Kevin Mitnick: Cyberthief

<B>Ed Bradley</B> Talks To The World's Most Notorious Cyberthief

Kevin Mitnick was probably the world's most notorious cyberthief when he was captured in 1995 and sentenced to five years in prison.

Over a 13-year period, Mitnick broke into the computer systems of more than 35 major international corporations and other organizations -- exploits that made him the FBI's most wanted computer criminal.

When 60 Minutes first sat down with Mitnick in January 2000, just before his release from federal prison, he told us that he saw himself not as a devious criminal -- but more like a merry prankster.

"I saw myself as an electronic joyrider having a great time on the information superhighway. You know, I felt like I was like James Bond behind the computer," said Mitnick. "It was a big game to me. I was just having a blast."

Did it ever occur to him that he was doing something wrong?

"Yeah, it was an invasion of privacy," said Mitnick. "You know, going in, getting access to other people's information is, obviously, a gross invasion of privacy and it's wrong."

But he says that at the time, it didn't bother him.
What Mitnick was doing was breaking through the highly sophisticated computer defense systems that companies use to protect their trade secrets – which he repeatedly stole. His list of victims reads like "A Who's Who of Big Business." They include Motorola, Sun Microsystems, Nokia and software maker Novell.

All told, the companies estimate that Mitnick cost them $300 million in damages.

"I believe I caused some damage, but nowhere near that number. I was an accomplished computer trespasser. I don't consider myself a thief," said Mitnick. "I didn't deprive these companies out of their software. I merely made a copy without doing anything more with it."

So did he steal it? "I didn't use it for financial gain, nor did I cause any harm," he said.

Beyond his skills as a computer hacker, what also made Mitnick so effective, according to the FBI, was his phenomenal ability to obtain confidential information from corporations by phoning unsuspecting employees and simply asking them for it. It's known as "social engineering."

How would he describe social engineering? "Basically lying on the phone, manipulating or conning information out of people over the telephone," said Mitnick, who claims to have been a good con man. "I was successful."

Mitnick was hacking and conning his way into corporate computer systems 10 to 12 hours a day. And while he held down legitimate jobs working with computers, he says hacking was like an addiction -- which eventually became the most important thing in his life.

He also blames his addiction on ruining his marriage. "What really broke up the marriage was I was too – I kept going back to my hacking and it became a higher priority," said Mitnick.

By the age of 25, Mitnick had been arrested three times for computer fraud. In 1989, he spent a year in jail. He was then placed on probation and ordered to receive counseling. He attended a 12-step program for his apparent addiction to hacking. It didn't work and he continued hacking. A warrant for his arrest was issued and he became a fugitive, the FBI's most wanted cyber criminal.

For more than two years, no law enforcement agency could catch him, as he hacked his way across the country, assuming new identities.

But eventually, the FBI was able to track him down, and on Feb. 15, 1995, in the middle of the night, a team of FBI agents knocked on Mitnick's door, where he was living under an assumed name.
Soon after 60 Minutes spoke to Mitnick, he walked out of jail a free man after having served almost five years. But the government wasn't finished with him yet.

As part of his probation, Mitnick's access to computers was severely restricted. His career prospects were uncertain. That is, until the federal government came looking for him once again. This time, he had no reason to run, because they wanted his help.

"I was released from custody January of 2000. Just a few months later, I was invited to testify before Congress," says Mitnick. "And after that, a lot of businesses, I guess from seeing me on C-Span, were interested in having me speak about security."

And so a new career was born. 60 Minutes showed an excerpt from a video Mitnick uses to market himself to potential clients.

"The purpose of my public speaking is to raise awareness to what the security threats are. How the bad guys operate. And what you can do to protect yourself," says Mitnick. "There's the old adage -- it takes a thief to catch a thief."

Mitnick maintains he no longer does any illegal hacking, but that hasn't stopped him from playing a hacker on TV, appearing on an episode of "Alias." And in real life, Mitnick freely admits that he's still breaking into other people's computer systems. But these days, he insists, it's by invitation only – and it's legal.

"I'm an ethical hacker today. And what I do is I essentially get paid to hack ethically to find security vulnerabilities in my clients' systems. And notify them so they can fix them," says Mitnick.

Now off probation, Mitnick is not only busy consulting and speaking, he's also written a book on computer security and is working on a second book.

"Kevin Mitnick has grown up," he says. "Took a little while, but I finally did."
  • Rebecca Leung

Comments