12 Sep, 2013 18:16

Use VPN! Former 'Most Wanted Hacker' Mitnick talks Snowden, NSA, and privacy

Once the most-wanted hacker in the US, Kevin Mitnick, the cracker extraordinaire and virtual ghost in the wires, spoke with RT about NSA snooping, Snowden’s status as a whistleblower or traitor and the virtues of VPNs in our surveillance saturated world.

RT: You actually broke into National Security Agency. Why did you do it, when did you do it, how did you do it; did you do it for fun?

Kevin Mitnick: I didn’t actually break into the NSA. When I was a juvenile, I was interested in hacking the telephone switches, so I thought, what would be the most interesting thing to wiretap as a kid? And I thought that would be the NSA. So I hacked into a telephone switch in Laurel, Maryland and this was actually the phone company. And then I was able, through hacking that switch, to be able to intercept an ongoing call between somebody in the National Security Agency. But I only wanted to see if I was able to do it. So as soon as I heard a conversation, it was some man and woman talking, I listened for like 5 or 10 seconds and then I hung up and never did it again.

RT: The NSA's actually hiring code crackers. Why do they need them?

KM: Well, they need to hire code crackers to increase their capabilities. That’s the job of the National Security Agency, to break codes, so they want to get the best people in the world to help do that.

The first system Kevin David Mitnick (born on August 6, 1963) ever hacked was the Los Angeles bus punch card system. He found a way to ride through the city of angels for free.

He first gained access to a computer network in 1979 at the age of 16. He was charged for the crime nearly a decade later, and was sentenced to 12 months in prison.

Several years after being released from prison, he hacked into the Pacific Bell voice mail computers. A warrant was issued for his arrest, and he went on the run for two and a half years. Mitnick is believed to have gained unauthorized access to dozens of computers during his time as a fugitive.

He was arrested in Raleigh, North Carolina in 1995 on federal offenses related to computer hacking.

In 1999 he confessed to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. He was sentenced to five years in prison as part of a plea agreement.

After his release, Mitnick launched Mitnick Security Consulting LLC, a computer security consultancy.

RT: According to Edward Snowden's revelations, e-mails, phone calls, messages are all being tracked. How far can the government go?

KM: I think they have access to everything, at least in the United States and probably Great Britain. I believe they have access to everything because they basically could intercept all the packets going through the backbone of everything. Now there’ve been revelations that they’re pretty resourceful at breaking crypto so now I think they have access to a ton of stuff.

I believe it’s all about, as Scott McNealy said about 15 years ago, ‘you have no privacy, get over it.’ And that was the ex-CEO of Sun Microsystems. And I think that quote really holds true today.

‘Like the Pablo Escobar of pharmacy’

RT: You went to jail for some high-profile hacking. Do you think the government is still tracking you after all these years?

KM: Maybe only the Russian government since I’m here in Moscow. I doubt it. You know something comes up when they think I could have some involvement maybe, but I’m on the other side. I help companies protect their systems. I still hack today every day. Companies actually hire me to break into their systems, find their vulnerabilities, so I can tell them what the vulnerabilities are so they can fix them. So it’s kind of like Pablo Escobar becoming a pharmacist.

RT: Let's now go back to the Snowden revelations. How do these leaks affect America's national security?

KM: It’s very damaging, right? It’s kind of like how I felt and a lot of colleagues felt in the information security world felt; we already felt this was being done but there was actually no confirmation. But now there is definite confirmation, the cat is out of the bag, and it surely damages national security because now our adversaries, now potentially terrorists know our methods of operation or at least have it confirmed, so that they can change the way they communicate.

RT: And talking about Edward Snowden, is he a hero or a traitor from your point of view?

KM: I think he’s a whistleblower, I don’t look at him as a traitor. I’m actually glad that he revealed what the National Security Agency did, at least against Americans by violating our constitutional rights to privacy. But I have some mixed feelings that he did cross the line when he revealed NSA operations that we have against other countries, because as we all know, all countries spy on each other. So no matter who goes rogue, when they start publicizing operations against other countries, for example, if a [Russian] FSB [Federal Security Service] agent went rogue, and the FSB was doing an operation in Afghanistan, and he published it, it would be bad for Russia. So I have mixed feelings about it, but I wouldn’t classify him as a traitor.

VPN or bust

RT: We've got hundreds of people writing you on Twitter, and the most popular question is, ‘how can citizens protect data and communications while still using popular corporate software and services.

KM: Well it’s pretty scary, because now, with the revelations from Snowden, that allegedly the NSA has approached and partnered with a lot of companies to develop security software, to develop VPN [virtual private network] technology, they might have intentionally weakened this technology so they can intercept communications. But an average citizen, if they are not a terrorist, they are really not concerned about an intelligence agency intercepting communications, but more a criminal organization. So the first thing I’d recommend to the average person on the street is, whenever you’re out in the public, or you’re in a hotel like I’m in a hotel in Moscow, or using public wi-fi, is use a VPN service. Because what that immediately does is, it takes your data and it kind of puts it in an encrypted envelope so that people can’t really intercept and spy on that. So as a consumer I would think about using a VPN service, and they’re pretty cheap.

RT: But anything can basically be hacked.

KM: Everything can be hacked if your adversary has enough time, money and resources. And of course intelligence agencies have unlimited budgets.

RT: Is there any way to stop hackers, like making strict laws or a governmental department that will follow them? Is that possible?

KM: I don’t think so. Hacking has been going on since the 1960s and it hasn’t stopped yet. I mean I started hacking in the early 90s and it’s only gotten worse; it hasn’t gotten better.

RT: Another popular question on Twitter: Is it okay to bank online?

KM: Well, I look at it this way, like using my credit card over the Internet, I do it all of the time and at least I don’t really care if somebody steals my credit card number. Do you know why? Because at least in America, if there is any fraud on the account, I simply call up the bank and they take the charge off. I have to basically sign a letter, an affidavit that it wasn’t me, and the problem goes away. Now in some countries that might be different, where the consumer has the burden of proof, then I’d be a little bit concerned, but it’s really where does the liability lie? Does it lie with the consumer, does it lie with the merchant, does it lie with the bank?

Demonstrators hold up a placard in support of former US agent of the National Security Agency, Edward Snowden in front of Berlin's landmark Brandenburg Gate as they take part in a protest against the US National Security Agency (NSA) collecting German emails, online chats and phone calls and sharing some of it with the country's intelligence services in Berlin on July 27, 2013.(AFP Photo / John Macdougall)

RT: And also, one of our views is asking, what are your views regarding the phone touch ID feature?

KM: From Apple? That’s where they get your fingerprint. It kind of makes you think, could somebody intercept your fingerprint data and does Apple store this information? I haven’t read much about the touch ID because it just was released in the last 24 hours. But it kind of makes you think about well wow, you know, with all this stuff going on, all the revelations of Snowden, now Apple is getting your fingerprint. Is that stored anywhere, or is it only stored on your device? If your device is stolen, could somebody extract that fingerprint information out of the device to spoof who you are? You know, so these are questions that will be answered later.

RT: Could a boycott of tech gadgetry, like iPods, firms like Verizon and Google, who are giving our info to the NSA, deter them?

KM: No. I don’t think so. This is like the form of hacktivism where you have a group of individuals, whether its LulzSec or Anonymous, and they break into stuff and they try to get the media to cover the message they want to send, but at the end of the day it doesn’t really change the behavior of a government agency or a company. Basically, they go out and try to prosecute the guys. The thing that I have seen change, and I wouldn’t call Snowden an activist, I would call him a whistleblower, is because of his exposures of what the government has really been doing, now that has created change and debate and stuff like that. That’s the only time I have really seen it.

‘Ghost in the Wires’

RT: When WikiLeaks founder Assange says the NSA spying on citizens is just the tip of the Iceberg, what else is to be revealed?

KM: Maybe what he’s alluding to is the spying on heads of state. I remember years ago when there was a hack into Vodafone in Greece and some unknown foreign nationals were allegedly spying on heads of state in Greece; my mind flashes back to this incident. Now there is some information coming out that our own National Security Agency might be spying on heads of state. So maybe that’s what he’s talking about.

RT: Have you thought about making a movie based on your story where you are both the subject and actor?

KM: That would actually be pretty cool, I mean right now I do have an agent who is trying to shop my new book, ‘Ghost in the Wires’, it’s a New York Time’s bestseller and we’re trying to get it made into a motion picture. I don’t know if I’d actually become an actor or a consultant on the movie. But it’s in the works, but it’s tough in Hollywood, because Hollywood gets approached by hundreds of ideas a year, even thousands, and they only pick a small number of those projects to actually make into a movie.

RT: Do you ever regret being a hacker?

KM: I regret any problems I caused companies or consumers; I caused damage because I hacked into their systems and they had to go in and figure out, ‘what did he do’ and they had to rebuild their systems. So I would consider myself what I’d call a pain in the ass hacker. I was never the type of guy who would try to wipe data out or try to profit. It was more about the intellectual challenge, and the curiosity. So I regret that part, but I’m still a hacker today and I love what I do. It’s almost like it’s not work. I wouldn’t call it a game, but it’s very intellectually stimulating. Maybe it’s analogous to playing chess.

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.

Opinion