×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mitnick Testifies on Telco's Security

michael posted more than 11 years ago | from the what-me-worry dept.

Security 217

Woefdram writes "Our favourite computer criminal (?) Kevin Mitnick testified in a case against Telco Sprint that their security was like Swiss cheese: full of holes. The story on SecurityFocus quotes Mitnick, saying, 'I had access to most, if not all, of the switches in Las Vegas,' and tells how he came up with a list of 100 challenge-response codes." We've written about this case before.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

217 comments

My name is Kerry Getz (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761598)

I am from Lehighton Pennsylvania and I like to stress

Re:My name is Kerry Getz (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761615)

His name is Robert Polson

Re:My name is Kerry Getz (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761637)

Will the real Kerry Getz please stand up?

Re:My name is Kerry Getz (-1)

propstoalldeadhomiez (444303) | more than 11 years ago | (#3761659)

Since you did not claim this as the fp, I am claiming the fp for CLIT. Thank you AC.

Re:My name is Kerry Getz (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761704)

Fine by me. I admire the CLITs work. All I want is some recognition for the cKY crew.

snot (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761600)

post

kill the submitter ! (-1)

Adolf Hitroll (562418) | more than 11 years ago | (#3761725)

There ain't no fscking holes in the Swiss Cheese!!!
You are confused between French Gruyere and Swiss GruyereS.
You should get out of your former British colony a li'l more often, you pigs !
And BTW Mitnick is a has-been...

Why do it? (2, Interesting)

Anonymous Coward | more than 11 years ago | (#3761603)

Why give yet more attention to a pathological 'social engineer' (liar)?

Re:Why do it? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761607)

Because of his excessively large penis.

Re:Why do it? (-1)

cyborg_monkey (150790) | more than 11 years ago | (#3761619)

If his penis is so large, how is it that you are still able to talk?

Re:Why do it? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761629)

He can unlock his jaw on a whim.

Re:Why do it? (2, Interesting)

JPriest (547211) | more than 11 years ago | (#3761920)

As someone that was following the series of articles that securityfocus was publishing on "phone phreakers owning Vegas" this is actually very interesting news. The articles detail about how "hackers" are stealing business by re-routing phone calls. After multiple complaints from the business owners sprint could never seem to find a problem during its investigations and insisted they were crazy. It was concluded that the "hackers" had someone inside working for sprint tipping them off because the phone system always seemed to route just fine while sprint was doing its audits. One of the frustrated business owners hired Kevin Mitnick to come in and help straighten things out, and that was the last I've heard till now. The Security focus has a write up is here [securityfocus.com]

Re:Why do it? (0, Redundant)

JPriest (547211) | more than 11 years ago | (#3761938)

"he Security focus has a write up is here" Sorry, I stopped making since hours ago.

Re:Why do it? (5, Funny)

GodInHell (258915) | more than 11 years ago | (#3762469)

You gotta admit though, he's got the earmarks to be one of those great mythological figures one day.

Can you prove it?
Wait here for a few minutes..
**a few minutes later**
Here are the passwords for your central switches, I had them on file in one of my drop points down the street. Lucky me that it was still there.
**laywer fumbles and swears**

Remember, Hackers are like boyscouts, they're always prepared.. they just prepare for alot more than preventing forest fires and walking old ladies across the road.

-GiH
-This isn't my dog, this is an aibo. My dog is years more advanced than this.

well (0)

Anonymous Coward | more than 11 years ago | (#3761608)

We've written about this case before. Then STOP writing about it. Waste of electrons, as usual.
Mitnik is not such a wonderful person. He is free now, get off the soapbox and stay off it.

Should they (1)

af_robot (553885) | more than 11 years ago | (#3761609)

hire a better system administrator?

or this is a company policy to keep system insecure to gain more PR from hacker incidentes?

What I want to know... (3, Interesting)

DutchSter (150891) | more than 11 years ago | (#3761639)

...is this testimony going to come back for possible charges in the future? In other words, could Sprint now decide to go after him? You really can't take the fifth once your statements have entered the public record. You can refuse to answer any further, but only in a trial in which you are accused. This is 1) Not a trial for Mitnick 2) Is not in a court of law, it is being held in the State Public Utility Commission. Consequently, all his testimony becomes public record, and he could never claim immunity or something should Sprint decide to turn around and come after him for 'losses' or the DA for criminal purposes. His only hope might be statute of limitations.

Any ideas?

Re:What I want to know... (5, Informative)

Brento (26177) | more than 11 years ago | (#3761651)

...is this testimony going to come back for possible charges in the future? In other words, could Sprint now decide to go after him?

No. He's already been tried for this specific crime - it would be double jeopardy. (Yes, like the movie with Ashley Judd, only with less sex appeal, since there's no women's prison involved.) You can't be tried for the same crime twice. If you commit two murders you can be tried twice, but they can't try you twice for the same murder.

Re: Double Jeopardy (1, Interesting)

Anonymous Coward | more than 11 years ago | (#3761671)

Of course, the problem with the movie "Double Jeopardy" is the fact that there was no double jeopardy involved. If you kill someone and are tried for that, and it turns out the person isn't dead after all, you can still be tried for killing them again since it's a different crime. Same person, but different crime.

It's like saying that if you rob a bank the first time, you're going to jail. But each time you rob it after that, you can't be tried because you've already been tried once. Not likely, you're still going to jail again and again.

Re: Double Jeopardy (1)

djweis (4792) | more than 11 years ago | (#3761904)

But you can only be dead once. You can rob a bank over and over (until they lock you up, I guess).

Re: Double Jeopardy (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3762002)

the problem with the movie "Double Jeopardy" is the fact that there was no double jeopardy involved

Yes, but this isn't a problem with the movie, it's a problem with the main character's interpretation of the law.

Nowwhere in the movie did you ever see a law enforcement official (judge, lawyer, or cop) claim that she wouldn't be jailed again for killing that guy.

Re: Double Jeopardy (2)

vinnythenose (214595) | more than 11 years ago | (#3762131)

But if they found you guilty the first time and you hadn't committed the crime, then you could sue the government right?

Land in jail for 20 years.
Sue goverment, get 20 million or so.
Land back in jail for another 20 years.
Use eBay extensively.

That'd be the pattern right?

Re:What I want to know... (1)

DEBEDb (456706) | more than 11 years ago | (#3761695)

A subtle point: a crime is a violation of the law. So if by a single act you violated 2 laws, you committed 2 crimes, and you can be tried for each.

Re:What I want to know... (1)

taliver (174409) | more than 11 years ago | (#3761721)

So if by a single act you violated 2 laws, you committed 2 crimes, and you can be tried for each.


But they must be pursued at the same time. As an example, the prosecutors did not have 400 or so attempts to try McVeigh for blowing up the building, even though he committed 400 or so murders in that event.

Re:What I want to know... (0)

Anonymous Coward | more than 11 years ago | (#3762129)

167 is the actual number.

Re:What I want to know... (2)

monkeydo (173558) | more than 11 years ago | (#3762246)

You are misinformed. McVeigh was only charged with 8 counts of murder even though he killed 168 people. He was charged with the murder of the 8 federal officers, this was sufficient when convicted to get him the death penalty.

In the case of multiple homicides especially prosecuters will hold back counts if they would not increase the penalty and leaving them out do not affect the case. For example, if a mother drowns her 5 children you first carge and try her for 2 counts of murder. If for some reason she is aquitted you can charge her with the other counts. There is no double jeopardy in this case.

Re:What I want to know... (2)

mark_lybarger (199098) | more than 11 years ago | (#3762279)

where does it say that "related" crimes must be tried together? most prosecutors lump crimes into one trial in order to expidite the process and to get a hefty sentence.

if two people commit a crime together, they are tried together or separately depending on how the prosecutors think the outcome might be. maybe one will squeel on the other and as a result might be tried separately under lesser charges.

Re:What I want to know... (1)

HD Webdev (247266) | more than 11 years ago | (#3762416)

If you commit two murders you can be tried twice, but they can't try you twice for the same murder.

Sure they can.

First, you get tried by the State.

At a later date, the Federal Government can prosecute the Murder as a Hate Crime.

It's a way to do an end-run around the double jeopardy rule.

Re:What I want to know... (4, Informative)

jacoberrol (561252) | more than 11 years ago | (#3761656)

A quote from the article:

"With the five year statute of limitations long expired, Mitnick appeared comfortable describing with great specificity how he first gained access to Sprint's systems..."

Re:What I want to know... (2)

DutchSter (150891) | more than 11 years ago | (#3761690)

Yeah I read that but my thought was that if Sprint has long been claiming they are untouchable and someone goes on record as having broken it - They just might come looking at your door for problems they have been experiencing recently. If you've got someone who admits he knows how to break in, and you had a break in a year and a half ago that never went public, it seems obvious who you start looking into. Remember, Spring was "unaware" of these vulnerabilities. That means that probably until yesterday (and maybe even now), those doors were still open. One person has confessed to being there before.....

Re:What I want to know... (2)

Zapman (2662) | more than 11 years ago | (#3761754)

No, the really funny bit is that this challenge/response list is now A PART OF PUBLIC RECORD. If (important if) it's true, phreaking could have quite the little renaissance.

Re:What I want to know... (1)

gallen1234 (565989) | more than 11 years ago | (#3762424)

Does anyone know if statutes of limitations apply to civil cases or only to criminal ones? If it's the later then Sprint might still have be able to make a case.

Re:Should they (0)

Anonymous Coward | more than 11 years ago | (#3761663)

Unfortunatly this is how businesses run. When they want to cut money, the first to go are the sysadmins cause I mean golly anyone can do it right? Kinda going off subject here but, it is damn hard to convince people that they NEED a competant sysadmin and they NEED someone who's life is to sit there watching and maintaining their computers. Look how hard it is to get a job nowadays in that field. I can bet you 80% of the sysadmins out there arn't doing it as thier full time job, they are programmers/sysadmin or documentation writer/sysadmin. There is not cost cutting strategy that works, security, maintenance, and troubleshooting is a fulltime job and distractions hurt the overall network schem.

Publicity grubbing... (4, Interesting)

Ratface (21117) | more than 11 years ago | (#3761612)

The only thing Mitnick is better at than hacking (or possibly eating pizza!) is publicity grubbing. Let's face it, there have been thousands of better crackers, but Mitnick manages to always claim the spotlight. Most people would want to lie low after what Mitnick has been through - but he has a career as "Celebrity Cracker" to maintain.

I liked this quote "The only way I know that this is a Nortel document is to take you at your word, correct?," asked Riley. "How do we know that you're not social engineering us now?" - now *that* guy is thinking correctly!

Re:Publicity grubbing... (0)

Anonymous Coward | more than 11 years ago | (#3761627)

Well think about it man, if all you knew and worked for involved computers, then how the hell would you make a living when the courts have taken your right to use any type of computer at all. I think he has said that if he even placed his hands on a keyboard the feds would take him in for violation of parol. I mean how else is a super cocky computer nerd going to make a living? By sticking it to the man thats how.

Re:Publicity grubbing... (0)

Anonymous Coward | more than 11 years ago | (#3761738)

Has Mitnick ever actually worked in a job related to computers?

I've always gotten the feeling he never held a job, has zip formal training, and is just a pathological liar type, street smart and good at fooling people. He knows 'some' about computers, but nobody anywhere would ever hire him as anything more than a cable puller based on his credentials.

Really, with his experience, he should be looking for work as an office boy.

Re:Publicity grubbing... (0)

Anonymous Coward | more than 11 years ago | (#3761759)

As a matter of fact he has. He used to work for as a sysadmin for a law firm when he was hiding under the gun of the law. He was making pretty good money and used this oportunity to attack even more unsuspecting victims.

Re:Publicity grubbing... (4, Insightful)

CodeMonky (10675) | more than 11 years ago | (#3761640)

You left something out, Mitnicks response to the question.

Mitnick suggested calmly that Sprint try the list out, or check it with Nortel. Nortel could not be reached for comment after hours Monday Perhaps he knew that spring/nortel couldn't be reached. But you should still at least include the response if you're gonna quote something like that.

Re:Publicity grubbing... (3, Insightful)

Your_Mom (94238) | more than 11 years ago | (#3761717)

Let's face it, there have been thousands of better crackers...
I have to say that Mitnick is one of the better crackers in recent memory, sure he gets the spotlight a lot, but I think thats because he got thrust into the public spotlight back during the Shimomura episode. I mean, how many crackers made the front page of newsweek?


Yes, there are other deserving people out there, but I don't mind Kevin cashing in on his "fame". Who wouldn't?

Re:Publicity grubbing... (1)

g051051 (71145) | more than 11 years ago | (#3762402)

Mitnick should not be classified as "one of the better crackers in recent memory". He was actually pretty incompetent. Cracking is just 1/2 of the equation. Not getting caught is the other 1/2. A "better cracker" would not have been noticed, and would not have been caught.

I'll say it again: He's the computer equivalent to the shaking junkie who sticks a gun in the face of a 7-Eleven clerk to get money for a fix, then waves to the security camera on the way out. He left a trail a mile wide, and couldn't stop his illegal activities even when he knew the authorities were after him.

I thnik Slashdot needs a "Kevin Mitnick" category so I can exclude stories about him.

Re:Publicity grubbing... (5, Interesting)

Ami Ganguli (921) | more than 11 years ago | (#3761763)

Under the circumstances, I can't say I blame him. The man isn't allowed to touch a computer. Nowadays that means he can't even work at McDonalds.

Cashing in on his celebrity is the only carreer option the guy has.

Re:Publicity grubbing... (0)

Anonymous Coward | more than 11 years ago | (#3761794)

Sorry my first thought when I read "Celebrity Cracker" was Chris Rock saying it. Dont we have enough famous crakas?

Re:Publicity grubbing... (2, Insightful)

Jesus IS the Devil (317662) | more than 11 years ago | (#3761872)

You have to compare apples to apples and oranges to oranges. Kevin did all of this back when the internet was still in its infancy. Back then there wasn't this vast sea of information script kiddies can just search for and dig up. If you wanted to crack, you had to figure it out by yourself. No doubt. He was one of the best crackers out there. His deeds were evil but he was a good cracker.

Re:Publicity grubbing... (0)

Anonymous Coward | more than 11 years ago | (#3762226)

But he wasn't a cracker (which implies some sort of technology), but a social engineer. He basically got people to tell him logins, access codes, etc. If anything all he had was a nack for fooling people, I tend to think of him more as a used car salesman and less as a computer wiz.

Re:Publicity grubbing... (2, Insightful)

LittleGuy (267282) | more than 11 years ago | (#3761958)

Gaining celebrity out of being on the wrong side of the law (whether justly or unjustly) has been long prevalent, from Jesse James to Bonnie & Clyde to Al Capone to John Gotti to 'Mayflower Madam' Sydney Biddles Barrow and beyond (with Winona in the on-deck circle).

Why should we surprised by whoring notorious characters on the tech side?

Plead the Fifth! (3, Funny)

TheDick (453572) | more than 11 years ago | (#3761616)

Never EVER testify like this, no matter WHAT the DA promises you. Shit Kevin, I thought you knew better?

*FREE KEVIN*

Re:Plead the Fifth! (1)

AndrewSchaefer (89406) | more than 11 years ago | (#3761693)

You retard... It's a civil suit, not a criminal trial. The DA has nothing to do with this. There's a 5 year statute of limitations on the crimes that he is testifying to, so it doesn't matter what he says.

Re:Plead the Fifth! (-1, Flamebait)

spanky748 (588047) | more than 11 years ago | (#3761746)

Free Him!!!!
He is a cunt, He shouldnt be freed, He should be fed to the fucking dogs.

The real speech... (4, Funny)

alapalaya (561911) | more than 11 years ago | (#3761622)

"their security was like Swiss cheese: delicious."

(yeah, my .sig is wrong, so what?)

Re:The real speech... (0)

Anonymous Coward | more than 11 years ago | (#3761767)

(yeah, my .sig is wrong, so what?)

There's many places in the world where the numbers of neighbouring houses differ by one. Maybe the beast comes from one of those.

Re:The real speech... (0, Redundant)

alapalaya (561911) | more than 11 years ago | (#3762136)

...you are the smartest AC I've ever met!

(my .sig is not wrong... have a look at the parent message!)

Sentence (3, Interesting)

Dilbert_ (17488) | more than 11 years ago | (#3761626)

Wasn't he forbidden to do any kind of computer related work ever again? And would testifying in this case mean breaking his parole? Just wondering...

Re:Sentence (2)

CodeMonky (10675) | more than 11 years ago | (#3761632)

He's gotten exemptions to speak at conferences so I am assuming that something like that occured for this.

Re:Sentence (1)

cyborch (524661) | more than 11 years ago | (#3761644)

Being forbidden to do any computer related role makes it hard to maintain any job these days. Actually he cannot even sit at a counter nor a bus driver... almost any device has a omputer in it these days... I haven't read the minutes of Kevins trials but I think the sentence was a bit less restrictive than that.

Re:Sentence (2)

ranulf (182665) | more than 11 years ago | (#3761662)

Given that there are accurate minutes taken of everything that is said in court, I think they'd be able to keep pretty close tabs on what he testifies in court, don't you?

And besides, the judge knows the system. He wouldn't even be allowed to testify in court if it broke his parole.

Re:Sentence (4, Interesting)

Wingchild (212447) | more than 11 years ago | (#3761686)

From http://www.usdoj.gov/criminal/cybercrime/mitnick.h tm [usdoj.gov] :

"Once he is released from prison, Mitnick will be on supervised release for three years, during which time his access to computers and his employment in the computer industry will be severely restricted."

While testifying in a case isn't technically work in the computer industry, consulting definetly would be. Maybe this is outside the scope because we're talking about telco equipment and not computers per se (which, coincidentally, goes back to Mitnick's roots as a marginally talented phreaker and a decent social engineer)?

Or perhaps Mitnick's just an outright idiot. I don't recall him getting wailed on by Sprint during his legal proceedings, so I'm not certain that he's exempted from prosecution by way of double jeopardy. A curious thing, this testimoney.

Re:Sentence (1, Informative)

Coward the Anonymous (584745) | more than 11 years ago | (#3761751)

One again, he is not working with computers at all, just recounting his experiences from 7+ years ago. And the crimes he committed then have a 5 year statute of limitations.

Re:Sentence (1)

aberkvam (109205) | more than 11 years ago | (#3762066)

Well, I am pretty sure that by now Mitnick has learned his lesson and has everything like this that he does vetted by his own lawyer first. If there was a danger of this testimony getting him in any sort of trouble, he would have just refused to consult on this case.

Of course, maybe that's what the delay they had in getting him on the stand was all about. Hard to tell...

Re:Sentence (3, Informative)

vinnythenose (214595) | more than 11 years ago | (#3762089)

If you had read you would have noticed that he's protected by the statute of limitations. It's been over five years.

Re:Sentence (1, Interesting)

unFKNreal (217693) | more than 11 years ago | (#3762264)

I especially like this part... "Judge Pfaelzer ordered Mitnick to pay only totalling just over $4,125. Judge Pfaelzer said she was issuing this nominal restitution order based on the Court's determination that the defendant would have limited earnings in the future."

Limited earnings my ass. You just know as soon as those 3 years are up (which should be soon), he's gonna be raking it in as a security consultant for somebody like IBM or Sun... Wonder what that judge thinks now!

statute of limitations (1)

caveat (26803) | more than 11 years ago | (#3762312)

I'm not certain that he's exempted from prosecution by way of double jeopardy.
the statute of limitations in nevada for these crimes is 5 years (says the article, at least), and all his breakins were prior to 95. he simply can't be prosecuted for these illegalities; the clock's run out.

You have to wonder. (3, Interesting)

Nomad7674 (453223) | more than 11 years ago | (#3761638)

The article indicates that Mitnick is calmly able to lay out what he did, because the statute of limitations has expired on his alleged crimes. Anyone who has spent anytime watching LAW & ORDER (and of its spin-offs) has to wonder if there is an enterprising District Attorney somewhere combing the law for any permutation of the law WITHOUT a statute of limitations to use against him based on this testimony. For example, he can not be tried for the hacking itself, but could he be tried for Conspiracy?

Re:You have to wonder. (2)

SuiteSisterMary (123932) | more than 11 years ago | (#3761681)

Actually, if he's at all intelligent, which is apparently is, he's garnered immunity in exchange for his testimony.

Re:You have to wonder. (1)

parking_god (191357) | more than 11 years ago | (#3761840)

It was a hearing of Nevada's Public Utilities Commission; there doesn't seem to be a DA involved anywhere, so I doubt he'd get immunity in exchange for anything.

No need to scour the books... (0)

Anonymous Coward | more than 11 years ago | (#3761893)

just call Mitnick a terrorist and make the rules as you go.

Re:You have to wonder. (2)

Get Behind the Mule (61986) | more than 11 years ago | (#3762055)

Anyone know if Mitnick was ever questioned or tried for his hacking in Las Vegas? If he has stated under oath that he didn't do any of that stuff, he might be risking a perjury charge -- unless the statute of limitations has run out on that as well.

BTW, this testimony is a real-world example of what "white-hat" hacking is supposed to be all about -- exposing security weaknesses that might be exploited by others. Of course, Mitnick might have had his black hat on back in the day when he was doing it.

Sad day ... Stephen King dead at 54 (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3761642)


I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. First Ann Landers, now this. Truly an American icon.

Re:Sad day ... Stephen King dead at 54 (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761675)

PROOF?

Google search could find no news about this, so until you can come up with some proof of this you are a liar

Re:Sad day ... Stephen King dead at 54 (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761689)

DIE DIE DIE your books suck stephen king. troll troll troll

Re:Sad day ... Stephen King dead at 54 (-1, Offtopic)

Nakago4 (576970) | more than 11 years ago | (#3761703)

Amazing... since I recall this post showing up in another story about a week ago. He must die an awful lot.

Re:Sad day ... Stephen King dead at 54 (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761712)

He's been dying for at least a year by now.

Re:Sad day ... Stephen King dead at 54 (0)

GETerry (518033) | more than 11 years ago | (#3762252)

I would certainly think that there would be at least a small story about this in the freaking Portland ME newspapers... Sorry ass AC...

EPFMPAE (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3761649)

Early Post For Me Passing the AI Exam! :-)

Re:EPFMPAE (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3761669)

AI = Applied Idiocy

Have to wonder. (1)

prof187 (235849) | more than 11 years ago | (#3761658)

You kinda have to wonder if all of this publicity of someone getting money because their system had been compromised before will spur an onslaught of similar lawsuits, possibly from the same people who got into the system. The trend seems to be, where the media goes, the people will follow.

Not surprising (5, Interesting)

nakedsavage (588065) | more than 11 years ago | (#3761680)

This does not surprise me at all. I work for a large telecommunications company. 4 years ago our group took over responsibility for 40 switches, 32 of which were DMS-100s. The forst thing we had to do was change the admin passwords- some were still the default password installed by Nortel when the switch was first built, others were as simple as admin:admin. All someone would have needed to do is call a NOC and pose as a Nortel engineer to get the dial up numbers and voila! Tens of thousands of customers without service and a very long report to the FCC.

At Least Hackers 2 Was Better... (-1)

SquireCD (465008) | more than 11 years ago | (#3761682)

Free Kevin... oh.. yeah.. that's right. He's been out for 2 years...

Well, hackers 2 was pretty sweet. Thanks Kev!

An interesting turn-about (5, Interesting)

tshoppa (513863) | more than 11 years ago | (#3761732)

The SecurityFocus article takes a very interesting look at the PUC hearing and is, I think, very newsworthy and a significant legal development.

What is most vital is that in this case, unlike other previous Mitnick cases, the telco is arguing that Mitnick didn't break in while Mitnick is insisting that he did. Mitnick is offering proof in the form of documents and passwords and the Sprint of Nevada lawyer is saying that the information Mitnick is bogus or publicly available. This is such an exact turnaround from the last legal tangle that Mitnick was in that I gotta wonder if it's even the same universe.

Does this have any relevance to legal cases outside the Munoz "Vegas escort" case? I don't know, but I could see it happening: Hollywood lawyers calling on DeCSS authors and users, arguing that the software they have doesn't actually promote piracy. Could be interesting!

Re:An interesting turn-about (2)

Peyna (14792) | more than 11 years ago | (#3762193)

It makes sense to challenge something like this. Obviously someone is going to be a little be skeptical if you tell them you broke something they were assured is 100% secure. That would be kind of interesting to turn a few other cases around like that.

His ass is like a Swiss cheese as well (-1)

Anonymous Coward | more than 11 years ago | (#3761809)

I'm pretty sure somebody banged his ass while he did his time in the can. Now the poor as looks, more or less, like the fuckin' cheese. Better he take care for his ass first, then deal with Telco...

from a former Nortel employee... (4, Insightful)

deander2 (26173) | more than 11 years ago | (#3761851)

I worked for a year and a 1/2 on a project designed to replace the DMS-100 provisioning and configuration systems. I can tell you that those systems are complex in the extreme to set up correctly. I knew people who had worked with them for 20 years and still had questions about how they worked. It's not through Sprint's stupidity that they were hackable, it is a by-product of overly complex system engineering.

This is a common problem in this industry. Having complex systems when you're the defacto standard makes a great revenue stream in your consulting and training systems, but kills the reliability of said systems. Nortel/Cisco/IBM never take the fall for it however, because they can just say "well, you didn't configure it right" and Sprint/etc can't even argue - it would take 2 years and 10 consultants to even find out.

Re:from a former Nortel employee... (3, Insightful)

WolfWithoutAClause (162946) | more than 11 years ago | (#3761890)

To be fair to Nortel, these particular systems were hacked 7 years ago, at a time where encryption on the internet was a rarity, and orginally designed well over a decade ago. Security features weren't much of an issue with customers at that time, clearly security is becoming much more of an issue now.

However, very few systems are proof against social engineering, encryption or not.

Re:from a former Nortel employee... (5, Insightful)

JUSTONEMORELATTE (584508) | more than 11 years ago | (#3762003)

To be REALLY fair to nortel, while the web was young seven years ago, (the net was old, even then) that has absolutely nothing to do with this crack job.
The DMS-100s were broken the good old fashioned way -- use a war dialer to find the dialup number, then call the switch directly. Once connected, try the obvious passwords first (either admin/admin or admin/NORTEL_DEFAULT_PASSWORD, which Mitnick had learned from Nortel docs)

Deander2 got it right -- Nortel designed an absurdly complex product, and was unmotivated to clean house because they were able to rake in the consulting bucks. WHEN (not if) this comes back to bite a client in the butt (like it did with Sprint) Nortel takes no heat for it, and in fact most likely gets even MORE consulting dollars for a hasty clean-up effort.

social engineering from the movies (1)

rjamestaylor (117847) | more than 11 years ago | (#3762379)

All you need to do is fake a computer date with a nerdish priveleged employee and get him to say "Hello, my name is ______ ________. My voice is my passort. Verify me." Then you're in!

Farm out. Right arm.

Re:from a former Nortel employee... (1)

Grax (529699) | more than 11 years ago | (#3762068)

So you're arguing that it isn't through Sprint's stupidity that they were hackable? that the stupidity was actually Nortel's stupidity?

Incredible article. (1)

Viewsonic (584922) | more than 11 years ago | (#3761926)

It is hilarious reading this ... If this doesn't bring Mitnick from Legendary to Godly I dont know what will. He still has old lockers with passwords and infos.. This is stuff that books and movies are made of, not real life! Incredible.

Find Kevin Mitnick's Locker (0)

Anonymous Coward | more than 11 years ago | (#3762257)

Sounds like a job for Geraldo!

What I think is cool (0)

Ryan_Singer (114640) | more than 11 years ago | (#3761989)

Is that he went and got the list from a nearby storage locker, a not-too-subtle hint that he has lots more potentially powerfull stuff where that came from.

Telco myths resolved. (2, Funny)

Netw0rkAssh0liates (544345) | more than 11 years ago | (#3762026)

Hi there.

After working for several Fortune infinity companies, I have come to the conclusion of my $5,000,000 granted study that anyone able to pick up a telephone is a susceptible hacker. It is about time the telco in every neighborhood started locking down their systems with finger-printing and place a mark on the wrist or hand of every telephone subscriber that he may not buy or sell anything over the phone without this mark. With further granted jurisdiction, the telco should be able to establish a real-time video and audio presence in the homes of each and every telco subscriber and relay this information across satelites so the whole world may be allowed to intrude on anyone's privacy in attempt to prevent people from worshipping anyone but the telco. Kevin Mitnick shall, upon appearance, be put to confinement in a maximum security stone cave, a rock rolled in front of it, and the cave sealed with wax so the telco will know whether the prison had been disturbed within any 3-day period. This is the only way people, and the telco shall have rights to your first post and first born. Anyone that has not lathered sheep's blood above their doorway shall have their building demolished by the telco. As of yesterday, the staff of slashdot.org and the users of the United Nations' oxygen on planet earth must comply or face harsh punnishment from internation agencies that don't like United States citizens. Thankyou for your time.

Sincerely,
Bob Grover

What's the '?' for... (3, Insightful)

nochops (522181) | more than 11 years ago | (#3762125)

Why use a '?' in the post?

Is there any doubt that Mitnick is a criminal?

Since is when is cell phone cloning, carding, and cracking legal?

Since when is running from the law (he was a fugitive) legal?

I think there's no question as to the legality of Mitnick's actions. Weather or not the legal system handled the case correctly is another story, but he is definitely guilty of those crimes.

Re:What's the '?' for... (2)

vidarh (309115) | more than 11 years ago | (#3762295)

Presumably the '?' was there because it is an open question whether he is our "favorite computer criminal", not whether or not he is a criminal. (Note the "favorite" there).

Re:What's the '?' for... (1)

Phreakiture (547094) | more than 11 years ago | (#3762392)

Mitnick is a convicted criminal. That is a fact.

Far more criminal than anything he's done, though, is the fact that he spent so much time behind bars without a trial. So much for a fair and speedy trial....

Why the question mark? (0)

Marcos the Jackle (7778) | more than 11 years ago | (#3762185)

"Our favourite computer criminal (?)"

Are you questioning whether he's our favourite or a criminal? Never the less, he did break the law, therefore he is a criminal. Granted, spending 4 years in jail awaiting trial is pretty screwed up, but he did commit the crime. He got caught - get over it!

Have a day.
Mk.

Why is he a free man? (0)

Anonymous Coward | more than 11 years ago | (#3762220)

This piece of shit should have been buried under the jail in a dark hole to rot. Now he is out FUDing up the place and 'social engineering' his way to star status, but his skillz suxor and always have. He got caught, committing crimes, and that speaks volumes as to how good he really was. No thanks Kevin, I don't think I need security advice from you.

shouldn't that be... (2, Funny)

caveat (26803) | more than 11 years ago | (#3762332)

...ski11z sux0r? (0r s0m3such, i'm n0t th4t up 0n my h4cksp34k)

jealous script kiddie.

Re:Why is he a free man? (0)

Phreakiture (547094) | more than 11 years ago | (#3762414)

So what have you got, you anonymous piece of shit? Show me your "skillz", or are you just another script kiddie with an attitude?

Shady characters... (1)

wub (69839) | more than 11 years ago | (#3762431)

Does anyone find it amusing that this pr0n guy Munoz hires one of the people allegedly responsible for his interruption of service to testify on his behalf.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...