversight of federal agencies. Congress is considering a flurry of measures in the wake of recent high-profile denial of service attacks on some of the most high-profile e-commerce companies, such as Yahoo and eBay.

Mitnick said the legislation is "a good first step," but offered his own suggestions for keeping government computers secure, such as changing software if a manufacturer doesn't pay attention to security loopholes, and training employees to recognize signs of an attack.

In questioning Mitnick, committee member Sen. Joseph Lieberman (D-Conn.) probed at his motives. "My motivation was the quest for knowledge, the intellectual challenge, the thrill and in order to escape from reality," Mitnick said. He emphasized that he was never interested in profiting or doing any harm. In fact, Mitnick said that hacking was encouraged in the public school he attended. He once was assigned a project to design a login simulator that would convince a user to give up their password.

"I got an A, of course," he said.

Mitnick also pointed out that some computer pioneers got their start in hacking activities, such as Apple founders Steve Jobs and Steve Wozniak.

"There was a fork in the road that went in a different direction," Lieberman observed. "But you're still young. You still have time."

'Coolio' denies February attacks; LAPD plans charges
March 3, 2000
FBI smokes out "Coolio" in computer attacks probe
March 2, 2000
We can prevent those distributed denial of service attacks with 'egress filtering'
March 1, 2000
FBI Web site hacked last week
February 26, 2000
Net crime does pay for cops
February 24, 2000
Avoiding future denial-of-service attacks
February 23, 2000
FBI investigation swamped with tips, continue to seek Midwest 'Coolio'
February 16, 2000
Hacker hunters follow lead to Germany
February 13, 2000

The future of war is information
Diary of a hack attack
(NetworkWorld Fusion)
CIA: China, Russia develop cyber attack capability
Anti-DoS efforts take hold at universities
Exodus offers new security services for dot-coms
No government comment on reported Mitnick deal
Freed Mitnick to "study IT"

U.S. Senate Governmental Affairs Committee

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.