The World vs. Kevin Mitnick (Spring, 1995) ------------------------------------------ By this time, you would have to have been living in isolation not to have heard about the Kevin Mitnick story. Front page headlines and TV newscasts around the world announced the fugitive hacker's capture on February 15 in Raleigh, North Carolina. If you read the opening paragraph of the New York Times on February 16, you would see Mitnick described as a "computer expert accused of a long crime spree that includes the theft of thousands of data files and at least 20,000 credit card numbers from computer systems around the nation." That portrayal is rather damning, to say the least. But let's look a little closer. To the average person, the "theft of thousands of data files" would imply that somebody took away specific and valuable items as part of an elaborate plot. In reality, copying thousands of computer files is easy, quick, and, in most cases, relatively harmless. When put into this context, even if the files were of a sensitive nature, we can see how it's not necessarily part of an evil plot if someone comes along and copies them. With regards to the credit card numbers, this is far more misleading. For one thing, only one computer system (Netcom) had its credit card numbers accessed, not "computer systems around the nation." And this compromise was not even news the Autumn, 1994, issue of 2600 reported it nearly half a year ago. Apparently, Netcom did nothing to secure the credit card numbers of its subscribers and, despite multiple warnings and basic common sense, kept this sensitive information online. And, as an ironic twist, Netcom claimed responsibility for helping to catch this most dangerous criminal in a letter to its subscribers entitled, "Netcom Helps Protect The Internet." Nearly every story ever written about Kevin Mitnick can be traced to one source: New York Times reporter John Markoff. Markoff was also the co-author of 1991's Cyberpunk, a book that focused on Kevin Mitnick (among others) and which was described by Mitnick (2600, Summer, 1991) as having "many, many false statements, misrepresentations, and inaccurate stories." Mitnick believed Markoff and his wife (coauthor Katie Hafner) were miffed at him for not helping with the book. And, as the years went by, it became clear that Markoff was still fixated on the Mitnick saga. In the summer of 1994 he penned a front page article in the New York Times, complete with Mitnick's picture, which announced to the world that he was a fugitive. The only substantive "crime" Mitnick was accused of was probation violation yet the The Times saw fit to make this a front page story. One week before his capture, Mitnick contacted us to express concern over information he had received indicating that Markoff was actively aiding law enforcement to help track him down. It seemed bizarre at the time but as events unfolded, it appeared that this is exactly what was going on. Markoff had been working with a friend of his (Tsutomu Shimomura) whose computer site had been compromised on December 25, resulting in another puzzling front page story that just didn't seem newsworthy enough to be on the front page. When Shimomura concluded that the intruder was "probably Mr. Mitnick," the hunt was on. Shimomura had all the help he needed he programmed for the NSA and the FBI was almost as interested as Markoff. Using cellular tracking, it wasn't too difficult to track down Mitnick. Less than a week later, Markoff and Shimomura signed a $750,000 book deal, no doubt to be called something like Cybersleuth, pitting good hacker against evil hacker. But how much do we actually know? Obviously, enough for a classic cat-and-mouse bestseller. But what will happen to those facts that don't fit in quite so neatly? Will the awkward questions ever be answered? What was Mitnick wanted for in the first place, besides the nebulous "probation violation?" Markoff reported that Mitnick was suspected of wiretapping the FBI while a fugitive. But we never hear how such a conclusion is reached beyond pure speculation. The recent charges appear to be nothing more than a smokescreen, designed to demonize Mitnick and make him appear to be a threat to everyone's privacy. Little mention is made of the fact that not one of the 20,000 credit card numbers lying around on Netcom was ever used by Mitnick, nor was he ever suspected of benefiting financially or causing any damage. Mitnick was also accused of leaving taunting messages on Shimomura's voice mail. Upon closer examination, it's fairly obvious that Mitnick was not at all involved in this - for one thing a new message appeared after he was apprehended! As for the sensitive files, Mitnick was certainly not the only one who had access to them. In fact, serious doubt can be cast as to whether he was the one who figured it out in the first place. The fact that we were able to track down a copy of the directory he was supposedly using tells us that many people already had access. Does this suggest a closely knit conspiracy? Hardly. In classic hacker fashion, word of one person's discovery got out and spread throughout the Net. After all, who could keep quiet about a password sniffer designed for the NSA that could run on virtually any machine? So far, the press has. A 23 count indictment handed down on March 9 charges Mitnick with possessing device-making equipment, possessing unauthorized access devices, and 21 counts of using a counterfeited access device. We assume this to mean reprogramming a cellular phone in order to remain hidden. The government says that this indictment only covers a period of several days before Mitnick's arrest, the implication being that there will be many, many more charges added to cover the years that he was on the run. This is a spiteful and vindictive approach - these "crimes" came about because of Mitnick's fugitive status; it's simply not possible to be a fugitive and live one's entire life on the books. Any damage or outright theft should naturally be followed up on but in this case such actions seem practically nonexistent. It's becoming clear that the government intends to punish Mitnick over and over again for getting away. And we may never find out why he was running in the first place. How long Mitnick will be imprisoned for is really anybody's guess. Judging from the way some influential people are talking, it could be a very long time. We have to get the facts so that we can judge for ourselves what "real world" crimes we're talking about. The potential to learn from this still exists but the desire to punish and make an example threatens to thwart that.