Governance & Risk Management
,
Leadership & Executive Communication
,
Training & Security Leadership
Social Engineering Expert Was Featured on FBI’s Most Wanted List Before Going Legit
Kevin Mitnick, one of the world’s most famous computer hackers, died Sunday at the age of 59. He was diagnosed with pancreatic cancer 14 months ago.
See Also: JavaScript and Blockchain: Technologies You Can’t Ignore
Mitnick is survived by his wife, Kimberley Mitnick, who is expecting their first child.
“Kevin Mitnick crammed a dozen lifetimes into a single prematurely short one,” his family said in his obituary.
Mitnick branded himself as “the world’s most famous hacker,” according to a statement from KnowBe4, where he served with the tongue-in-cheek title of chief hacking officer.
“To know Kevin was to be enthralled, exasperated, amazed, amused, irritated, and utterly charmed – in equal measure,” KnowBe4 said.
As a child in California, “he transitioned from pranks and learning magic tricks to phone phreaking, social engineering and computer hacking,” KnowBe4 said. “He was insatiable in pushing himself, and his team, to pursue excellence in their tradecraft,” it added, noting that he used his knowledge “for the greater good and to develop hacking demonstrations that educated the business world and everyday people on how to protect themselves.”
Chris Wysopol, CTO of Veracode, praised Mitnick’s insatiable curiosity. “His ingenuity challenged systems, incited dialogues and pushed boundaries in cybersecurity,” tweeted Wysopal, who was one of the original vulnerability researchers at hacker think tank The L0pht.
Mitnick combined a prankster spirit with technical acumen and social engineering skills – that is, the ability to trick people into doing what he asked, sometimes simply by phoning them. After finding success at such efforts – albeit as a criminal – he reformed, warning people about how such tactics could be used against them.
“Kevin’s body of work inspired many individuals to pursue a career in cybersecurity – the industry upon which he leaves an indelible mark and an incredible legacy,” KnowBe4 said.
‘The World’s Most Wanted Hacker’
Mitnick’s myriad hacking abilities led to multiple brushes with the law, landed him a place on the FBI’s Most Wanted list and indirectly helped shape U.S. computer crime laws and how they get applied.
Mitnick shot to fame in the 1990s when he was the target of an FBI manhunt, as he would later recount in his bestselling 2011 book “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker,” co-authored with William Simon.
He served his first prison sentence – for one year – starting in 1988, followed by three years of parole. Before his parole was over, he hacked into Pacific Bell’s network and went on the run after a warrant was issued for his arrest. He remained at large for two years, perpetrating additional hacks. He also became interested in cellular networks and developing TCP/IP session hijacking attacks.
Ultimately, he was arrested in February 1995. Fans launched a “Free Kevin” campaign. Mitnick was careful to emphasize that he never stole any money during his escapades.
In 1999, he pleaded guilty to wire fraud and computer fraud, as well as violating the terms of his 1998 sentence, and served a total of five more years in prison. Some of it was served in solitary confinement after federal prosecutors warned the judge Mitnick could phone NORAD and, using his phone-phreaking skills, whistle the authorization codes required to launch a nuclear attack.
He was released from prison in January 2000, followed by three years of parole.
Going Legit
Mitnick subsequently found work as a legitimate information security consultant, working as a white hat hacker.
In November 2011, he joined forces with Stu Sjouwerman, the founder and CEO of KnowBe4, becoming both chief hacking officer and a co-owner. In February, Vista Equity Partners closed its $4.6 billion all-cash deal to acquire KnowBe4, taking the publicly traded company private.
Mitnick helped design the company’s security awareness training based in no small part on his social engineering expertise and skills. He continued to run his international Global Ghost Team, providing penetration testing services, and to write books.
Mikko Hypponen, chief research officer at WithSecure, wrote the forward to Mitnick’s 2017 book, “The Art of Invisibility.” “I’m really happy Kevin took the time to write down his knowledge on the art of invisibility. After all, he knows a thing or two about staying invisible,” Hypponen wrote. “Use the knowledge to your advantage. Protect yourself and protect your privacy.”
Despite going legit, his proclivity for jokes and his curiosity appeared to remain undimmed, as demonstrated by the lock-picking business cards he regularly handed out or the picture he tweeted earlier this year of his “new bad ass password cracker.”
This is my new bad ass password cracker.
I have 24 4090’s + 6 2080’s all clustered running Hashtopolis.Thanks to the awesome team at @KnowBe4 that set up and configured the servers for me.
Now to go crack some hashes :-))))))) pic.twitter.com/SZLFH2OtKL— Kevin Mitnick (@kevinmitnick) April 21, 2023
Throughout his career, Mitnick continued to highlight the ease with which humans can be tricked, warning that for attackers – or reformed black hat hackers working as security consultants – social engineering is a gift that keeps on giving.
“When conducting penetration tests, our success rate is 100% if our team is allowed to use social engineering. Never failed once,” he tweeted in 2013.
He subsequently confirmed that while his team’s record was good, “only death and taxes is 100%.” Still, if Mitnick was attempting to sweet-talk his way into a system, his track record suggests his success rate probably came a close second.