Once the most-wanted hacker in the US, Kevin Mitnick, the cracker extraordinaire and virtual ghost in the wires, spoke with RT about NSA snooping, Snowden’s status as a whistleblower or traitor and the virtues of VPNs in our surveillance saturated world.
RT: You actually broke into National Security Agency.
Why did you do it, when did you do it, how did you do it; did you
do it for fun?
Kevin Mitnick: I didn’t actually break into the NSA. When
I was a juvenile, I was interested in hacking the telephone
switches, so I thought, what would be the most interesting thing
to wiretap as a kid? And I thought that would be the NSA. So I
hacked into a telephone switch in Laurel, Maryland and this was
actually the phone company. And then I was able, through hacking
that switch, to be able to intercept an ongoing call between
somebody in the National Security Agency. But I only wanted to
see if I was able to do it. So as soon as I heard a conversation,
it was some man and woman talking, I listened for like 5 or 10
seconds and then I hung up and never did it again.
RT: The NSA's actually hiring code crackers. Why do
they need them?
KM: Well, they need to hire code crackers to increase their capabilities. That’s the job of the National Security Agency, to break codes, so they want to get the best people in the world to help do that.
The first system Kevin David Mitnick (born on August 6, 1963) ever hacked was the Los Angeles bus punch card system. He found a way to ride through the city of angels for free.
He first gained access to a computer network in 1979 at the age of 16. He was charged for the crime nearly a decade later, and was sentenced to 12 months in prison.
Several years after being released from prison, he hacked into the Pacific Bell voice mail computers. A warrant was issued for his arrest, and he went on the run for two and a half years. Mitnick is believed to have gained unauthorized access to dozens of computers during his time as a fugitive.
He was arrested in Raleigh, North Carolina in 1995 on federal offenses related to computer hacking.
In 1999 he confessed to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. He was sentenced to five years in prison as part of a plea agreement.
After his release, Mitnick launched Mitnick Security Consulting LLC, a computer security consultancy.
RT: According to Edward Snowden's revelations, e-mails,
phone calls, messages are all being tracked. How far can the
government go?
KM: I think they have access to everything, at least in
the United States and probably Great Britain. I believe they have
access to everything because they basically could intercept all
the packets going through the backbone of everything. Now
there’ve been revelations that they’re pretty resourceful at
breaking crypto so now I think they have access to a ton of
stuff.
I believe it’s all about, as Scott McNealy said about 15 years ago, ‘you have no privacy, get over it.’ And that was the ex-CEO of Sun Microsystems. And I think that quote really holds true today.
‘Like the Pablo Escobar of pharmacy’
RT: You went to jail for some high-profile hacking. Do
you think the government is still tracking you after all these
years?
KM: Maybe only the Russian government since I’m here in
Moscow. I doubt it. You know something comes up when they think I
could have some involvement maybe, but I’m on the other side. I
help companies protect their systems. I still hack today every
day. Companies actually hire me to break into their systems, find
their vulnerabilities, so I can tell them what the
vulnerabilities are so they can fix them. So it’s kind of like
Pablo Escobar becoming a pharmacist.
RT: Let's now go back to the Snowden revelations. How
do these leaks affect America's national security?
KM: It’s very damaging, right? It’s kind of like how I felt and a lot of colleagues felt in the information security world felt; we already felt this was being done but there was actually no confirmation. But now there is definite confirmation, the cat is out of the bag, and it surely damages national security because now our adversaries, now potentially terrorists know our methods of operation or at least have it confirmed, so that they can change the way they communicate.
RT: And talking about Edward Snowden, is he a hero or a traitor from your point of view?
KM: I think he’s a whistleblower, I don’t look at him as a traitor. I’m actually glad that he revealed what the National Security Agency did, at least against Americans by violating our constitutional rights to privacy. But I have some mixed feelings that he did cross the line when he revealed NSA operations that we have against other countries, because as we all know, all countries spy on each other. So no matter who goes rogue, when they start publicizing operations against other countries, for example, if a [Russian] FSB [Federal Security Service] agent went rogue, and the FSB was doing an operation in Afghanistan, and he published it, it would be bad for Russia. So I have mixed feelings about it, but I wouldn’t classify him as a traitor.
VPN or bust
RT: We've got hundreds of people writing you on
Twitter, and the most popular question is, ‘how can citizens
protect data and communications while still using popular
corporate software and services.
KM: Well it’s pretty scary, because now, with the
revelations from Snowden, that allegedly the NSA has approached
and partnered with a lot of companies to develop security
software, to develop VPN [virtual private network] technology,
they might have intentionally weakened this technology so they
can intercept communications. But an average citizen, if they are
not a terrorist, they are really not concerned about an
intelligence agency intercepting communications, but more a
criminal organization. So the first thing I’d recommend to the
average person on the street is, whenever you’re out in the
public, or you’re in a hotel like I’m in a hotel in Moscow, or
using public wi-fi, is use a VPN service. Because what that
immediately does is, it takes your data and it kind of puts it in
an encrypted envelope so that people can’t really intercept and
spy on that. So as a consumer I would think about using a VPN
service, and they’re pretty cheap.
RT: But anything can basically be hacked.
KM: Everything can be hacked if your adversary has enough
time, money and resources. And of course intelligence agencies
have unlimited budgets.
RT: Is there any way to stop hackers, like making
strict laws or a governmental department that will follow them?
Is that possible?
KM: I don’t think so. Hacking has been going on since the
1960s and it hasn’t stopped yet. I mean I started hacking in the
early 90s and it’s only gotten worse; it hasn’t gotten better.
RT: Another popular question on Twitter: Is it okay to
bank online?
KM: Well, I look at it this way, like using my credit card over the Internet, I do it all of the time and at least I don’t really care if somebody steals my credit card number. Do you know why? Because at least in America, if there is any fraud on the account, I simply call up the bank and they take the charge off. I have to basically sign a letter, an affidavit that it wasn’t me, and the problem goes away. Now in some countries that might be different, where the consumer has the burden of proof, then I’d be a little bit concerned, but it’s really where does the liability lie? Does it lie with the consumer, does it lie with the merchant, does it lie with the bank?
RT: And also, one of our views is asking, what are your
views regarding the phone touch ID feature?
KM: From Apple? That’s where they get your fingerprint. It
kind of makes you think, could somebody intercept your
fingerprint data and does Apple store this information? I haven’t
read much about the touch ID because it just was released in the
last 24 hours. But it kind of makes you think about well wow, you
know, with all this stuff going on, all the revelations of
Snowden, now Apple is getting your fingerprint. Is that stored
anywhere, or is it only stored on your device? If your device is
stolen, could somebody extract that fingerprint information out
of the device to spoof who you are? You know, so these are
questions that will be answered later.
RT: Could a boycott of tech gadgetry, like iPods, firms
like Verizon and Google, who are giving our info to the NSA,
deter them?
KM: No. I don’t think so. This is like the form of hacktivism where you have a group of individuals, whether its LulzSec or Anonymous, and they break into stuff and they try to get the media to cover the message they want to send, but at the end of the day it doesn’t really change the behavior of a government agency or a company. Basically, they go out and try to prosecute the guys. The thing that I have seen change, and I wouldn’t call Snowden an activist, I would call him a whistleblower, is because of his exposures of what the government has really been doing, now that has created change and debate and stuff like that. That’s the only time I have really seen it.
‘Ghost in the Wires’
RT: When WikiLeaks founder Assange says the NSA spying
on citizens is just the tip of the Iceberg, what else is to be
revealed?
KM: Maybe what he’s alluding to is the spying on heads of
state. I remember years ago when there was a hack into Vodafone
in Greece and some unknown foreign nationals were allegedly
spying on heads of state in Greece; my mind flashes back to this
incident. Now there is some information coming out that our
own National Security Agency might be spying on heads of state.
So maybe that’s what he’s talking about.
RT: Have you thought about making a movie based on your
story where you are both the subject and actor?
KM: That would actually be pretty cool, I mean right now I
do have an agent who is trying to shop my new book, ‘Ghost in the
Wires’, it’s a New York Time’s bestseller and we’re trying
to get it made into a motion picture. I don’t know if I’d
actually become an actor or a consultant on the movie. But it’s
in the works, but it’s tough in Hollywood, because Hollywood gets
approached by hundreds of ideas a year, even thousands, and they
only pick a small number of those projects to actually make into
a movie.
RT: Do you ever regret being a hacker?
KM: I regret any problems I caused companies or consumers;
I caused damage because I hacked into their systems and they had
to go in and figure out, ‘what did he do’ and they had to rebuild
their systems. So I would consider myself what I’d call a pain in
the ass hacker. I was never the type of guy who would try to wipe
data out or try to profit. It was more about the intellectual
challenge, and the curiosity. So I regret that part, but I’m
still a hacker today and I love what I do. It’s almost like it’s
not work. I wouldn’t call it a game, but it’s very
intellectually stimulating. Maybe it’s analogous to playing
chess.
The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.
The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.