M. Niyazi Alpay
M. Niyazi Alpay
M. Niyazi Alpay

I've been interested in computer systems since a very young age, and I've been programming since 2005. I have knowledge in PHP, MySQL, Python, MongoDB, and Linux.

 

about.me/Cryptograph

The Story of Kevin Mitnick, the Greatest Hacker of All Time

The Story of Kevin Mitnick, the Greatest Hacker of All Time

Kevin Mitnick, born on August 6, 1963, is considered one of the greatest hackers of all time. After spending five years in prison, he was released on parole in 2000. One of the conditions of his parole was to refrain from touching phones and computers. This condition stemmed from Kevin's history of playing tricks on those involved in his conviction, such as the judge and prosecutor. For instance, he once redirected the phone number lookup service to a judge's phone. He also caused someone he disliked to receive faulty phone service for months and arranged for thousands of dollars' worth of bills to be sent to another person's phone. His unparalleled knowledge of phone and computer systems was undisputed.

Kevin Mitnick comes from a troubled family background. His parents separated when he was three, and his uncle was a drug addict who was once accused of murder. His stepbrother, Adam, died from a drug overdose.

His mother, Shelly, earned a living working as a waitress in restaurants and frequently changed boyfriends. Whenever Kevin started to get close to one of her friends, she would bring someone new into her life. Kevin had minimal contact with his biological father, and they frequently moved around, lacking stability in their lives. Given his constantly changing social circle, Kevin had no choice but to rely on phone communication, hence the need to master phone systems. And master them he did.

In 1978, while dabbling in amateur radio, Kevin Mitnick also took an interest in phone systems. He had poor interpersonal skills, often getting into arguments and holding grudges against those he clashed with, frequently causing disruptions in phone lines. This tendency to hold grudges and cause technological harm to people he disliked persisted.

In 1978, Kevin met Roscoe while tinkering with amateur radio systems, and their relationship would endure. When he was caught in 1995, Roscoe was the first person he called. At the time, Roscoe operated one of the phone conference systems popular in the United States to find girlfriends more easily. He enjoyed this aspect of technology: helping him find girlfriends. He would later claim to have lost count of the number of girls he met and slept with through this method and even wrote a pamphlet titled "Seducing Women Using Your Home Computer." Roscoe's girlfriend, Susan, worked as a switchboard operator during the day and engaged in prostitution at night to earn money. With Roscoe's guidance, Susan also began infiltrating phone and later computer systems. Another member of this odd trio, Steven, was knowledgeable about phone systems. Though the four of them were not always compatible, they formed a formidable group. While Kevin was the most technically adept, Roscoe was the glue that held the group together and its mastermind. Despite their mutual dislike, Kevin and Susan tolerated each other because of their shared friend (and Susan's boyfriend), Roscoe.

This group understood phone systems better than the employees of phone companies. Their methods of obtaining confidential and personal information often relied on social engineering: calling someone in the system they wanted to infiltrate, pretending to be someone with authority, and extracting information from them. Roscoe turned this into a science, keeping a journal with extensive details about the personalities of employees: who their superiors were, who worked under them, whether they were helpful or cold, inexperienced or seasoned, even their hobbies and their children's names.

They didn't use the information they obtained for financial gain. The thrill of being able to infiltrate systems and obtain the most detailed information about someone they didn't know was enough for them. Once, they redirected the phone number lookup service to themselves and asked callers questions like, "Are you white or black? We have separate phone directories for each." They found great amusement in such antics.

Later, they shifted their focus from phone systems to computers. While Roscoe roamed university computer systems, Susan accessed military computers.

Kevin Mitnick had a photographic memory. After looking at a list containing many passwords for a while, he could recall the list exactly, even hours later.

After some time, Kevin and Roscoe began to spend time together, especially excluding Susan. Susan was not pleased with this situation. Her dissatisfaction increased when Roscoe got engaged to another woman. Determined to take revenge in the manner any disgruntled and knowledgeable woman could, she decided to take action.

In December 1980, the computers of a company called US Leasing, specializing in leasing electronic devices, were breached. Someone posing as a technician from Digital Equipments called US Leasing to solve a system issue, requesting a valid username, password, and phone number for connection. The unsuspecting employee provided this information without suspicion. However, when the employee called Digital Equipments the next day, they learned that no such person existed and that their company had not contacted them. Throughout that night, the company's printers continuously printed messages such as "System cracker is back. I almost got your System A disks and backups. System B is already gone. Hope you enjoy recovering from that, you asshole," "Time for revenge," "FUCK YOU, FUCK YOU, FUCK YOU," and so on. The entire floor was covered in paper. Occasionally, names appeared on the papers: Roscoe, Mitnick, Roscoe, Mitnick.

It was unclear who had accessed US Leasing's systems. While Roscoe and Kevin blamed Susan, Susan accused them.

Susan's efforts for revenge continued. She reported to Roscoe's company, accusing him of unauthorized use of their computer terminals. As a result, Roscoe was fired. Meanwhile, Susan tracked Roscoe and Kevin's phone records, trying to determine where they called and what they did. Roscoe and Kevin frequently changed phone numbers to evade surveillance. In response, Susan started physically tracing their phone lines to their homes and using a special number at the central office (a technique used by Telecom employees) to find their numbers. However, Kevin, being more knowledgeable, prevented his phone from being traced by accessing the central office's computer. Then, Kevin began gathering counter-evidence by eavesdropping on Susan's phone conversations. Susan would discuss the intricacies and rates of her profession with her new boyfriend over the phone: "if you're aggressive, it's $45 for half an hour, $40 if you're passive, and $60 if you want to wrestle." Meanwhile, Roscoe accused Susan of threatening him and his family and reported her to the prosecutor's office. Susan was in a difficult situation, but she still had an opportunity for revenge. She informed the prosecutor's office and law enforcement officials about the activities of Kevin and Roscoe, seeking protection against this information.

In 1981, Kevin and Roscoe decided to break into the COSMOS center of Pacific Bell, one of the largest telecom companies in the United States, located in Los Angeles. COSMOS was the name of the database program used by telephone companies for all kinds of operations and ran on Digital Equipments computers. Hundreds of COSMOS systems were installed nationwide. They needed to know about 10-15 commands to navigate the system properly, which they obtained by rummaging through the center's trash bins. Among the trash were printer outputs, notes exchanged between employees (including passwords), and similar information. When they realized they needed more information, they posed as center employees to gain entry. They added some names to the section containing employee information. When calling places that used Digital Equipments computers, they used these names as if they were Digital Equipments employees. If the other party called the COSMOS center to verify, they would find these names, believing the caller actually worked for Digital Equipments. They also took several manuals related to COSMOS from a manager's office. However, they went too far. What they did was not hacking; it was plain theft. When the manager whose office they had broken into arrived at work the next morning, he noticed the manuals were missing. They could easily spot unfamiliar names among the employee records, and they notified the company's security department. The security department then informed law enforcement: the same law enforcement officials Susan had informed.

The police didn't take long to raid Kevin's house. Kevin wasn't there. Among the things the police found, there was nothing related to the COSMOS center, but there was plenty related to phone and computer systems in general. Based on statements from COSMOS security personnel, arrest warrants were issued. When Kevin saw the police, he tried to flee, but he was caught after a short car chase. When Kevin was caught, he was shattered: he said he was very scared and cried.

The prosecutor accused Kevin and Roscoe of theft and unauthorized computer access. Just before the trial, Kevin admitted guilt in two counts. In doing so, he was betraying Roscoe but hoping to avoid going to reform school. And he did. His sentence (if it could even be called that) was a 90-day review and one year of probation. The other friends received sentences ranging from 3 to 5 months. Kevin was also prohibited from contacting his group of friends.

As his friends served their sentences, Susan made significant progress and began working as a security consultant. During this time, she even went to Washington to provide information to senators and high-ranking military personnel.

During this time, Kevin continued his expertise with his friend, Lenny, in what they knew best: breaking into computers and telephone systems. The most common computers they encountered were the mini-computers from Digital Equipment Corporation, initially the PDP series and later the VAX series. These computers were widely used in universities and telecom companies. Kevin and his friend, Lenny, often targeted the computers at the University of Southern California. This, once again, got them into trouble. One evening, they were caught "working" on the university's terminals. This time, Kevin couldn't easily get away: he had to spend 6 months in a correctional facility. Meanwhile, he also prepared a videotape on computer security for the Los Angeles police. He was released at the end of 1983.

Kevin started working for a family friend. However, his constant use of the only computer in the workplace drew attention from his boss. Although the boss didn't fully understand what Mitnick was doing, he noticed Mitnick querying credit cards on the computer and became concerned. To express his concerns, he visited the police department; he met with a troublesome police detective, who was investigating Kevin and his friend, Rhoades, at the time. They were being investigated for making long-distance calls using codes from a telecom company and for electronically threatening MIT employees. Around the same time, Kevin lost his amateur radio license due to his behavior on amateur radio broadcasts. For the detective, all of this was enough, and he issued a search and arrest warrant for Kevin. They searched his home and workplace but couldn't find him. Rather than going to jail, he chose to run away.

In the summer of 1985, Kevin resurfaced. The arrest warrant against him had expired. He reconnected with his friend Lenny, who granted him access to computers at his workplaces. Meanwhile, they began to infiltrate computers at the National Security Agency (NSA), the largest intelligence agency in the United States (larger than the CIA and FBI). Within about six months, they obtained user accounts that allowed them to access almost all mini-computers in the Los Angeles area. However, due to pressure from the NSA, Lenny was fired from his job (he was fired from most of the jobs he took).

In September 1985, Kevin enrolled in a computer school. He had a successful period at school.

Kevin had never been good with girls. Therefore, in 1987, when he told his friends he was getting married, everyone was surprised. The bride-to-be worked as a manager in a telephone company (Kevin almost fell over laughing when he heard where she worked), and they had met at school. Kevin and his friend started living together.

Kevin and his friend Lenny broke into the computers of Santa Cruz Operation (SCO), a company that produced and sold a version of the UNIX operating system. They used a secretary's account for their actions, which were eventually noticed. SCO officials, in collaboration with the telecommunications company, tried to trace the source of the connection. Normally, this task would have been easy for them, but this time they encountered a difficulty: they were unable to trace the connection despite Kevin being connected for hours. After some time, Kevin attempted to copy SCO's program, XENIX. But eventually, he was caught when his connection was traced carelessly. His home was raided by local police, where they found computers, a modem (as recorded by the police), a telephone connection device, 55 assorted floppy disks, various books and guides, and a gun. Arrest warrants were issued for Kevin and his friend, but when it was determined that his friend was not involved, the warrant was lifted. During the trial, Kevin and his friend got married. The SCO case ended when Kevin admitted his guilt and cooperated.

In 1988, Kevin and his friend Lenny enrolled in another school. Their first action was to attempt to copy all the files on the school's computer onto magnetic tape cartridges, but they were caught in the process. The school's system administrator promptly informed the police. The police had enough information, and they were determined to put Kevin in prison and keep him there for a long time. However, due to coordination issues between the police, the university, the telecommunications company, and Digital Equipment, nothing could be done.

They used computers at Lenny's workplace for their operations.

Kevin and Lenny's current goal was to obtain VMS, the most valuable software of Digital Equipment. To achieve this, they started navigating through Arpanet. They managed to break into a military computer within Arpanet and began using it to store the stolen software. When it became evident that they had accessed this computer, they moved on to others, including those at the University of Southern California. They would break into these computers, connect to Arpanet through them, and attempt to copy the VMS source code onto these computers. The code they copied wasn't just any version of VMS; it was version 5.0, which had not yet been distributed to customers and was only available on Digital Equipment's internal network, Easynet. Kevin and Lenny had been accessing Easynet for some time. They not only accessed it but also monitored the correspondence between employees within Easynet. Among these correspondences, two individuals caught their attention. The first was a VMS security expert, and the second was another expert working at a university in England who constantly sent the first one the security vulnerabilities he found. Of course, these vulnerabilities also ended up in Kevin and Lenny's hands.

Once the transfer of the VMS source code to the university's computer was completed, it was time to copy the files onto a magnetic tape cartridge. They couldn't do this remotely with the tools they had. They needed to do it at the university's computer terminal. For this task, they brought their old friend Roscoe. Since Kevin was known, he wouldn't enter the university; instead, Lenny and Roscoe would complete the task. Roscoe introduced himself as a student and said there were files to copy onto the cartridge, then ensured the cartridge was inserted into the computer. After that, he met with Lenny and called Kevin to inform him. Kevin remotely connected to the computer and gave the commands needed to copy the files. Once the process was complete, Roscoe took the cartridge. They had to repeat this process several times due to the large size of the files, but eventually, they obtained the source code for VMS. Now they could examine this code and find vulnerabilities in the operating system.

Kevin and his accomplice Lenny engaged in hacking activities, targeting the computers of Santa Cruz Operation (SCO), a company known for its UNIX operating system. They used a secretary's account to gain unauthorized access, but their activities were eventually detected. Despite efforts by SCO officials and the telecommunications company to trace their connection, Kevin managed to evade detection for hours. However, he was eventually caught when his connection was carelessly traced. During a raid on Kevin's home by local police, various incriminating items were found, including computers, a modem, a telephone connection device, floppy disks, books, guides, and a gun. Arrest warrants were issued for Kevin and his friend, but the warrant for the friend was lifted after it was determined that he was not involved. Interestingly, during the trial, Kevin and his friend got married, and Kevin eventually admitted his guilt and cooperated with authorities, bringing an end to the SCO case.

In 1988, Kevin and Lenny enrolled in another school with the goal of copying all the files on the school's computer onto magnetic tape cartridges. However, they were caught in the process, and the school's system administrator promptly informed the police. Despite the police having enough information and being determined to prosecute Kevin, coordination issues between different entities prevented any action from being taken.

Kevin and Lenny then turned their attention to obtaining VMS, the valuable software of Digital Equipment, by navigating through Arpanet. They managed to breach a military computer within Arpanet and used it to store stolen software. Moving on to other targets, including those at the University of Southern California, they attempted to copy the VMS source code onto these computers. This source code, version 5.0, had not yet been distributed to customers and was only available on Digital Equipment's internal network, Easynet. Kevin and Lenny had been accessing Easynet for some time, monitoring correspondence between employees and acquiring valuable information, including security vulnerabilities.

After successfully transferring the VMS source code to the university's computer, they needed to copy the files onto a magnetic tape cartridge. Unable to do this remotely, they enlisted the help of their old friend Roscoe. Roscoe posed as a student and facilitated the copying process at the university's computer terminal. Kevin remotely connected to the computer and provided the necessary commands to copy the files. Despite the large size of the files, they eventually obtained the source code for VMS, allowing them to analyze it for vulnerabilities in the operating system.

During this time, Kevin developed a peculiar connection with a British individual who reported errors in VAX systems to Digital Equipment. Kevin was able to read all the emails the Briton sent to the company. Impressed by the Briton's knowledge, Kevin admired him, leading to phone conversations lasting two to four hours. However, Kevin was disappointed to learn that the Briton was attempting to track him down with the help of the FBI, causing Kevin to sever ties.

In the late months of 1994, Kevin was in Seattle, working as a computer technician at a hospital under the alias Brian Merril. While investigating phone hacking, two detectives from the city's telecommunications company traced a phone conversation to him, during which he discussed computer system intrusion methods. However, a search warrant was not issued until a few months later, by which time Kevin had already evaded capture. He had fled to Raleigh, on the eastern side of the United States, where he intended to carry out his final and most extensive hacking job: breaking into the computer of Tsutomu Shimomura.

Tsutomu Shimomura was a renowned physicist who had received lessons from the famous Richard Feynman and had begun working at Los Alamos National Laboratory at the age of 19. Later, he worked at the San Diego Supercomputer Center, where he became known for his expertise in computer security. When Tsutomu discovered that his computer had been breached, he was shocked and angry, viewing it as a personal threat. Using a technique called IP spoofing, the attacker had disguised their identity by showing Tsutomu's computer's IP address as belonging to another computer on Tsutomu's network. Despite this, Tsutomu was able to trace the attacker's actions, discovering that they had stolen various files, including cellular phone codes, his emails, and security tools.

The attacker, whom Tsutomu suspected to be Kevin Mitnick, had also infiltrated other internet service providers (ISPs) in the area, manipulating their systems. Realizing the severity of the situation, Tsutomu established a base of operations in San Francisco, where he monitored the attacker's activities closely. With the assistance of a technician from Sprint, Tsutomu was able to track down the attacker's location to Raleigh. Working with the FBI, they swiftly moved to apprehend Kevin, who was subsequently sentenced to five years in prison. After his release on January 21, 2000, Kevin was kept under supervision, with restrictions on his phone and computer usage and travel outside the US. These restrictions were lifted on January 21, 2003. Today, he works at Mitnick Security Consulting, LLC, a company he founded.
https://www.mitnicksecurity.com/

Muhammed Niyazi ALPAY - Cryptograph

Senior Software Developer & Senior Linux System Administrator

Meraklı

PHP MySQL MongoDB Python Linux Cyber Security

You may also want to read these

There are none comment

Leave a comment

Your email address will not be published. Required fields are marked *