World's Greatest Computer Hacker Raises Alarm ; Barred from Writing about His Own Case for 10 Years, Kevin Mitnick Describes Classic Computer Crimes - and How to Thwart Them

Article excerpt

Kevin Mitnick may have been the greatest computer hacker the world has ever known. At least, the FBI treated him that way. In the 1980s, Mitnick allegedly broke into computer systems belonging to Pacific Bell, Digital Equipment, and the North American Air Defense Command. In the 1990s, Mitnick became the subject of a nationwide manhunt by the FBI. The New York Times ran a front-page story about his alleged attempts to steal cellular telephone software on July 4, 1994. He was finally apprehended by computer expert Tsutomu Shimomura on Feb. 15, 1995.

Mitnick was held in jail for four years without facing trial because his attorney never had a chance to review the government's evidence against him. It was repeatedly withheld on the grounds that releasing it would compromise national security.

Meanwhile, three books were published on Mitnick's capture - including one by Shimomura and John Markoff, The New York Times reporter who many say stepped over ethical lines and participated in the investigation. Disney and Miramax produced a movie on the caper. It premiered in France but was shut down by a combination of protests and a lawsuit.

In the meantime, Mitnick's case became a cause celebre among many in the shadowy world of the computer underground. When The New York Times website was hacked in September 1998, the hacker's message was that Mitnick had been unfairly targeted. Dozens of websites devote themselves to the treatment that Mitnick has received. Many others debunk the government's assertion that he was personally responsible for more than $80 million in corporate losses.

This backstory is critically important for understanding Kevin Mitnick's first book, "The Art of Deception," in which the reformed hacker- turned-security-consultant explains in painstaking detail how the reliance on modern communications technology has made US businesses more vulnerable to 19th-century style cons and swindles.

His book contains roughly two dozen case studies of "social engineering" in which a hacker successfully identifies a piece of information, gets it, and then vanishes.

One such story describes how a man named Rick Daggot showed up one day at a small startup robotics company for a meeting with the company's founder and vice president. Daggot was friendly and well- dressed and claimed to be joining the company's team. There was just one problem: The founder wasn't in town; Daggot had inadvertently come on the wrong day.

Trying to make the most of a bad situation, Daggot offered to take the company's receptionist and a few engineers out for lunch. Over drinks they talked about - what else - the company's top- secret project. A few days later, Daggot called back, saying that he was in touch with the founder, and that copies of several key documents should be sent to the founder's new e-mail account, the only one he could get working while he was traveling. …