Legendary hacker Mitnick turns legit

hacker 88 (photo credit: )
hacker 88
(photo credit: )
As he kneeled down and fumbled around in one of his two computer bags in search of extra business cards, Kevin Mitnick looked like your typical scatter-minded computer geek. Once found, however, his silver-coated card, designed to appear like a miniature kit of lock-breaking tools, embossed with the name of his company - Mitnick Security Consulting - told a different story: that of a formerly notorious computer hacker turned expert on preventing cyber-crime. "I just thought it would be kinda cool," he said, handing the card out Thursday at a conference on Internet security organized by the Israeli branch of IDC, a company specializing in global research and consulting. He weaved together anecdotes from his hacking days with an analysis of what he calls "social engineering," which essentially means conning people to get them to reveal passwords and other sensitive computer-related information. Mitnick, as he recounted during his lecture, began hacking as a teenager in California, tapping into various telephone networks before moving on to the kinds of corporate network break-ins that earned him five years in a federal prison. "Last night," he said at the beginning of his talk in his typically wry, dead-pan manner, "I had dinner with the CTO of a security company, and invited a friend to come along." When he asked his friend later that evening if he had told their dinner partner where they had met, the friend told Mitnick he had described them as "neighbors." "That was partially true," Mitnick told the audience. "He was my neighbor in federal detention." Following his release in 2000, Mitnick - who is now in his early forties - transformed himself from one of the world's most famous hackers to one of its most sought-after on-line security consultants. When he was released, Mitnick wasn't even allowed to use a computer. Currently, he is completing his biography, which will be released in 2007 - the year the restriction placed on him by the US government, which has banned him from profiting from his own story, expires. In addition to writing and lecturing world-wide about on-line security, these days Mitnick is hired by companies to break into their computer networks, reveal their security system weaknesses, and teach them how to better protect themselves. So far, he said, he has never failed to break into any system whose security he was hired to assess. "Social engineering," Mitnick explained during the first lecture he has ever given in Israel, "is a form of hacking that relies on influencing, deceiving, or psychologically manipulating unwitting people to comply with a request. I run into a lot of companies where you have the best technology money can buy - but all a hacker needs to do is target one person who has no idea what information they are giving out, and all the money spent on technology is useless." "I used to get in a lot of trouble and which I now get paid for," Mitnick said at the end of his lecture. "I regret having done it, but I did it for the challenge and out of intellectual curiosity, and now I am happy to benefit." Then he turned to his many admirers among the Israeli computer specialists who attended his lecture, and wrote his name on a detached phone receiver one man handed him - the high-profile ex-hacker's version of signing a baseball.