Convicted computer hacker Kevin Mitnick has mellowed since the days of his reckless youth when he intruded into,...
among other places, the North American Defense Command's computer network.
These days, Mitnick, 37, still treads among software giants. Instead of mayhem, however, Mitnick brings advice, warning developers to give top priority to security.
"Software developers really need to design security into the product from the beginning," Mitnick told the Software Development 2000 Conference and Expo in Washington, D.C. this week.
Mitnick said companies leave themselves vulnerable to attack in their rush to beat competitors to market.
"Developers need to take the time and energy to audit their code and look for vulnerabilities," Mitnick said.
Mitnick's pointed comments were also turned toward Microsoft.
Mitnick said he finds it hard to believe Microsoft's claims they sat back and watched while a hacker recently broke into the company's system, viewing source code for projects under development. Mitnick expressed surprise Microsoft did not eject the hacker the minute he was detected.
Mitnick also took time to apologize for similar acts that he has committed and said he wouldn't be surprised if some will never forgive him. "I was intruding in the top companies in the world. I regret doing that stuff; it's wrong to do," he said.
In the early '80s, Mitnick's highly publicized intrusions into the computer networks of some of the largest companies in the world gained him international recognition and spawned a string of books and films, including "War Games," which is loosely based on Mitnick's hacking of the North American Defense Command's (NORAD) computer network.
Mitnick warned that virtually anyone could become a hacker with little or no specific level of technical knowledge. "There are hacking tools that anyone can download with no level of sophistication. It's a simple matter of doing it," he said.
According to Mitnick, security will always be an issue. "There's always going to be a group of people out there that are going to take advantage. People are going to use information for personal gain. The Internet is global, you can't control it. [Hacking] might not even be a crime in their country.
"You might have to consider some [encryption] techniques to protect your personal information."
Some of the ways to reduce security risks Mitnick has pointed to in the past are using password-management software to help employees choose strong passwords; having password expiration and creating tougher authentication by combining passwords with biometrics.
Mitnick said his past mistakes can be attributed to the fact he was just a kid having fun at the time, but he emphasized that his youth was part of the reason and not an excuse for his crimes.
"I'd be pretty (upset) if I was a software developer and someone was messing around [with my work]," he said.
Mitnick said none of the books or movies tells the real story of his life. Mitnick recalled when author Jonathan Littman interviewed him for Littman's book, "The Fugitive Game", Mitnick was being deceitful in his responses to Littman's questions. Though the book is sympathetic toward Mitnick's point of view on his 1995 arrest and capture by security specialist Tsutomu Shimomura, it is not a truthful representation of the events that took place.
He said of Littman, "I didn't trust him so I was being deceptive the whole time. I didn't realize that he was recording everything for use in a future book. I didn't even know he was writing a book at the time. Hopefully one day I'll be able to give my side of the story. I know what happened because it was my life. I lived it."
Due to the terms of his parole, Mitnick has been barred from profiting from his story and cannot disclose the details of his case. He has also been prohibited from using computers or devices capable of being connected to the Internet.
In a recent turn of events, the courts have allowed him to function as a security consultant on the lecture circuit. The only catch being that he is not allowed to leave California. He will also make a return to the Internet via an online security column for ContentVille.com, though he still won't be able to use a computer.
He said that job offers are not hard to come by. A start-up recently approached him with an offer, but he declined for "many reasons." All of his job offers are subject to approval on a case-by-case basis.
"At this point, I want to get into the Information Security space. It's more important than it was five years ago," Mitnick said.
Let us know what you think about the story, e-mail Kevin Komiega, assistant news editor