How the Greatest Hacker Manipulated Everyone

Kevin Mitnick hacked into the  largest tech companies on the planet. I’ve successfully compromised all systems that  I targeted for unauthorized access except one. Yet, his greatest skill lay not in his technical  ability but in his deep understanding of human behavior, enabling him to manipulate people  into doing things they wouldn’t normally do.

He’d walk into a building he was going to  target, pretending to drop off a letter for an employee at the front desk just so he  could take a good look at the staff IDs. Then, using Photoshop, he’d forge his own ID. Kevin explained in his memoir, Ghost in  the Wires, “.

. . it doesn’t even have to be all that authentic looking.

Ninety-nine percent  of the time, it won’t get more than a glance. ” Wearing his fake badge, he’d follow employees  back from smoke breaks through the back door, exploiting the common courtesy of holding  the door open for the person behind you. He’d then let in his hacking  buddy, who’d access the crawl space to get inside the locked office  of the company’s network engineers.

Once inside, he’d bypass the computer’s  existing operating system by installing a bootable version of the system loaded  with hacking tools, including malware that enabled him to access keystrokes,  steal passwords, even activate the webcam. He eventually finds his way to the  heart of the system , the servers responsible for handling customer transactions. And decrypts, “Millions and millions of  credit card numbers.

I can make purchases all day long using a different credit card  each time, and never run out of numbers. ” Yet, he never used any of the cards  or any of the information he accessed. Like a kid breaking into an abandoned  building, he hacked just for the fun of it.

He explained, “For us, the thrill lay  simply in knowing we had gained the power. ” His obsession with exploiting the  system started when he was young. At the age of 12, he found a way  to ride the bus in LA for free by buying a punch card and punching blank  tickets he fished out of a dumpster.

Kevin spent a lot of time alone. His dad left when he was three, and his mom  often worked double shifts as a waitress at various delis in Los Angeles to support them.  (Ventura Boulevard, one example is Fromin’s Deli) To pass the time, he liked  to perform magic tricks, influenced by the magician dad  of the girl he had a crush on.

He wrote: “. . .

the notion that people  enjoyed being taken in was a stunning revelation that influenced the course of my life. In high school, he became obsessed with  phone phreaking, manipulating telephone networks to make free long-distance calls. He loved using technology to play pranks.

He and his friend Lewis De Payne would modify an  amateur radio to make their voices come out of a McDonald’s drive-thru speaker and say things  like, “I’m sorry. We don’t serve cops here. ” But his antics were not always so innocent.

When he was 17, he targeted the critical  operating system of Pacific Bell, a major telephone provider in  California later known as AT&T. Posing as an employee who wanted to  show two friends around one night, the security guard simply said, “Sure.  Just sign in.

” without asking for ID. They walked out with piles of  manuals on how the system worked. But then one of his buddy’s  ex-girlfriends snitched, and he spent three months in juvenile detention.

That didn’t deter him. His obsession  with hacking overshadowed all else. He neglected high school, passed the GED exam,  and later enrolled in a technical school in LA, where he met the woman who would become his wife.

Even when he moved in with Bonnie, he spent  virtually every waking hour on his computer. One of his favorite targets was Digital Equipment  Corporation, a leading computer vendor. He really wanted the source  code - the recipe for how a product works - for DEC’s new operating  system VMS to identify security flaws.

He and his friend Lenny DiCicco remotely  infiltrated DEC to steal the prized source code. But then, Lenny betrayed him. When Lenny refused to fork over $150 after losing  a bet, Kevin started calling Lenny’s employer, pretending to be the IRS and claiming  Lenny was wanted for tax crimes.

Lenny was so angry that he told  his boss that he and Kevin were hacking into DEC late at night from the office. The FBI got involved, and Lenny started  secretly recording his conversations with Kevin. When the Feds arrested Kevin, Kevin said Lenny  was “.

. . dancing in a little circle of joy, as if he were celebrating  some kind of victory over me.

” This hack would haunt him. Prosecutor Leon Weidman painted Kevin  as a significant threat, claiming, “He can whistle into a telephone and  launch a nuclear missile from NORAD. ” That might seem ridiculous now, but in the 1980s, there was a lot of fear  over how technology worked.

Computers and the fledgling internet were not  that well understood by the general public. So, the judge threw Kevin into solitary  confinement, where he spent eight months. When he was getting ready  for release, Bonnie left him.

He suspected she was cheating. After hacking into her answering machine, he discovered that she was having an  affair with…his best friend, Lewis. Despite the betrayal, he remained  friends with Lewis because there were very few people who could  understand his predicament.

After serving a year in prison, Kevin  knew he had to tread more carefully. He needed to ensure his phone couldn’t be tracked. He had to find a way of changing the electronic  serial number of his Novatel PTR-825.

He called Novatel and posed as one of  their engineers, even calling from the noisy Consumer Electronics Show  in Las Vegas to sound credible. He spoke with an engineering  manager named Kumamoto, who revealed it was possible to change  the ESN from the phone’s keypad if you had a special computer chip containing  a special version of the firmware. Kevin convinced Kumamoto to ship a few chips to the Las Vegas hotel where  he claimed to be staying.

He then called up an electronics store and  obtained the ESNs of recently activated phones, allowing him to impersonate  those devices on the network. Around this time, Kevin was introduced to a  supposed star hacker named Eric through his half-brother’s ex-girlfriend. Eric was super secretive.

He wouldn’t give Kevin his phone number or pager number. They communicated  through an intermediary. ba After talking a few times, Kevin’s  gut told him something was off.

“Eric didn’t talk like other hackers; he sounded  more like Joe Friday, like a cop. He asked questions like, ‘What projects have you been up  to lately? Who are you talking with these days?

’” He decided to dig deeper into Eric’s background. Kevin’s friend Dave at Pacific  Bell set up a trap with a bait phone number. When Eric dialed in,  the call re-routed to Dave’s office, allowing them to capture Eric’s phone  number through the system’s caller ID.

Using Eric’s phone number,  he discovered his address. He called Pacific Bell, pretending  to be a technician named Terry. When asked for a tech code,  Kevin provided a random number.

“Terry, what’s your tech code? ” He recalled: “I knew she wasn’t going to  look it up - they never did. Any three-digit number would satisfy, so long as I sounded  confident and didn’t hesitate.

” (page 124) His ploy worked. Upon requesting the address linked to Eric’s  phone number, the employee didn’t bat an eye: 3636 South Sepulveda, unit 107B,  registered under the name Joseph Wernle. Kevin’s doubts deepened when he accessed  the call logs of Eric's phone line, and found calls to the Los  Angeles headquarters of the FBI.

Drven to unravel the full story, Kevin devised an elaborate scheme to  obtain Eric’s social security number. He posed as a member of the  Office of the Inspector General at the Social Security Administration,  responsible for investigating fraud. To gain credibility, he meticulously  researched the agency’s internal structure, the names of supervisors and managers,  and even learned the company lingo, including terms like “Mods” - short for  “Modules”, referring to teams handling claims.

A staff member named Ann ate up his  lies and gave him anything he wanted: social security numbers, birth  dates, benefits, and earnings. Ann’s information about an Eric  Heinz Sr. , likely Eric’s father, led to a shocking discovery.

When Kevin called Eric Heinz Sr. and said: “I’m trying to get hold of Eric. I’m  a friend of his from high school.

” Eric Heinz Sr. sounded annoyed and  replied: “My son died as an infant. ” Who really was the person  masquerading as Eric Heinz Jr.

? Kevin remembered Eric bragging about  collaborating with hacker Kevin Poulsen. He dug around and found an article about Poulsen  conspiring with two others to rig radio contests.

He recognized the name of one of the  co-conspirators but wasn’t familiar with the other, Justin Tanner Petersen. When he manipulated the Department of Motor Vehicles to read him Petersen’s physical  description, it was a match for Eric. Justin Tanner Petersen was  a hacker working as an FBI informant “to save his own ass,” in Kevin’s words.

The identity Joseph Wernle listed on the apartment was the made-up identity of an  FBI agent named Joseph Ways. Meanwhile, security at Pacific Bell had begun  wiretapping calls from his father’s house. In a lapse of judgment, Kevin had used  his dad's landline while staying there temporarily instead of his untraceable cell phone.

As the FBI pursued Kevin,  he was also pursuing them. He figured out the names and numbers  of the FBI agents Eric was talking to. Upon learning that the agents used the  cell provider PacTel in Los Angeles, Kevin infiltrated PacTel's system to track  their call records and pinpoint their locations.

He also installed a scanner in his office at  the private investigation firm where he worked to detect FBI cell phones, using software  programmed with numbers linked to Eric. In September 1992, Kevin’s scanner detected the  cell phone of FBI Special Agent Ken McGuire. He quickly cleaned up his apartment,  ensuring there wasn’t any evidence.

On the morning of September 30, 1992, police  knocked on his door, and he answered naked. The agents were also not pleased to find  a box of FBI DOUGHNUTS waiting for them. Although the FBI found no evidence, his  close calls with authorities were escalating When Kevin conned the Department of Motor Vehicles  into handing him a copy of Eric Heinz’s driver’s license, DMV investigators tracked him to a print  shop, where Kevin’s grandmother had driven him.

The investigators chased him through  the shop, where he barely escaped, all the while, his poor grandmother  waited in the parking lot for three hours, wondering what had happened to her grandson. Kevin later reflected, “I never felt guilty about  getting information I wasn’t supposed to have…But when I thought about my grandmother, who had  done so much for me and cared so much for me all my life, sitting there in her car for so long,  waiting and anxious, I was filled with remorse. ” It was hard to leave his beloved grandma and  mom, but he knew he had to go on the run.

A warrant was out for his arrest  for violating his probation by hacking and associating with other hackers. Kevin adopted a new identity: Eric  Weiss, the real name of his hero, the magician Harry Houdini. He planned to do his own disappearing act.

To solidify his persona, he infiltrated a credit reporting agency to find an Eric Weiss  with good credit and around his age. Then he got help from Ann, his  friendly contact at the Social Security Administration, to gather  other personal details about Eric. He moved to Denver with his new identity, drawn  by the allure of its natural beauty, and got a gig in the IT department of a prominent law  firm…where he worked by day and hacked by night.

The fun lay in hacking the world’s largest tech  companies with presumably the best security. He set his sights on obtaining the source  code for one of Motorola’s coolest phones, the MicroTAC Ultra Lite. He wanted to understand how the phone’s software worked to try to change the  ESN - just as he had done with his Novatel phone.

Posing as “Rick” from Motorola’s  Research and Development team inIllinois, he got Alisa on the phone, a stand-in for Pam,  an assistant to a VP in R&D who was on vacation. He deceived Alisa by saying that Pam was  supposed to send him the source code for the MicroTAC Ultra Lite but had directed him to  Alisa if she couldn’t send it before her holiday. When Alisa asked, “What version do byou want?

” Kevin had no clue what to ask for and  said: “How about the latest and greatest? ” Just like that, Alisa handed him one of  Motorola’s most protected trade secrets. Though…there was one little hiccup.

Kevin had forgotten to acquire the compiler to translate the source code  into machine-readable code. Still, it was a thrill. Next came Nokia.

He posed as an engineer from Nokia USA in San  Diego and contacted one of Nokia’s offices in Finland where a guy named Tapio transferred  the source code for the Nokia 121 via FTP. Surprised by how easy that was, Kevin  wondered if he could infiltrate Nokia’s internal network…to access more source  codes and information on upcoming releases. He deceived Nokia England’s IT  department into giving him the login details to connect to its operating system, which he exploited to gain full system access  and create a new user account for himself.

Then he set his sights on  a secretive digital phone under development internally called the HD760 He contacted the lead developer, Markku,  persuading him to share the latest source code. However, Nokia blocked outbound  file transfers for security reasons following alerts triggered when  Kevin created his new account. Unfazed, he persuaded Markku  to ship the source code via a tape drive to a Nokia office in Florida.

Largo His friend Lewis would impersonate  the senior vice-president of Nokia USA to retrieve the tape, as it  was too risky for Kevin to go. The package was arranged to be picked up  at a Ramada Inn near the Nokia office. But the FBI had already been alerted.

Kevin became suspicious when he  called the hotel to confirm the pickup and the receptionist seemed nervous  and put him on hold for several minutes. Kevin called back later,  pretending to be an FBI agent: “This is Special Agent Wilson with the  FBI. Are you familiar with the situation on your premises?

” The manager responded: “Of course I am! The police have  the whole place under surveillance! ” It was time to leave and become someone else.

He settled on Seattle because of its  tech scene, Thai food, and good coffee. He adopted the identity of a baby who died,  Brian Merrill, which he obtained by posing as a private investigator at South Dakota's  state registrar for vital statistics. He had to be extremely careful about hiding his  real identity.

The front page of the New York Times labeled him: “Cyberspace’s Most Wanted” Kevin felt journalist John Markoff had  wrongly turned him into a supervillain. The article was right about one  thing, Kevin was eluding the FBI. Special Agent Kathleen Carson confirmed as much in a letter to a British computer  expert Kevin had been in contact with.

The letter read, in part, “I do not believe  we will ever be able to find him via his telephone traces, telnet or FTP connections…Your  assistance is crucial to this investigation. ” The crucial assistance the FBI received  actually came from Tsutomu Shimomura, known as Shimmy, one of America’s most  skilled computer security experts. Shimmy joined the FBI manhunt because he was  furio us that Kevin had hacked into his computer.

At the time, Shimmy and hacker  Mark Lottor were working on a special project involving the OKI 900 cell phone. They had reverse-engineered it, allowing  them to change the ESN via the keypad. Eager to learn more, Kevin  hacked into Shimmy’s server and managed to steal files from his home computer.

Shimmy was FURIOUS when he discovered the  intrusion using network monitoring tools. Kevin wrote in his memoirs: “I had unleashed a hacker vigilante who would stop  at nothing to get even with me. ” The high of hacking into  Shimmy’s server was short-lived.

Police armed with a search warrant entered Kevin’s home when he wasn’t there  and seized his electronics. They were not the FBI but local cops who  were looking into his alias Brian Merrill. Still, it was only a matter of time  before the different agencies talked.

He fled Seattle for yet another fresh start,  relocating to Raleigh, North Carolina. He was now Michael David Stanfill - an identity  he acquired after infiltrating the admissions office of Portland State University and  accessing more than 13,000 student records. Remember when he hacked into  Motorola and obtained the source code without securing the needed compiler?

Kevin had forgotten to acquire the compiler  necessary to translate the source code into He now manipulated an engineer  named Marty from Motorola’s compiler supplier to FTP the file to him. Marty mentioned that the FBI was  tracking a superhacker that they figured would try to acquire the compiler. Little did he know he was  talking to that very superhacker.

High from this latest stunt, Kevin woke  up one day to find his cell phone dead. His service provider disconnected it because the  real Michael Stanfill had reported identity theft. The ruse unraveled when Kevin attempted to  avoid paying a $400 deposit for new electricity customers by requesting a reference  letter from Michael’s utility company.

Unfortunately for him, the letter was  also faxed to the real Michael’s address, exposing the fraud. Portland  General Electric, fax machine With his deception discovered,  Kevin chose another alias from the thousands he accessed from Portland  State University, G. Thomas Case.

The Feds were closing in on him, and  they were about to get a lucky break. Kevin had stored the files  he grabbed from Shimmy’s server on a community forum called The Well. However, The Well had an automated alert system that notified users when they used  a significant amount of disk space.

One day, Bruce Koball received an email indicating  that his account for an event he was organizing was using 150 MB of storage on The Well’s servers,  which was a substantial amount at the time. Bruce discovered that the stored  files didn’t belong to him. They contained emails addressed  to tsutomu’s work email.

They were the stash of files  stolen from Shimmy’s computer. When Kevin tried to figure out how much  the Feds knew about him by hacking into journalist John Markoff’s emails,  Shimmy was watching his every move. Internet service providers granted  Shimmy full access to their networks.

By cross-referencing instances of  unauthorized access to The Well with the login and logout records from the internet  service provider Netcom, Shimmy found a pattern. One account accessed The Well through  Netcom’s dial-up modems in Denver and Raleigh. Shimmy’s team traced the call in  real-time to Sprint’s cellular network.

However, Kevin had manipulated  the system to use a phone number that wasn’t assigned to any customer  but still appeared to be legitimate. So, a Spring engineer cleverly focused on  calls placed to the manipulated number rather than from it, leading to a Raleigh area code. These connection attempts consistently utilized the same cell phone tower, indicating  that the phone Kevin used to connect to the internet was in a fixed location.

Shimmy hopped on a plane to Raleigh. Kevin’s attempt to connect to Netcom through a different cell phone provider  as a precaution was in vain. All cell phone companies were on  the alert for any strange activity, immediately relaying it to Shimmy.

When a suspicious data call was underway, Shimmy and his team jumped into a vehicle and  used a radio direction-finding device to try to pinpoint the source of the cellular radio  signal, leading them to Kevin’s neighborhood. When they intercepted a conversation  between Kevin and another hacker, journalist John Markoff who joined the  pursuit, recognized his voice and shouted: “It’s him. It’s Mitnick!

” After finishing up at the gym, Kevin went home and logged onto his computer  a little after midnight on February 15, 1995. He noticed several of the  backdoors he had been using to access various systems  had unexpectedly vanished. He had “.

. . a sinking feeling in his stomach  that something bad was about to happen.

” So, he looked out into his apartment corridor, which gave a view of the parking  lot, to see if he was being watched. A U. S.

Marshal caught a glimpse of him. Door knock sound At 1:30 am, Kevin got a knock on the door. “Who is it,” he yelled.

“FBI” After nearly three years of  hiding, they finally caught him. When Kevin passed Shimmy in court, he  said: “I respect your skills. ” and nodded.

Shimmy returned the nod. Kevin was tossed into solitary  confinement, his greatest fear. He tried to get out on bail, but  the judge denied him a bail hearing.

Lawyer and client on computer might  be better, and then computer virus At first, he and his lawyer weren’t  allowed to examine the electronic evidence against him as the judge feared  he’d unleash a destructive computer virus. Due to the harshness of how he was being treated, a community of supporters banded together  and started the “Free Kevin” movement. When Kevin saw the outpouring  of support, it moved him.

“. . .

it meant the world to me that there  was an army of people working tirelessly to support me. It gave me more hope  and courage than they could ever know. ” Prosecutors alleged that he caused $300 million in damages based on the value of thee source  code, which included development costs.

Kevin thought that was ridiculous and likened  it to: “. . .

nabbing someone for stealing a can of Coke and demanding that he repay the cost  of developing Coca-Cola’s secret formula! ” He argued the damages should reflect  the value of the source code license, which he estimated to be under $10,000. Ultimately, he was ordered to pay  $4,125, factoring in his ability to pay.

He wasn’t exactly wealthy. He had never used or sold any  of the information he accessed. Kevin pleaded guilty to seven counts, including: Wire fraud Computer fraud Possession of access devices Interception of data communications He served five years in prison.

When he was released on January 21, 2000, he said: “My case is a case of curiosity. ” Kevin Mitnick, thank you for  being with us here today. After his release, his former adversary, the U.

S.  government, invited him to share his insights. The human side of computer security  is easily exploited and constantly overlooked.

Companies spend millions  of dollars on firewalls, encryption, and secure access devices, and  it’s money wasted because none of these measures address the weakest link  in the security chain. The people who use, administer, operate, and account for computer  systems that contain protected information. Kevin became hugely sought-after.

Kevin Mitnick is the world’s most famous hacker. Kevin Mitnick is the CEO of  Mitnick Security Consulting. He used his hacking skills ethically by advising  companies on strengthening their security.

And also shared helpful everyday advice. 0000000, and voila. Stay safe.

Don’t trust the safes. Kevin had created a new life for himself. And found love again, marrying Kimberley, whom he  met at a Cybersecurity conference in Singapore.

But his happiness would be cut short. In 2022, Kevin received the devastating  news that he had pancreatic cancer, which he battled for fourteen months. On July 16, 2023, Kevin Mitnick died peacefully.

He was 59 years old. At the time of his passing, his wife was pregnant. Kimberley later expressed, “Our son will know  you and I am convinced he will be a mini you.

” Kevin Mitnick went from being the world’s most wanted hacker to the world’s  most wanted security expert. His insights have changed how companies and  individuals protect their most sensitive data. As Kevin reflected on his remarkable  journey, he said it was “just like magic”.

While Kevin never used any of  the information he accessed, the reality is, not everyone  out there would do the same. In 2023, Americans lost $10 billion to fraud with imposter scams topping the  list, according to the FTC. And if you’ve ever Googled your name or email, as I have, you’ll be shocked at just how  much information is out there about you.

And unfortunately, data brokers  sell your information to scammers, spammers, and anyone looking to explo it you. That’s why I’m really excited to be partnering  with Aura, the sponsor of today’s video. Aura is on a mission to safeguard you online.

Aura shows you which data brokers  are selling your information and automatically submits opt-out requests for you. This doesn’t just cut down on spam but  protects you from hackers trying to access your social media, bank accounts,  or other sensitive information. Beyond safeguarding your information from data  brokers, Aura includes a credit monitoring service where you can monitor your credit and  get fraud alerts, as well as a password manager, antivirus protection, and a VPN - all without  having to download several different apps.

It’s the best of everything  at an affordable price. Aura is FREE for you to try out for  two weeks if you sign up with my custom link in the description: aura. com/NEWSTHINK That’s aura.

com/NEWSTHINK,  the link is in my description. Thanks for watching. For Newsthink, I’m Cindy Pom.