Mitnick Calls for Hacker Stories 242
ram writes "Famed hacker and master social engineer Kevin Mitnick has been commissioned to write a new book following the success of his first text The Art of Deception. The new book, tentatively titled 'The Art of Intrusion' will tell the stories of real hacks, with the names of attackers obscured to protect them from the authorities and their victims. Mitnick has called on retired hackers to come forward with their stories, offering a $500 (283) prize for the best story that makes it into the book, and a $200 payment for all stories that make the final draft."
Why is Mitnick so famous? (Score:3, Insightful)
Re:Why is Mitnick so famous? (Score:4, Insightful)
Hiding under a particularly large rock?
Or perhaps you were on your way here from (for example) Europa?
Re:Why is Mitnick so famous? (Score:2)
Re:Why is Mitnick so famous? (Score:5, Interesting)
Re:Why is Mitnick so famous? (Score:2)
But that is reason to condemn the authorities, not praise Mitnick.
Master social engineer? Are you people on drugs? The man doesn't even rate as script kiddie material!
You want to worship/revile a man for truly sinister acts with a computer? Go pick on somebody like a Pug Winokur.
Re:Why is Mitnick so famous? (Score:2, Informative)
Because, he was considered a martyr. I remember 2600 was reporting that the original sentence (total amount of charges) could add up to 465 years in prison, or some astronomical number. He was extremely brazen in his ability, and it really isn't that interesting of a story. I prefer better stories. For example, when Wired reported about the LOD wars,
Re:Why is Mitnick so famous? (Score:2, Interesting)
Re:Why is Mitnick so famous? (Score:3, Insightful)
I also disagree there are thousands of hackers better than Mitnick. There are better hacker
Re:Why is Mitnick so famous? (Score:2, Interesting)
actually i am a little curious
i remember reading about things he had done (e.g. "mitnick attack" (connection hijacking?) where IIRC you take down a genuine host by basically DoS-ing a legitimate machine and then impersonate that machine, made possible because the TCP increment value was predictable and not random)
it definitely took an understanding of the way TCP etc. worked in order to come up with something like that (i guess it was really him who came up with it and not something
Bold highwaymen (Score:5, Interesting)
Running from the authorities using his advanced level of hacking skill, creating new IDs and such as he went, having stolen the data for the intellectual thrill of it, not for financial gain, then improperly held by a vengeful government... That's a classic tale. I don't know if it's a true story, but that was the popular perception at one point.
In the 18th century, there was, in England, an absolute adoration of the highwayman. There were courteous highwaymen like Dick Turpin, whose victims had only this regret: that they could not have met him under other circumstances and been friends. There were brutal highwaymen, like Jack Sheppard, who was noted for his violence and for escaping Newgate with fetters on his limbs. There were gallant highwaymen, like Claude Duval, whose arrest was supposedly mourned by women across the country.
Other countries and that and other times have had the same respect for any bold thief. John Dillinger is the best modern example.
And as for getting caught, the populace believes that if you live bravely enough as a criminal, you WILL eventually get caught. That's really the basis of the admiration. If you could simply escape the government by being strong enough, as in the 1200s, you'd only be feared as a danger to all. It's the assurance of eventual capture that gives living on the edge its glamour. This, in particular, applies to Mitnick where it wouldn't to a mere modern carjacker, because we know the carjackers aren't caught. There are so many muggers and rapist and straight-up burglars who prey on the populace directly and succeed that we can't respect them. We fear them. A bank robber or a hacker can go after the big score, the wealth of the very rich, and leave us entertained participants.
There are, of course, plenty of major criminal hackers who do get away with it, as with any other crime, hackers we never hear about because they stayed safe, played it smart all the way. Some of them may be reading this now. Hi boys... you're assumed to be mean of spirit, not to have aimed high enough to get caught, mere embezzling rats or at most a sort of criminal investment banker. How does that feel?
Eventually the statute of limitations will start to run out on modern hackers who have done some pretty cool things, and we'll start to read the full stories of the ones who did go for the big score and get away with it in the Net age, just as we now revere some of the early phreakers who dared and won. Until then, the successful hacker will remain the province of fiction.
It's also interesting to note that in the 19th century, it was felt that the effect of the poems and plays about thieves had the same deleterious effect that comic books, rock music and video games were later held to have.
This post is reacher for 600 words, though, and beyond this I might as well write a properly-researched article, so I'll leave it here.
statute of limitations assumption (Score:2)
Have no trust that yer asses are covered by such limitations. until death
Re:statute of limitations assumption (Score:2)
breaking into a computer is 'hacking' with a X sentencing guideline and a Y statute of limitations..
if a DA finds out at y+1 that a guy in his district hacked boeing.com, he'll file charges under something other than hacking laws that have expired..
something like terrorism laws that have a sentencing guideline of x^2
http://www.sacbee.com/content/news/projects/libert y/story/7989769p-8926319c.html
Re:Why is Mitnick so famous? (Score:3, Insightful)
Because they aren't known?
I guess media has made Mitnick famous and that's why. But I'd be very interested in hearing of another hacker, whose hacks has been fairly well documented.
Re:Why is Mitnick so famous? (Score:4, Insightful)
Note that reading "The Art of Deception" is very enlightening as to what Kevin's skills and knowledge are really focused on. As someone with more than enough technical knowledge, but very limited social engineering skills (and no particular desire) to actually break into systems (I often find holes and create exploits, but only on my own systems, and I report them to the project or vendor), I can appreciate what his skills are, how they differ from mine, and how totally detached from reality the common perceptions about the danger of technical vs. social hacking skills are.
I think that the reason Kevin got caught is because he wasn't acting rationally - he wasn't hacking for profit, with the appropriate caution to avoid getting caught, but because he was driven to it. He was probably far more active than cautious hackers. He probably misestimated the level of efforts that would be used to track him, because prior to his case, there weren't many high-profile cases.
It doesn't necessarily imply anything, good or bad, about his skills. Perhaps about his judgement at the time.
Slugging Average (offtopic) (Score:2)
I wonder if (Score:5, Insightful)
IANAL - lets say for the sake of argument I was an ex-hacker with a story to tell that ended up in print. Even with this much vaunted anonymity I would still be worried about publically confessing my misdeeds. Especially in the UK where hacking offences can be covered with anti-terrorist legislation these days.
Wait a second... (Score:5, Insightful)
1. Get others to produce the content of your book
2. Publish
3. ???
4. Profit!
Re:Wait a second... (Score:4, Insightful)
Anyone can write a book, can even get it published.
However, of the thousands (hundreds of? or is it millions?) of books published every year, FAR too many of them SUCK for one reason or another.
Having published one, and being comissioned for another based on the strength of the first, this is likely (though not guaranteed) to Not Suck.
Even so, profit is by no means guaranteed.
Re:Wait a second... (Score:5, Insightful)
Perhaps he did, but given how modern publishing works, I'd be very surprised if that were true. These works are most likely ghostwritten attempts to cash in on his outlaw celebrity status (as told to A. Hack) and the follow-up is another attempt to capitalize on the Mitnick brand(tm) and its status in the burgeoning script kiddie market.
You don't really think an editor commissioned this book because its likely to be a valuable contribution to culture, do you?
Re:Wait a second... (Score:2)
Oh wait! (Score:2)
For what it's worth, I have a good story involving some (requested, of course) intrusion testing on a senior security worker at Microsoft's personal web server that came about because of a Apache vs. IIS argument on IRC. Pity it was just a simple application of RainForestPuppy's modified UNICODE exploit (read: a script-kiddie hack), or I'd submit it . . .
Re:Wait a second... (Score:2, Funny)
Re:Wait a second... (Score:2)
Re:Wait a second... (Score:3, Informative)
Seriously, though, publishers do just what you've suggested:
1. Commission someone to write a book for you.
2. Publish.
3. Give the author a tiny little bit of the money, and keep the rest.
4. Profit!
There's no ??? because it's a well-established model, but the the Profit! is optimistic... many books don't earn enough money to
Re:Wait a second.....or a comic strip. (Score:3, Informative)
This sig best viewed in a drunken stupor.
Re:Wait a second... (Score:2, Insightful)
Re:Wait a second... (Score:4, Informative)
In general, royalties for U.S. sales are 5-10% of the sale price of the book from the publisher - usually 50-55% off of the cover price. Foreign sales often yield a fixed price per unit sold. Really geeky books have an audience of 5,000-10,000 readers. Mass market geek books 2-10 times that. The anecdotes will push this book well beyond that. I rant, but do the math and you'll see that $200 and $500 is very exploitive.
Re:Wait a second... (Score:3, Insightful)
$500 for the BEST story that gets in? you have got to be kidding.
how many stories will he be able to include in the book? 10? 20? 30? so for an outlay of, say, $6000 or so he will be able to tack on to the cover a blurb about how the book is chock ful of real, exciting, etc. etc. stories "From the Dark Underside Of The Internet!!!!"
is that wo
one thing for sure... (Score:4, Funny)
good to see security improving as the time passess....
Re:one thing for sure... (Score:2)
Changing people's mindset won't happen that easily.
People will be idiots about it for a long long time -- it's not part of our genetics or culture to inherently distrust delegation and unconfirmed communication. We haven't even caught up with the invention of the phone yet, and people believe whoever is on the other side is who they say they are.
In the mean time, we
Confirmation (Score:5, Insightful)
Re:Confirmation (Score:3, Insightful)
The confirmation can be had by the sys admin saying, "Yep! That corresponds to the logs we had!" If someone really wanted to get that nitpicky.
I'd even recommend that Kevin meet these people in a completel
Re:Confirmation (Score:2)
nice gig (Score:5, Funny)
'3' filled in for Crime; it does pay (Score:3, Insightful)
2. Get away with it.
3. Get paid for story publishing.
4. Profit!!!
Seriously though, as I'm sure many of these hackers/crackers will be heralded as (demi-)heroes by many visitors of Slashdot, and I understand that often the sentences for those caught are ridiculous, it should not be forgotten that they -did- commit a crime.
Now, they were 'smart' enough to not get caught for that crime, too. Which means they can gloat about their hack/crack in private of with tight friends or do whatever the heck they want with it already.
But now they're getting paid to talk about those hacks/cracks - and retain their anonimity ?
There's something very wrong with that picture, in my humble opinion.
Re:'3' filled in for Crime; it does pay (Score:2)
Face it , people..... Break Laws + Write Book = Profit is a well known and often-used formula.
Re:'3' filled in for Crime; it does pay (Score:4, Insightful)
Why would you think that? Whenever there's a Mitnick story on Slashdot the overwhelming majority of posts say "he got what he deserved" and "hackers are good, crackers are bad". I very rarely see anybody defend what Mitnick did; in fact, I don't think I've ever seen anybody defend what Mitnick did.
If anything, I would say the "Slashdot meme" is strongly opposed to criminal acts with computers.
Re:'3' filled in for Crime; it does pay (Score:2, Interesting)
He was arrested, convicted and sentenced in 1989 for doing something that at the time wasn't a crime; kept in solitary confinement for months on end; eventually released and was arrested again in 1992 for supposedly breaking parole conditions (he didn't); imprisoned for years without charge or trial and eventually has to incriminate himself to be released. Meanwhile he has to idly stand by why S
Re:'3' filled in for Crime; it does pay (Score:2)
Seriously though, as I'm sure many of these hackers/crackers will be heralded as (demi-)heroes by many visitors of Slashdot, and I understand that often the sentences for those caught are ridiculous, it should not be forgotten that they -did- commit a crime.
Yeah, that used to mean something. Nowadays, who hasn't downloaded an MP3?
Re:'3' filled in for Crime; it does pay (Score:2)
My nephew recorded an MP3 (his digital voice recorder encodes to MP3 format) of himself singing me Happy Birthday, I downloaded it.
Please tell me which law I broke, exactly?
Re:'3' filled in for Crime; it does pay (Score:5, Informative)
Please tell me which law I broke, exactly?
Copyright. The copyright on Happy Birthday is not expired. [snopes.com] and it won't for another couple of decades (unless copyright laws change again).
Re:'3' filled in for Crime; it does pay (Score:2)
Does this mean that everyone who warbles "Happy Birthday to You" to family members at birthday parties is engaging in copyright infringement if they fail to obtain permission from or pay royalties to the song's publisher? No. Royalties are due, of course, for commercial uses of the song, such as playing or singing it for profit, using it in mo
Re:'3' filled in for Crime; it does pay (Score:2)
Re:'3' filled in for Crime / Not Quite Correct (Score:2)
Although in this particular case, I believe he skipped 3 entirely and did not do spectacularly well on item 4 either.
Remember people, don't take shortcuts!!!
Re:'3' filled in for Crime / Not Quite Correct (Score:2)
Interesting... (Score:5, Interesting)
I must admit though, I would be _very_ interested to read this book when it hits the press
You should read his existing book (Score:3, Interesting)
including the missing chapter.
Mitnick's 'Lost Chapter' Found [wired.com]While there are always two sides to a story, from what Kevin says, it sounds like Markoff and Shimomura exploited the situation for all the $$$ they could get.
Sure, offer me $200... (Score:5, Insightful)
Really, how are you gonna know that these stories are actually real?
Re:Sure, offer me $200... (Score:2)
rus
Cheap content (Score:3, Insightful)
Don't most honest, law-abiding people nowadays disapprove of criminals profiting from their crimes? Well it sure seems like Mitnick is profiting from his crimes with this book because the publisher is using his name to sell it.
Kinda cheap and sleazy if you ask me, which you didn't.
Re:Cheap content (Score:2)
Yes, but most people don't consider mitnick a criminal - I can't actually remember what he did (I did know, I just forget
Re:Cheap content (Score:2)
Re:Cheap content (Score:2)
Most funny story I heard (Score:3, Interesting)
Some hacker wanted to haxor some local republican servers. But these things turn out well secured, so he needed some physical access to the boxes. So he claimed to be a fundamentalist protestant (well, he didn't put it this way obviously) and asked the local repubs for some help for anti-abortion protests. He convinced the people to paint transparents in the server room. Ownage occured mysteriously. Well, not so mysteriously, 'cos the FBI got him in the end.
To save his honour, it must be said that he indeed turned up at the anti-abortion protest, even throwing some tomatoes.
Well, he was a crazy Nader follower. Quite funny , when you think about it - the hacker helped in the repubs due to the bad press in the end. And even Nader helped Bush by sucking votes away from Gore. These ecos can be very strange some times.
Nuclear War with a Telephone ... Holy Cow. (Score:4, Interesting)
Holy cow, is this serious ?
But, just imagine if J. Reno could come up with the Nuclear War stuff for Mitnick, what a field day J. Ashcroft would have had if he had a chance ... Or maybe Ashcroft is already having a S&M ball. It is all so secretive nowadays.
Lucky Mitnick...
Re:Nuclear War with a Telephone ... Holy Cow. (Score:3, Informative)
Yup! they seriously thought he could blow a consistent and exact 2600Hz (amongst other requisite frequencies) with just his mouth.
As opposed to, for example, hypothetically, some cheap crappy plastic whistle from a box of Captain Crunch.
Re:Nuclear War with a Telephone ... Holy Cow. (Score:5, Interesting)
Never underestimate the power of a geek with no social life.
And that's the ONLY thing I will admit to. Note non-anonymous post.
And to his surprise .... (Score:5, Funny)
I've got a story (Score:5, Funny)
Rus
Crazy Legal Question (Score:5, Interesting)
Re:Crazy Legal Question? (Score:2)
Let them hack their way into the book (Score:5, Interesting)
This way if they are good enough not to be traced, the chances are good they actually did something real. It also removes most of the possible "script kiddies" submittions
Re:Let them hack their way into the book (Score:2)
Re:Let them hack their way into the book (Score:2)
My favourite Free Kevin cartoon... (Score:2)
Re:My favourite Free Kevin cartoon... (Score:2)
Mitnick is social engineering you! (Score:5, Insightful)
Before you send in any good stories, be they fact or fiction, think of this: what if FBI / Homeland Security agents are on the case working with Mitnick, reading those letters that will supposedly go into the book and tracing who sent them? They've been known to do similar things to get people to brag before, which is the easiest way to catch people, or at least make it seem that way. With John Ashcroft and Tom Ridge in the government, they will stoop to any low to put hackers, whom they view as terrorists, behind bars.
best hack... (Score:3, Interesting)
collect reward money AND complete parole obligations.
retire.
hacker (Score:2)
Famed doctor and master of friendship Charlie Manson has been commisioned to write a new book following the success of his first text Medicine for Beginners.
im a paid hacker (Score:4, Interesting)
Give me a break.
When you've proven to a client that millions could potentially be stolen, the last thing you'd want to do is discuss it in a book, anonymously or not.
He is just covering his tracks !! (Score:5, Insightful)
This guy has probably done more than he is accused for and has got an urge to brag about all his hacks. Doing so might get him into more legal trouble and he needs some anonymous hackers as legal frontends.
Re:He is just covering his tracks !! (Score:5, Interesting)
I used to be very involved in the scene years ago under many names: juuri, syy, ^_, y, y-windoze and on and on. Mitnick was not this legendary figure people are making him out to be. Those who were around then know of others who did much more than him and got away with a fuckload more. Thinking he is using this as smokescreen is giving him some status as legendary.
The truth of the matter is most hackers absolutely paled in comparison to stuff done by the phreaks of the 80s. Even before the rise of the script kids there was very little original stuff going on. One person would figure something out and use it for a few months before trading it to someone else and then it would enter the scene.
You guys need to understand back then yp was everywhere and insecure, nfs was completely exploitable in many ways, telnet daemons were retarded (-fr00t anyone?), hosts abounded with +s in the hosts.equiv, firewalls didn't exist, source routing still worked and on and on. Even back then secured hosts were easily comprimised by finding a single account on a badly secured host, just like today.
It always pains me on slashdot when these articles come up and people fall all over themselves to heap praise on people like Mitnick who were nothing more than petty opportunists with a good sense of trading. Mitnick getting caught also ended a lot of the fun for many of on networks; most people don't recall the extreme lockdown that went into effect on well.com and other community sites of the time.
it's worked before (Score:4, Informative)
Easy Money (Score:2)
Meanwhile, he makes $500k off book sales.
I knew it... (Score:3, Funny)
I don't need to send a story in... (Score:4, Funny)
Dr K's book (Score:2)
Not only is Dr K a dude but he is also a little more in touch with the hacker scene. I particulary like his fuck computers let's hack talk and brumcon [brum2600.net]
Money. (Score:2, Interesting)
A War story (Score:2)
Back in the BBS days my leet friend was a warez courier. To facilitate this a certain amount of phreaking was required. At the time there was no Computer Misuse Act [hmso.gov.uk]. He was eventually arrested. The cops had a list of all the alleged phone calls. Each one constituted a separate criminal offence. They had to read him the entire list of calls and he had to answer 'yes' or 'no' to whether he agreed he had made the call. It took them *ten* hours.
It turned out the only thing they could charge him with was 'thef
One of my favorite books about hackers (Score:5, Interesting)
It follows the stories of several hackers/crackers in Australia, Germany, and the United States. To me, it really reads more like an ethnographic anthropological study, than about hacks per se. But I found it very interesting. And best of all, the entire book is available for free:
http://www.underground-book.com/
in a download version.
jeff
Re:One of my favorite books about hackers (Score:2)
I gobble up stories like these, and I'm sure I'll read Mitnicks compiled book when it comes out. For me, and I'm sure many others who were involved in the "scene" in the late 80's, early 90's this stuff is pure war story material. It's much like how people that were involved in any major war (WWII, Vietnam) get obsessive over movies like Full Metal Jacket and whatnot. You can see yourself in the people depicted in the stories.
Back in the day, as another post
Mitnick and editing (Score:2, Funny)
PGP/GPG Keys? (Score:2)
I'd hate to stifle the book, and can almost guarantee that I'll buy it, but I'd like to make sure that people are able to protect their identities and not unwittingly reveal incriminating information about themselves.
Why these books are good (Score:5, Insightful)
To people NOT like us (read: small/mid company admins and even some larger company admins) alot of this is actually an eye opener. Case in point: Some of you may know that I work for a smaller, privatly owned ISP. Because of this, we cater to a bunch of mid/small businesses. I have suggested his first book for them to read. I have gotten no less than 20 call backs after they read the book with statements like "Wow, I never even thought of that!" and "Thanks for the book tip! Helped me out alot and we have tightned up security with our staff." You're lucky to find a semi-competent admin in companies this small (or an admin at all) let alone one who understand or has even heard of social engineering or any type of specific attack out side of what the main stream media reports.
Keep in mind that alot of admin in these companies have heard DoS and DDoS before, maybe even the names of a few well know worms but they don't even know what they stand for or what they do. They are nothing more than the catch phrase of the week. Books like this are pretty invaluable to them as they are not written from a tech stand point (Hardening Cisco comes to mind) and are eaisly understood and easy to put into practice by someone who is the admin because they know what HDD stands for or were hired on the lowest possible salary.
Don't get me wrong here, these are not the end all be all security books but they are a great boon to the customers that I service.
This is cover for reporting HIS OWN exploits... (Score:5, Insightful)
Curious George
Ho hum (Score:4, Insightful)
As I see it Mitnick remains of the same mindset as when he first showed off his cracking skills to a group of peers and was surprised when they turned him in.
Among his various complaints about his treatment by the Feds are that he was held without bail (gee, can you say 'established flight-risk'?), and that they held onto all of his computers (gee, after he declined to provide the encryption keys needed to access them as evidence?).
He's also clear about being bitter toward the author of 'Takedown' (advice, "never get in an argument with someone who buys ink by the barrel and paper by the train-car") and Shimomura(sp?) (Let's see, you break into lots of machines, eventually you come up against someone better'n you and now you complain that they exact some revenge?)
His notoriety seemingly guarantees a certain audience for he and his publisher to profit.
Personally I've got no desire to help this guy along. In the excerpts from his book he has the brass to include himself in the 'hacker' ethic of places like LCS, Berkeley, JPL. Sorry, that image doesn't pass.
The title? (Score:2, Funny)
Hacker or Cracker? (Score:2, Informative)
It sounds like this book is going to be about crackers and cracking and not hackers and hacking.
Common usage tends to blur the meaning between the two concepts but I thought here on slashdot at least there was some instance that the two not get confused.
From the article: "...could start a nuclear war" (Score:2, Interesting)
If it really is possible to start a nuclear war from a telephone, I must ask, who's the genius who attached our nuclear weapons systems to the pho
Oh Come On, Get It Right (Score:2)
Mitnick's a cracker, pure and simple. If he didn't make his living back then off of crime, he sure as hell is did it later by writing a book about it.
I don't see much of a difference between this book and "send me your stories of how you robbed some people in an alley and I'll give you $500." Except, of ocurse, that a bunch of immature of hypocritical punks will
This one time ... (Score:3, Funny)
Re:I got some to contribute. (Score:3, Interesting)
In my younger days I did some mischief along those lines, but considering the number of countries that I traversed in my electronic travels, I'd be a little concerned if any of them raised any flags.
Especially since some of them that "old" folks like me used to traverse have less than pleasant human rights records.
Re:I got some to contribute. (Score:3, Interesting)
Re:I got some to contribute. (Score:5, Interesting)
Unfortunantly, he is rather busy [cincypost.com] at the moment.
I would send him an email and tell him about it, but I don't think he's gonna be answering anything electronic for a little while.
No, this is not a joke. Yes, this is a real friend of mine. And yes, I am probably a rat bastard for posting this on here. However, he did some of this from *home*!
Jesus eppie, I thought you knew better than that!
I guess the reason I am posting this is for all those of you who think that "thrill hacking" for fun, and not doing any real damage, will just get you a slap on the wrist if you are caught. Bet thats what eppie thought.
Re:I got some to contribute. (Score:2)
You friend was also smart enough to threaten President Bush during a time when the country is at war.
Sometimes it seems that people want to be caught.
Re:I got some to contribute. (Score:2)
No one that knows eppie, that I have talked to so far, ever heard anything about that.
I'm not the tin foil hat type, but it just seems to me like a fast way to get him in a federal courthouse, and get the ball rolling from there.
(Making it much harder for him or his lawyer(s?) to work to his defense.)
Re:I got some to contribute. (Score:2)
Re:I got some to contribute. (Score:3, Insightful)
These types af articles always seem to be a little strange. Would the "300 passwords" that he stole be a single password file, that maybe he bru
Re:Not heroes (Score:2, Informative)
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular
Re:Honeypot? (Score:3, Funny)