Q&A: The notorious Kevin Mitnick on hacking, ethics, and the future of tech

Kevin-Mitnick

Today, Kevin Mitnick is a security expert who infiltrates his clients’ companies to expose their weaknesses. He’s also the author of several books, including Ghost in the Wires. But he’s most known as the hacker who eluded the FBI for years, and was eventually imprisoned for his ways. We had a chance to talk to him about his time in solitary confinement, hacking McDonald’s, and what he thinks about Anonymous.

Digital Trends: When did you first become interested in hacking?

Kevin Mitnick: Actually what started me in hacking was this hobby I had call phone phreaking. When I was a junior in high school I was fascinated with magic, and I met this other student who was able to do magic with a telephone. He could do all these tricks: I could call in on a number he told me and he’d call on another, and we’d be joined together, and this is called a loop-around. It was a phone company test circuit. He showed me he had this secret number at the phone company, he could dial a number, and it’d give a weird tone, and then put in a five digit code and he could call anywhere for free.

He had secret numbers in the phone company where he could call and he didn’t have to identify himself, what would happen is if he had a phone number, he could find the name and address of that number even if it was unpublished. He could break through call forwarding. He could do magic with the phone, and I became really fascinated with the phone company. And I was a prankster. I loved pranks. My foot in the door into hacking was pulling pranks on friends.

One of my first pranks was I would change my friends’ home phone to a pay phone. So whenever he or his parents’ tried to make a call it would say “please deposit a quarter.”

So my entry into hacking was my fascination with the phone company and wanting to pull pranks.

DT: Where did you get the technical knowledge to start pulling these things off?

KM: I was interested in technology myself, and he wouldn’t actually tell me how he did things. Sometimes I would overhear what he was doing, and I knew he was using social engineering, but he was like the magician who did the tricks but wouldn’t tell me how they were done, so I would have to work it out myself.

Prior to meeting this guy, I was already an amateur radio operator. I passed my HAM radio test when I was 13, and I was already into electronics and radio so I had that technical background.

This was back in the 70s, and I couldn’t get a C.B. license because you had to be 18 years old, and I was 11 or 12. So I met this bus driver when I was riding the bus one day, and this driver introduced me to HAM radio. He showed me how he could make phone calls using his handheld radio, which I thought was super cool because it was before cell phones and I thought “Wow this is so cool, I have to learn about it.” I picked up some books, took some courses, and at 13 passed the exam.

Then I learned about phones. After that, another student in high school introduced me to the computer instructor to take a computer class. At first the instructor wouldn’t let me in because I didn’t meet the prerequisites, and then I showed him all the tricks I could do with the telephone, and he was thoroughly impressed and allowed me into the class.

DT: Do you have a favorite hack, or one that you were particularly proud of?

KM: The hack I’m most attached to was hacking McDonald’s. What I worked out — you remember I had my HAM radio license — I could take over the drive-up windows. I would sit across the street and take them over. You can imagine at 16, 17 years old, what fun you could have. So the person in McDonald’s could hear everything going on, but they couldn’t overpower me, I would overpower them.

Customers would drive up and I would take their order and say “Okay, you’re the 50th customer today, your order is free please drive forward.” Or cops would come up and sometimes I’d say “I’m sorry sir we don’t have any donuts for you today, and for police officers we only serve Dunkin Donuts.” Either that or I’d go, “Hide the cocaine! Hide the cocaine!”

It got to the point where the manager would come out into the parking lot, look at the lot, look in the cars, and of course no one’s around. So he’d go up to the drive-up speaker and actually look inside like there was a man hidden inside, and then I’d go “What the hell are you looking at!”

DT: Will you talk a little about the difference between social engineering your way into a network and actually hacking into one?

KM: The truth of the matter is most hacks are hybrid. You could get into a network through network exploitation – you know, finding a pure technical way. You could do it through manipulating people who have access to computers, to reveal information or to do an “action item” like open a PDF file. Or you can gain physical access to where their computers or servers are and do it this way. But it’s not really one or the other, it’s really based on the target and the situation, and that’s where the hacker decides which skill to use, which avenue they’re going to use to breach the system.

Now today, social engineering is a substantial threat because RSA [Security] and Google were hacked, and these were through a technique called spear phishing. With the RSA attacks, which were substantial because the attackers stole the token seeds which defense contractors used for authentication, the hackers booby-trapped an Excel document with a Flash object. They found a target within RSA that would have access to information they wanted, and sent this booby-trapped document to the victim, and when they opened the Excel document (which was probably sent from what looked like a legitimate source, a customer, business partner) it invisibly exploited a vulnerability within Adobe Flash and the hacker then had access to this employee’s workstation and RSA’s internal network.

Spear phishing uses two components: Social networking to get the person to open up the Excel doc, and the second part is the technical exploitation of a bug or security flaw in Adobe that gave the attacker full control of the computer. And that’s how it works in the real world. You don’t just call somebody up on the phone and ask for a password; attacks are usually hybrid and combine technical and social engineering.

In Ghost in the Wires, I describe how I used both techniques.

Product Review

The new iPad Mini isn’t a beauty, but it performs like a beast

Apple’s new iPad Mini has beastly performance, fluid iOS 12 software, and good battery life. It also looks like it came straight out of 2015, because the design hasn’t been changed. Here's our review of Apple’s 7.9-inch tablet.
Computing

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.
Smart Home

Viral porch pirate videos freak people out, cause unrealistic concern

Viral porch pirate videos convince others crime is more prevalent than facts indicate. According to polls, even though FBI reports show property crime rates are at historic lows, more people worry about crime today than ever before.
Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Computing

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Deals

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…
Computing

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Computing

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code. 
Mobile

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.
Mobile

Here are the best iPad Pro keyboard cases to pick up with your new tablet

The iPad Pro range can double as laptops, but they do need proper keyboards to fill in effectively. Thankfully, there are loads to choose from and we rounded up the best iPad Pro keyboard cases right here.
Computing

Nvidia faces attacks from AMD, Intel, and even Google. Should it be worried?

Nvidia announced an expanded array of RTX server solutions designed to leverage the power of ray-tracing at GTC 2019. The effort will help Nvidia take on Google's Stadia in game streaming with GeForce Now, and the company's investments in…
Computing

How 5G networks will make low-latency game streaming a reality

Faster speeds and more bandwidth are some of the many promises that 5G can deliver, but for gamers, the most important thing is low latency. To achieve low latency, carriers like AT&T and Verizon are exploring hybrid models for game…
1 of 3