Arrest of Hacker Kevin Mitnick
The arrest of hacker Kevin Mitnick marks a significant moment in the history of computer security and hacking culture. Mitnick, who gained notoriety in the 1980s and 1990s, was known for his sophisticated hacking techniques, particularly his use of "social engineering" to manipulate individuals into revealing sensitive information. Over a span of 15 years, he infiltrated the systems of major technology companies, resulting in substantial data breaches and financial losses, estimated at around $300,000 for his victims. His criminal activities came to a head when he targeted the computer of security expert Tsutomu Shimomura, leading to a nationwide FBI search and his eventual capture in 1995.
Mitnick was indicted on multiple counts of computer and wire fraud, ultimately serving over five years in prison. After his release, he transitioned to a career in cybersecurity, founding a consulting company aimed at protecting systems against the very vulnerabilities he once exploited. His story highlights the evolving nature of hacking and cybersecurity, illustrating both the risks posed by malicious hackers and the importance of robust security measures. Mitnick passed away in July 2023, leaving behind a legacy that continues to influence discussions about internet security and ethical hacking today.
Arrest of Hacker Kevin Mitnick
Date February 15, 1995
The FBI’s arrest of Kevin Mitnick brought widespread attention to the crime of computer hacking.
Locale Raleigh, North Carolina
Key Figures
Kevin Mitnick (1963–2023), American con artist and computer hackerTsutomu Shimomura (b. 1964), American computer security expert
Summary of Event
By the end of the 1980’s, advances in technology had led to the use of computers in nearly every home and business in the United States. Computers had become common tools for personal and business use around the world as well, and as the 1990’s progressed, more and more of these computers were connected to the Internet. Any computer that is connected to the Internet opens a line of communication that can be accessed by computer hackers anywhere in the world. Such hackers have been responsible for threats to national security, financial fraud and identity theft, software piracy, theft of trade secrets and other information, and wanton destruction of data, software, and hardware, as well as other malicious behaviors.
The term “hacker” originally applied to anyone who gained entry to a computer without the consent of the computer’s owner. In the early days of computers, the typical hacker simply sought knowledge about how computers worked and how they communicated with each other. Companies that used computers eventually hired many of these hackers to test computer security systems and to fix any holes they found; these hackers became known as “white hats.” Malicious computer hackers, known as “black hats,” seek access primarily for the purpose of committing vandalism and theft.
The first time the U.S. government prosecuted an individual for computer hacking, computer usage was still in its infancy. In 1966, a computer programmer under contract to a Minneapolis bank experienced what he considered to be a temporary shortage of funds in his own bank account. He then manipulated the data on his account so that no overdrafts were reported. The programmer committed this fraud so easily that he kept at it, and eventually he had hidden $14,000 in overdrafts within a computer program that only he understood. Unfortunately for the programmer, the bank’s computer system crashed, forcing bank employees to record account activity manually; at that point, he was found out and arrested.
Kevin Mitnick, who used the handle “Condor,” was the first computer hacker to become widely known. He was first arrested for hacking in 1980, when he was seventeen years old. He spent the next fifteen years marauding through the computers of the world’s largest technology corporations. Mitnick typically gained access to computer systems through what he called “social engineering”—that is, he employed his knowledge of human nature to trick people into giving him computer passwords and other secure data. He repeatedly burrowed into the computer systems of corporations such as Motorola and Digital Equipment Corporation (DEC) to pilfer their source codes, the electronic blueprints of their systems’ operations. In 1989, Mitnick went to jail for the theft of one million dollars’ worth of software from DEC. He was released on probation in 1990, but he violated the terms of his probation when he stopped attending treatment for computer addiction.
At one point, Mitnick stole more than twenty thousand credit card numbers from the files of an internet service provider; some of the numbers belonged to the best-known millionaires in Silicon Valley. Additionally, Mitnick used computer space belonging to a lobbying group called Computers, Freedom and Privacy to store stolen programs for controlling cellular phones. Altogether, it is estimated that Mitnick’s hacking activities cost his victims some $300,000.
Mitnick’s crimes brought him to the attention of the Federal Bureau of Investigation (FBI), which instituted a nationwide search for the hacker. His downfall came after he teased a computer security expert in San Diego, Tsutomu Shimomura, by breaking into Shimomura’s home computer on Christmas Day in 1994, using a technique called protocol spoofing. Shimomura’s computer was linked to a network, which allowed Mitnick to steal files related to computer security. He then left mocking, distorted messages on Shimomura’s voice mail. Shimomura monitored the intrusions and was able to trace Mitnick to a cellular telephone site near Raleigh, North Carolina, where the FBI captured him on February 15, 1995.
In 1996, the US Justice Department indicted Mitnick on twenty-six counts of computer, telephone, and wire fraud. Convicted of cellular telephone fraud, Mitnick served more than five years in prison before being released on probation. When his probation ended in 2003, Mitnick returned to the internet to start a security consulting company, Defensive Thinking. Mitnick aimed to block the same holes that he had once exploited. He died of pancreatic cancer on July 16, 2023.
Mitnick was very successful in using social engineering to gain access to computer systems, but this method was employed by relatively few hackers. Viruses, worms, and logic bombs became far more common means of hacking into systems. Viruses are intended to infect computers; they can do anything from launching denial-of-service attacks to sending junk e-mail (spam) to thousands of recipients. Worms copy themselves and exploit weaknesses in computer systems. They are not usually criminal in intent, but viruses and worms can be enormously damaging and thus expensive for their targets. To remove such code, victims have to reformat hard disk drives and thereby lose all data they have not backed up. The costs in time and lost productivity can run into millions of dollars when many victims are involved. For example, the Melissa worm, first identified in 1999, caused an estimated $80 million in damages as it spread from network to network. In 2003, the SQL Slammer worm shut down thirteen thousand Bank of America automated teller machines (ATMs) and slowed worldwide Internet traffic to a crawl. By the early twenty-first century, more than fifty thousand computer viruses and worms were being identified annually.
The proliferation of malicious hackers led to a new descriptive word, “malware.” This term is applied to software that is intended to plant a program on a computer, without the owner’s knowledge, that will cause damage to the computer’s software. Malware programs are also known as Trojan horses. Hackers may use malware to install programs that allow them to listen in on conversations around the target computers or, more commonly, to record computer users’ keystrokes and thus transmit information back to the hackers. Through such methods, hackers can obtain bank information and other private data that can be used for criminal purposes.
Some criminals use computer hacking to commit crimes that would have required physically breaking and entering businesses in the past. In 1997, an FBI sting at the San Francisco International Airport netted a criminal who was trying to sell a compact disc containing 100,000 credit cards numbers for $260,000. The list had been compiled through the hacking of a number of different organizations’ computers.
Significance
The US government has taken some steps to halt the spread of hacking. The Computer Fraud and Abuse Act of 1984 made it a federal crime for an individual to access a computer intentionally without authority or by exceeding authority to obtain information to which that person is not entitled. Congress has since amended the act a number of times to keep it responsive to changes in technology. The Economic Espionage Act of 1996 was a response to the growing network of professional spies and saboteurs who earn money by hacking the computers of rival businesses or governments. The legislation made it a federal offense to profit in any way from the misappropriation of another person’s trade secrets, including through computer downloads and uploads as well as electronic mail. Individual US states have also developed laws to make hacking a criminal offense.
Although the legislation passed to fight hacking has been beneficial to the business sector, a number of basic tools are more effective at providing protection from hackers. The most commonly used protective tool is the password—that is, requiring an authorized user to enter a password that is a mix of letters and numbers to gain access to particular systems, services, or programs. A more sophisticated method of protection is the encryption of information so that hackers cannot easily read it. Firewalls, a common element of security software, are often used to block unauthorized access to individual computers or networks.
By the early twenty-first century, both US government agencies and private companies began to pour significant funding into computer security in response to intelligence experts’ fears that terrorists could use the Internet or other computer technology to attack the United States. The Department of Homeland Security was specificially concerned that terrorist groups could launch cyberattacks and physical attacks simultaneously, perhaps disabling safety systems at nuclear plants or air traffic control systems. However, the human element that Mitnick so successfully exploited continued to be the main security risk and the one most difficult to guard against. Despite widespread knowledge about computer crimes, people continued to be careless with passwords and other data that hackers could use to gain access to computer systems.
Bibliography
Mitnick, Kevin D., and William L. Simon. The Art of Deception: Controlling the Human Element of Security. New York: John Wiley & Sons, 2002. Mitnick provides an interesting look into his use of social engineering to get around security systems.
Power, Richard. Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace. Indianapolis: Que, 2000. Entertaining volume examines all varieties of cybercrime. Chapter 5 discusses Mitnick. Includes glossary and index.
Shimomura, Tsutomu, with John Markoff. Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw—by the Man Who Did It. New York: Hyperion, 1996. Account of the efforts to find Mitnick and the hacker’s capture by a computer security expert who was instrumental in tracking him down. Includes index.
Traub, Alex. "Kevin Mitnick, Once the ‘Most Wanted Computer Outlaw,’ Dies at 59." The New York Times, 20 July 2023, www.nytimes.com/2023/07/20/technology/kevin-mitnick-dead-hacker.html. Accessed 23 Aug. 2023.