Kevin MitnickGhost in the Wire, Condorone of the most recognized and well-known names in the history of computing and networking, he died last sunday (although the report has now been published) due to pancreatic cancer, whose treatment failed to stop the progression of the disease. Born on August 6, 1963, he would have turned 60 in just over two weeks, but a terminal illness prevented him.

For the youngest, the name of Kevin Mitnick is probably strange, maybe even completely unknown, but we are talking about a person who managed to become a reference when it comes to computer security by becoming what was probably the most famous hacker in the history of technology. It’s not for nothing that his story has spawned books, films, extensive articles in the mainstream press, and over the years he’s even amassed a considerable following of fans who admire his vast expertise.

Like most of that generation, Kevin Mitnick became interested in then fledgling computer science but unlike the protagonists we usually talk about, who were responsible for the computer and technological revolution of the 70s, Mitnick focused his interest on the security problems of said systems, said networks and above all their users, with a very clear goal: to use them, either out of mere curiosity, as a challenge of their own or to get any kind of income from these actions.

Although his background in social engineering dates back much earlier, at the age of 12, his curiosity led Kevin Mitnick, when he was just 16, to hack into your school’s administrative system network. We’re talking about 1979, a time when computer security was a little less than zero, but even then it was necessary to resort to certain techniques to obtain the access codes that he later used to look into everything that said access gave him access to. His curiosity could have stopped there, but in reality it marked the beginning of a long history of infiltration, data theft, system manipulation and so on.

It wasn’t long before his history began to count with notes, generally always from less to more and in most cases using one of the oldest techniques that is still extremely effective despite the passing decades: social engineering. And it’s because, as he’s stated on numerous occasions, it’s much easier to fool a person than it is to uncover a security problem in a system or network.

Kevin Mitnick, during his participation in the Campus Party

Like many of his contemporaries, one of its main targets was telecommunications companiesIt is not surprising that his first arrest, trial and conviction occurred for his physical infiltration of COSMOS (Computer System for Mainframe OperationS), a system in charge of monitoring and recording the telephone calls of many American companies in the sector at the time. From this visit he mainly obtained multiple security codes, access codes to other dependencies and COSMOS internal manuals. However, this also resulted in a three-month prison sentence (the sentence was so low considering he was still a minor) and one year of probation.

Many would choose to end their criminal records after this experience, but that was certainly not the case for Kevin Mitnick. As I said before, each infiltration surpassed the last, and so we found that in addition to retaliating against some of the people involved in their processes, set more ambitious goalsand therefore dangerous that he nevertheless began to make him a figure in the world of black hat hacking.

Thus, with the infiltration of COSMOS in 1982, he led his first movement against another of his favorite targets, the defense networks and services of the United States. It made its debut in this sense by accessing, this time telematics via modem, the system of the North American Air Defense Command and this was followed again by illegal access to the ARPAnet, a network of systems that linked major defense nodes together with some administrative and academic entities. His goal? Access to Pentagon systems. This earned him a second visit to the courts, which sentenced him to six months in a juvenile prison.

It started from there cloudy period with moments when he tried to leave black hat hackingwith others in which he resumed illegal activitypp. At this point, some very significant events occurred, such as after he applied for a job at a banking entity, he was turned down because of his criminal record, and in response, he falsified the entity’s balance sheet with disastrous economic data and attempted to publicly disseminate it. This was, as I noted earlier, just one of his many revenges.

In 1988 he was again tried and imprisoned, this time for infiltrated MCI Communications and DEC (Digital Equipment Corporation) systems. Most notably on this occasion, Kevin Mitnick was prohibited from using any phone while incarcerated. Reason? They believed that simple access to a phone line was all they needed to remotely control any computer. Something, in part due to the argument used by his defense, which claimed that Mitnick suffered from computer addiction, something that was accepted by the court and resulted in a fairly favorable verdict, given the facts, but also imposed a “detox cure” on the computers.

Mitnick (center), accompanied by Kevin Poulsen (right) and Adrian Lam

Kevin Mitnick vs. Tsutomu Shimomura

The beginning of the end for Condor, the pseudonym that Mitnick regularly used, began to be written when he had already achieved considerable public notoriety and, as I mentioned earlier, when he began to have a remarkable community of admirers who, in addition to the deeds he performed, they saw him as a true anti-establishmentin addition to appreciating their expertise in accessing systems that in principle should be heavily protected.

Because of some of his actions, The FBI began to track him down, causing him to become a fugitive that yes, she intensified her activities and started using mobile phones instead of fixed lines. This made it difficult to identify his location in the first place, but over time ended up doing the exact opposite, as tracking the cellular signal of the device he was using enabled his final apprehension.

But before we get to that, we need to remember what led up to it and basically what it was infiltrate Tsutomu Shimomura’s system on Christmas 1994. Shimomura was a computer physicist and security systems expert at the San Diego Supercomputer Center. So after Kevin Mitnick’s meddling was revealed, he set out to find its author, a task in which the two companies affected by Mitnick’s actions, and later the FBI, actively cooperated.

The story of the confrontation between Mitnick and Shimomura the latter said so at Takedownan interesting book (personally I will admit that I devoured it in a few days), but in which we can get an idea of ​​​​the size (XXXL) of Shimomura’s ego, who, although he expresses himself with respect to Mitnick, at the same time shows a somewhat improved treatment of other people and projects an image of somewhat exaggerated triumphalism in my opinion.

Be that as it may, no doubt Shimomura also had a very high technical level and when he discovered Mitnick’s infiltration, he immediately realized that he was up against a fairly sophisticated opponent in terms of his technique. However, tracking down some of the digital assets Mitnick claimed in his attack allowed a fence to begin to be drawn around him, a fence that began to tighten from that point until his arrest by FBI agents on February 15, 1995.

New life

After serving time on all the charges that dogged him, Mitnick was released on January 21, 2000., although he remained on probation until January 2003. However. the previous restriction was repeated with an explicit prohibition to use a communication technology other than a fixed line. However, this limitation ended up in decay, allowing him to face a future related, of course, to technology and security.

This time yes, he decided to go the other way, creating a security consultancy, in addition to playing at many public events devoted himself to it, he even became a professor of this discipline for companies and state entities. Something comparable to the friendly but distorted portrait of Frank Abagnale Jr. that Catch Me If You Can gave us. And it makes sense because he showed an abundance of talent for it from an early age.

«It was immoral… I did things that negatively affected many companies, so now I travel the world to educate people about the importance of safety and help companies and consumers.“, a contrite Mitnick confirmed in 2011 when he attended the 2011 Campus Party as a speaker.

The character of Kevin Mitnick has always been controversial, because while some argued that the courts were exceedingly lenient in judging his actions, others were at the opposite extreme and argued that justice treated him as a scapegoat to scare off all those who carried out similar activities. But what is indisputable is that his actions and his public appearances left a mark before and after in the general understanding of the importance of computer security.

It wasn’t the first, and it probably wasn’t the best either, but due to a combination of factors yes, it became the most recognized golden age for black hat hacking, with names like Kevin Poulsen, John Draper (Dean of Captain Crunch), the tandem of Matthew Bevan and Richard Pryce, etc. sharing space (and, for many people, prestige) with Mitnick. Rest in peace.

Images: Campus Party Mexico / Campus Party Valencia / Matthew Griffiths / 2600