Kevin Mitnick - Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker issue 15th Aug 2011

L ITTLE , B ROWN AND C OMPANY

New York Boston London

For my mother and grandmother

K.D.M.

For Arynne, Victoria, and David,
Sheldon, Vincent, and Elena Rose
and especially for Charlotte

W.L.S.

I met Kevin Mitnick for the first time in 2001, during the filming of a Discovery Channel documentary called The History of Hacking, and we continued the contact. Two years later, I flew to Pittsburgh to introduce him for a talk he was giving at Carnegie Mellon University, where I was dumbfounded to hear his hacking history. He broke into corporate computers but didnt destroy files, and he didnt use or sell credit card numbers he had access to. He took software but never sold any of it. He was hacking just for the fun of it, just for the challenge.

In his speech, Kevin spelled out in detail the incredible story of how he had cracked the case of the FBI operation against him. Kevin penetrated the whole operation, discovering that a new hacker friend was really an FBI snitch, learning the names and home addresses of the entire FBI team working his case, even listening in on the phone calls and voicemails of people trying to gather evidence against him. An alarm system he had set up alerted him when the FBI was preparing to raid him.

When the producers of the TV show Screen Savers invited Kevin and me to host an episode, they asked me to demonstrate a new electronic device that was just then coming onto the consumer market: the GPS. I was supposed to drive around while they tracked my car. On the air, they displayed a map of the seemingly random route I had driven. It spelled out a message:

FREE KEVIN

We shared the microphones again in 2006, when Kevin was the stand-in host of Art Bells talk show Coast to Coast AM and invited me to join him as his on-air guest. By then I had heard a lot of his story; that night he interviewed me about mine and we shared many laughs, as we usually do when were together.

My life has been changed by Kevin. One day I realized that I was getting his phone calls from faraway places: he was in Russia to give a speech, in Spain to help a company with security issues, in Chile to advise a bank that had had a computer break-in. It sounded pretty cool. I hadnt used my passport in about ten years until those phone calls gave me an itch. Kevin put me in touch with the agent who books his speeches. She told me, I can get speaking engagements for you, too. So thanks to Kevin, Ive become an international traveler like him.

Kevin has become one of my best friends. I love being around him, hearing the stories about his exploits and adventures. He has lived a life as exciting and gripping as the best caper movies.

Now youll be able to share all these stories that I have heard one by one, now and then through the years. In a way, I envy the experience of the journey youre about to start, as you absorb the incredible, almost unbelievable tale of Kevin Mitnicks life and exploits.

Steve Wozniak,
cofounder, Apple, Inc.

P hysical entry: slipping into a building of your target company. Its something I never like to do. Way too risky. Just writing about it makes me practically break out in a cold sweat.

But there I was, lurking in the dark parking lot of a billion-dollar company on a warm evening in spring, watching for my opportunity. A week earlier I had paid a visit to this building in broad daylight, on the pretext of dropping off a letter to an employee. The real reason was so I could get a good look at their ID cards. This company put the employees head shot upper left, name just below that, last name first, in block letters. The name of the company was at the bottom of the card, in red, also in block letters.

I had gone to Kinkos and looked up the companys website, so I could download and copy an image of the company logo. With that and a scanned copy of my own photo, it took me about twenty minutes working in Photoshop to make up and print out a reasonable facsimile of a company ID card, which I sealed into a dime-store plastic holder. I crafted another phony ID for a friend who had agreed to go along with me in case I needed him.

Heres a news flash: it doesnt even have to be all that authentic looking. Ninety-nine percent of the time, it wont get more than a glance. As long as the essential elements are in the right place and look more or less the way they are supposed to, you can get by with it unless, of course, some overzealous guard or an employee who likes to play the role of security watchdog insists on taking a close look. Its a danger you run when you live a life like mine.

In the parking lot, I stay out of sight, watching the glow of cigarettes from the stream of people stepping out for a smoke break. Finally I spot a little pack of five or six people starting back into the building together. The rear entrance door is one of those that unlock when an employee holds his or her access card up to the card reader. As the group single-files through the door, I fall in at the back of the line. The guy ahead of me reaches the door, notices theres someone behind him, takes a quick glance to make sure Im wearing a company badge, and holds the door open for me. I nod a thanks.

This technique is called tailgating.

Inside, the first thing that catches my eye is a sign posted so you see it immediately as you walk in the door. Its a security poster, warning not to hold the door for any other person but to require that each person gain entrance by holding up his card to the reader. But common courtesy, everyday politeness to a fellow employee, means that the warning on the security poster is routinely ignored.

Inside the building, I begin walking corridors with the stride of someone en route to an important task. In fact Im on a voyage of exploration, looking for the offices of the Information Technology (IT) Department, which after about ten minutes I find in an area on the western side of the building. Ive done my homework in advance and have the name of one of the companys network engineers; I figure hes likely to have full administrator rights to the companys network.

Damn! When I find his workspace, its not an easily accessible cubicle but a separate office behind a locked door. But I see a solution. The ceiling is made up of those white soundproofing squares, the kind often used to create a dropped ceiling with a crawl space above for piping, electrical lines, air vents, and so on.

I cell-phone to my buddy that I need him, and make my way back to the rear entrance to let him in. Lanky and thin, he will, I hope, be able to do what I cant. Back in IT, he clambers onto a desk. I grab him around the legs and boost him up high enough that hes able to raise one of the tiles and slide it out of the way. As I strain to raise him higher, he manages to get a grip on a pipe and pull himself up. Within a minute, I hear him drop down inside the locked office. The doorknob turns and he stands there, covered in dust but grinning brightly.

I enter and quietly close the door. Were safer now, much less likely to be noticed. The office is dark. Turning on a light would be dangerous but it isnt necessarythe glow from the engineers computer is enough for me to see everything I need, reducing the risk. I take a quick scan of his desk and check the top drawer and under the keyboard to see if he has left himself a note with his computer password. No luck. But not a problem.