Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer. At the time of his death, he was Chief Hacking Officer at security awareness training firm KnowBe4.
Kevin Mitnick - the world's first famous "hacker" - has died at age 59 after succumbing to pancreatic cancer.
Mitnick gained fame for his hacking skills and eventual arrest on hacking and wire fraud charges. After his release from prison, he went on to release various books and speak at conferences on the topic of cyber security/hacking. He is the founder of "Mitnick Security Consulting" which provides cyber consulting and penetration testing services.
Kevin's influence on the world of cyber security is undeniable, as is his almost legendary reputation in the field.
Mitnick served five years in prison—four-and-a-half years' pre-trial and eight months in solitary confinement—because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone", implying that law enforcement told the judge that he could somehow dial into the NORAD modem via a payphone from prison and communicate with the modem by whistling to launch nuclear missiles.
Probably based on the Cap'n Crunch whistle pay phone hack.
Someone correct me if I've missed a few bits, but here's the story...
First, a little history.
Payphones were common. If you're younger, you've probably seen them in movies. To operate them, you picked up the handset, listened for the dial tone (to make sure no one yanked the cord loose), inserted the amount shown by the coin slot, and then dialed. You have a limited amount of time before an automatic message would ask you to add more money. If you dialed a long distance number, a message would play telling you how much more you needed to insert.
There were no digital controls to this - no modern networking. The primitive "computers" were more like equipment you'd see in a science class. So, to deal with the transaction details, the coin slot mechanism would detect the type of coin inserted, mute the microphone on the handset, and transmit a series of tones. Just voltage spikes. The muting prevented the background noise from interfering with the signal detection. Drop a quarter in the slot and you'd hear the background noise suddenly disappear followed by some tapping sounds (this was just bleed through).
It's also relevant to know that cereals used to include a cheap, little toy inside. At one point, Cap'n Crunch had a whistle which had a pitch of 2600Hz.
The story goes that someone* figured out that the tones sent by the payphones were at 2600Hz - same as the whistle. You could pick up a payphone handset and puff into the whistle a certain number of times, and ti would be detected as control signals (inserting money).
That's right! Free phone calls to anywhere. I'm hazy on the specifics, but I'm pretty sure there were other tricks you could do, like directly calling restricted technician numbers, too. The reason the 2600Hz tone was special had to do with something like it was used as a general signal that didn't trigger billing.
It knocked the idea of phone hacking, or "phreaking", from a little known quirk, to an entire movement. Some of the stuff was wild and if you're interested, look up the different "boxes" that people distributed blueprints for. Eventually, the phone companies caught on and started making it harder to get at wires and more sophisticated coin receptacles.
If you've ever seen the magazine 2600 back in the 90s and early 00s, that's the origin of the name.
All that is to say, if you knew nothing about technology and watched a guy whistle into a phone to get special access, you'd probably be freaked out. Who knows what that maniac could do with a flute!
I could have sworn it was Mitnick, but might have been someone else.
It wasn't Mitnick, it was a hacker/phreaker who, rather unsurprisingly, called himself Captain Crunch.
Edit: There was also Joybubbles/Whistler, who had perfect pitch, so he could whistle the correct tones. He was also blind, so it's a pretty interesting way to overcome a disability.
Post made by Bruce Schneier about Mitnick earlier this year.
[2023.01.27] Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires.
The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.
As soon as I was settled, I looked in the Yellow Pages for the nearest law school, and spent the next few days and evenings there poring over the Welfare and Institutions Code, but without much hope.
Still, hey, “Where there’s a will...” I found a provision that said that for a nonviolent crime, the jurisdiction of the Juvenile Court expired either when the defendant turned twenty-one or two years after the commitment date, whichever occurred later. For me, that would mean two years from February 1983, when I had been sentenced to the three years and eight months.
Scratch, scratch. A little arithmetic told me that this would occur in about four months. I thought, What if I just disappear until their jurisdiction ends?
This was the Southwestern Law School in Los Angeles. This was a lot of manual research -- no search engines in those days. He researched the relevant statutes, and case law that interpreted those statutes. He made copies of everything to hand to his attorney.
I called my attorney to try out the idea on him. His response sounded testy: “You’re absolutely wrong. It’s a fundamental principle of law that if a defendant disappears when there’s a warrant out for him, the time limit is tolled until he’s found, even if it’s years later.”
And he added, “You have to stop playing lawyer. I’m the lawyer. Let me do my job."
I pleaded with him to look into it, which annoyed him, but he finally agreed. When I called back two days later, he had talked to my Parole Officer, Melvin Boyer, the compassionate guy who had gotten me transferred out of the dangerous jungle at LA County Jail. Boyer had told him, “Kevin is right. If he disappears until February 1985, there’ll be nothing we can do. At that point the warrant will expire, and he’ll be off the hook.”
So he moved to Northern California and lived under an assumed name for four months.
What’s interesting to me is how he approaches legal code in the same way a hacker approaches computer code: pouring over the details, looking for a bug -- a mistake -- leading to an exploitable vulnerability. And this was in the days before you could do any research online. He’s spending days in the law school library.
This is exactly the sort of thing I am writing about in A Hacker’s Mind. Legal code isn’t the same as computer code, but it’s a series of rules with inputs and outputs. And just like computer code, legal code has bugs. And some of those bugs are also vulnerabilities. And some of those vulnerabilities can be exploited -- just as Mitnick learned.
i miss techtv every single day. found a trove of old screen savers episodes i put in a youtube playlist that i sometimes watch to scratch the itch. what a magical time to be alive
I read tons TXTs in the 90s that sparked an interest in how-things-work and eventually lead to a career in software. People like him really change lives.
https://youtu.be/rcWByfwkf4k?t=894 first learned about the dude way back when i was in high school via his interview with kevin rose, way before youtube was really a thing, proceeded to read the art of deception and the art of intrusion and just like. a lot of that and the other videos this was a part of got me started in all the things i do with computers now. this is gonna sting for a while i think
Thanks for sharing that. It was good to watch the interview again and also be transported to a very nostalgic place, I haven't seen or thought of The Broken in a long time.
That's fucking tragic. Makes me want to whip out the ole Hacker Manifesto.
Kids will never again know the fun of dealing with long distance calling plans and the barely usable international calling that used to cost half you rent for a 15 minute conversation.