Mitnick. Kevin Mitnick. You either know this name, or you don’t, and have to look up the wikipedia article on him. The short version, Kevin Mitnick is a computer hacker who spent a great deal of his time using computer science, and social engineering skills to gain access to the local southern California phone company, as well as many well known computer company servers.
In his book, Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker, we start off with Mitnick getting held up by law enforcement for something that there was no criminal law for at the time, computer crimes. With no crime to charge him with, Mitnick’s adventures would literally become the things used by legislators to eventually write and pass our current computer crimes laws.
Mitnick found the scripts in parts of life he found interest in. Computers, the phone company’s equipment, and more importantly, in people trained by corporations, and large organizations to act and response in a defined manner. After years of this, he found himself on the run, and once again, used those same skills to build not one, but a bank of false identities. This idea of the ‘script’ though, you have to understand for seeing how he managed to do the things he did. A script is easy enough to explain, as in a light switch. Some metal, and plastic, you flip it one way, and the lights go on. Flip it the other way, and the lights go off. That’s a light switch’s script. Hacking in to computer controlled equipment, and servers is something most of us have at least a vague understanding of, where you gain access to areas of a computer system by making the software believe you’re suppose to be there. What is the most interesting aspect of what Mitnick did was hack the actual people who worked at the phone company, or software companies.
The script of humans working at these places, and the ease at which Mitnick convinced them he was just another cog that worked for the same company is a puzzle to me. It must have been acquired a piece at a time, with many hours spent building it. Calling in to a large organization like a phone company, and being able to speak with the jargon they use to have hundreds of people believe Mitnick was a technician in the field, or a tech support manager was a leap of faith not entirely explained in detail within his book. Even after he causes IT security departments to take notice of his work, even with law enforcement watching him, the utter disappointment one can feel seeing DMV workers, both federal and local law enforcement, many departments/levels of telecommunications companies, cellphone companies, the list goes on, so indoctrinated by their organizations that they lacked the basic creative and deductive thinking that would have stopped Mitnick, someone only wanting to explore, makes me uneasy about other or more vital systems we depend on falling prey to dedicated individuals or teams of people looking to cause harm is disappointing to say the least.
Of course, Mitnick is well known as very intelligent, but infallible he is not. Even after creating his own clean break from on identity to the next to get himself out of legal trouble, it seems his curiosity was repeatedly what burned one situation to the next. If his story is in fact true, Mitnick’s efforts never ended up damaging anyone but himself, and his loved ones, as his need to hide from the law, caused him great difficulty, and his social circle’s efforts to help him each time were the biggest problems his hacking incurred. At the end of the day, Mitnick never sold any proprietary information he accessed, nor used what he could do to defraud anyone. It was that potential, what he could have done, and the multiplier, of what others could do with similar skills that scared people.
For those with little working knowledge of computer basics, this book might take some work to digest. Having enough know how myself to understand Mitnick’s work, but not enough to undertake his level of engineering, I can say that parts of his book might get muddy, or even slow down for some. If you find yourself in this spot, don’t worry, the non-computer world, and its complications quickly follows each of those sessions.
I probably won’t add this book to my personal collection. The lesson to be learned from it is easily taught in many other disciplines. To stop, look around, ask questions, question authority, and see past blindly followed scripts is more attuned with a simple question, “How do I make this happen?” “What needs to happened to make this work?” These are not only starters for anyone trying to accomplish something, but questions Mitnick writes himself in his quest for knowledge.
I suppose that’s why I often ask people “What is the closest star to the Earth?” Its a way to have someone stop, look around, and leave behind the program, the script they are following, and see the world right in front of them.
The answer, of course, is…the Sun. Its our star, and a pretty good one too.