General Musings

Kevin Mitnick RIP 1963-2023

Daniel Bender

4 min read
Kevin Mitnick RIP 1963-2023

Kevin Mitnick recently died due to Pancreatic Cancer and I thought I would write some thoughts on this famous hacker who once was quite the troublemaker who went to prison, who then turned white hat and changed his ways.

Despite what you think of Kevin, his contributions to Cybersecurity are many. Some Cybersecurity professionals despise the man for stealing ideas, claiming things as his own, or just his obnoxious egotistical behavior at different points in his life.  I do not deny his obnoxious behavior and ego at times, yet he still has to be recognized for his feats, skills and contributions to the security industry.  

I have followed Kevin for years, from the early years in the early 80's all the way to current times.  For me personally, his early antics bring a feeling of nostalgia for me. I was involved myself in the early "scene" of war dialing, phone phreaking, underground BBS systems before the internet was a thing back in the early 80's. Back in the days, some of the best early knowledge of hacking, manipulation of phone company switches, and the likes of 2600 magazine interested me quite a bit.  I devoured the information and emmersed myself in the early scene and enjoyed every minute of it much like Kevin.

Kevin was considered a master of Social Engineering way before it was as term in the industry, and it's what he excelled at!  A lot of Cyber professionals don't think he was the most technical hacker, and that may be true, but when it comes to getting your foot in the door, Kevin was a master at it.  Credit is due where credit is due.

There are a few books I have read about his life and his escapades which I will referene at the end of this post for your viewing pleasure.  Kevin in his early years was a kid, and acted like one.  He was careless and selfish in the fact he didn't care what damage or fallout he caused, but I think ultimately he wasn't out to harm companies he hacked.  It was more a quest for knowledge and the art of getting access to well protected networks more as a trophy mindset. Not to mention doing things at the time that very few people were doing.  In that sense he was an industry pioneer.  He was doing things way before things became mainstream, or even had terms for the craft he performed.  That is what I can appreciate about him, love him or hate him.

That being said in summary some of his antics involved dumpster diving, boldly calling up companies to trick and get information to aid in his penetration antics.  Manipulating phone switches to ease drop and wiretap the very FBI agents who were trying to catch him, and so much more. Although he did have a "punk" way about him, and taunted those who were after him including law enforcement.  His creativeness was unmatched, and he had mastered the ability to manipulate people and the environment around him to get him the pieces of the puzzle he needed to break in and trespass on many computer networks of the day.

Kevin wasn't like a lot of Cybercrime professionals we now see who are truly in it for financial gain, or to harm companies in some sort of hacktivist religious fanatical way.  He was a curious kid with a thirst for knowledge and purely focused more on the art of the hack and social engineering, and to get in, not to destroy everything once he was inside.  Although there was times there was collateral damage to his antics, I believe it was not his primary intention.  A lot of the hackers of the day were like this, more of a small elite group of people who wanted bragging rights, and notoriety among their fellow hackers, that is all that mattered.

After rising to fame and escaping getting caught many times, eventually it caught up to him, and he was arrested and jailed.  Many remember the "Free Kevin" movement, and many think he was being made an example of, and rightfully so.  We were in uncharted territory back then, and I can understand both sides of the playing field so to speak.  When Kevin was finally released from jail, he went on to form KnowB4 and turned White Hat and become a force for good.  Almost like a Star Wars story, it made for some very interesting history and reading.

Despite his attitude and his nefarious trouble making ways, I believe even the bad and troubled can change, and turn out to be a force for good.  Many hate the man, many celebrate the man.  I am more neutral in my feelings, but I can recognize a pioneer and a trailblazer when I see one.  While some go as far as to call him "script kiddie", which I find ridiculous, or call him a Legend, I think the answer is somewhere in between.  One thing you cannot deny, he was an expert at the art of Social Engineering.  Which is arguably one of the most important aspects of modern cybersecurity.  He routinely demonstrated the human element is the weakest link, and is still one of the areas the industry struggles with today!  

What can we learn from this man and the things he did?  I think that is obvious in terms of training employees, education on Phishing and security awareness training is not only important, but often the very thing that allows a person to get a foot in the door.  With that I will leave you with two links to highly entertaining and great reads that take you through his life and the adventures he went on to compromise many networks and systems.

Rest in Peace Kevin, your contributions to the Cybersecurity space were many.  Despite what some people think of you, Pancreatic Cancer is awful. You are now truly "free", thanks for all the entertaining reads of your escapades and your contributions to computer security!

Godspeed

Dan

Two books on Kevin Mitnick I highly recommend below!

Ghost in the Wires
The Art of Intrusion