There are some people in this world who are particularly good at computer programming, such as Linus, the father of Linux, John Carmack, founder of id software, Fabrice Bellard, author of QEMU, and FFMPEG.
There are also some people in this world who are particularly good at dealing with people, and they can open up your heart in a few words, and unintentionally "leak" the information he wants to know.
What if someone could combine these two talents?
Kevin Mitnick, the world's number one hacker, is one of the most outstanding representatives.
Mitnick has played both hacking technology and social engineering to the extreme, proficiency, and the perfect combination of the two, making the security facilities of major companies useless in front of him. He has invaded DEC, Sun, Novell, Motorola, NEC and other well-known IT companies, and obtained the most strictly protected trade secrets of these companies.
His infiltration success rate is 100%!
1
social engineering genius
Many people's impression of hackers is that they sit in front of the computer, tap the keyboard with both hands quickly, and then break through the system and obtain passwords...
In fact, hackers also have a very powerful trick: social engineering .
Mitnick showed talent in this area when he was a child.
When he was 12 years old, he often took the bus in California to wander around. When he saw the holes punched in the bus ticket, he had an idea: why not make the bus ticket himself?
So he moved to the front row of the bus and asked the driver at a red light: Our school has an extracurricular assignment to punch out interesting shapes on cardboard. I think the holes punched on the bus tickets are very good. Can you tell me where I can buy a punching machine?
The driver told him the store address. Mitnick bought a punching machine for $15, and then went to the trash can in the bus parking lot to conduct the first "trash can search" operation in his life. Sure enough, he found an unused, blank transfer ticket book!
Since then, Los Angeles buses have been completely free for Mitnick.
It was just a small test for him, and at the age of 17, he and his friend Rhodes decided to sneak into the Pacific Telephone Company. Both were telephone and radio geeks, and a stroll in the telephone company's offices would give them bragging rights.
The pair used social engineering to get in the gate, but unfortunately, there were security guards patrolling late at night, asking them for their company ID badges.
Mitnick touched his pocket: "Oops, I must have left it in the car, I'll get it right away."
The security guard didn't stick to one thing, and took them upstairs for interrogation. Mitnick felt that this time it was over, trespassing, and going to jail.
But his amazing memory and social engineering skills save him.
Mitnick pretended to be calm: "I work in the COSMOS department of Pacific Corporation in San Diego. Today I brought a friend to visit the telephone exchange. You can call my boss to check."
Then Mitnick gave the supervisor's name, and the security guard turned to the company's yellow pages and actually found the phone number.
He immediately called the supervisor, and as soon as he explained the situation, Mitnick "stealed" the phone: "Let me talk"!
Mitnick put the earpiece close to his ear to prevent others from hearing, and said impromptuly: "Judy, I'm sorry to disturb you so late. I was going to take a friend to visit, but the badge was left in the car. The security guard just wanted to verify that I was from the COSMOS department in San Diego. I hope you can help clarify."
There was a snarl on the other end of the phone: "Who are you? Do I know you? What are you doing?"
Mitnick continued: "I'll come over for a meeting in the morning, and you'll be there for the judging session with Jim on Monday, and we'll have lunch on Tuesday..."
The roar continued on the other end of the phone, but of course no one else could hear it.
Mitnick: "Of course, sorry to disturb you late at night."
Mitnick hung up and said, "He must be very annoyed that he was woken up at 2:30 in the morning."
The security guard looked confused and half-believing, but he didn't dare to call to check again.
Then, resisting the urge to run, Mitnick walked out of the building as normally as possible.
Does it look like a Hollywood blockbuster?
Mitnick did all of this without any planning at all, it was completely improvised!
He's a real genius when it comes to social engineering.
This may have genetic inheritance, because Mitnick's father and uncles are all eloquent salesmen, and he himself is very obsessed with magic. He feels that people are deceived when watching magic, but they are very happy. It must be that people are willing to be deceived. This idea has influenced his life .
In the case of free bus rides, his mother praised him for being smart, and his father said that he thought proactively. Even the driver laughed when he found out that he made his own bus tickets. Everyone knew what he was doing and said he was good.
As a result, Mitnick became completely fascinated and addicted to using social engineering to deceive others and obtain information.
After learning computer programming, radio and other technologies, he has improved to a higher level. For him, it is really "a vast world and a lot to do."
2
Across the rivers and lakes
In 1988, he and his friend Lenny decided to hack into the well-known DEC company at that time, and got the source code of the famous VMS operating system, so that they could find loopholes and facilitate future attacks.
He certainly won't do anything reckless, but continues to combine social engineering and computer technology to achieve his goals.
He first got the roster of the VMS development team and the dial-up number for the VMS team's modem pool.
Then, he went to a country hotel, used a pay phone to tell Lenny to go online, and used another pay phone to call the operation department of DEC, saying that he was someone from the VMS development team, and asked if they were supporting the star cluster VMS system cluster.
The operator in this operation said yes, and Mitnick asked the operator to enter the "show users" command.
On the operator's display, I saw the device type that Lenny logged in: TTY4.
Then let the operator enter another command spwan:
spawn /nowait/nolog/nonotify/input=tty4:/output=tty4:
The operator didn't recognize the spawn command, but since she wasn't asked to enter any username and password, the operator complied.
It was that simple, and Lenny's terminal logged into the system with full operator privileges.
Is the power of social engineering huge?
Gaining access, disabling the security alert mechanism, creating a new account with full privileges... a combination of punches, and they were able to transfer the VMS source code to a machine at USC (which, of course, was also the machine they hacked).
The source code is huge, and the network is very slow. When transferring the code, DEC people found that there was still network traffic in the computer room in the middle of the night. Obviously, there was a security problem, and they quickly changed all the passwords.
But to no avail, Mitnick had taken control of their personal workstation, where password detectors intercepted all keystrokes and all new passwords were visible.
DEC's network engineers saw huge files being transferred and were powerless to do anything, thinking they were being attacked by international spies trying to steal intellectual property.
Mitnick also compromised the mailbox system, read their emails, learned about his perception and reaction to his attack, and prepared to make the next attack.
At the University of Southern California, the administrators also found it strange that the disk space was disappearing for no reason, and the administrators would turn off the network connection and Mitnick would start up again.
The administrator went crazy and shut down the system at night, and Mitnick waited for it to restart and transmit again.
This game lasted for several months, and finally all the codes of VMS were transferred.
Mitnick, who was already addicted, would not stop. He aimed at Sun again and obtained the source code of SunOS.
Then he used the vulnerability of sendmail to infiltrate Novell. He even pretended to be an internal employee and asked another engineer to copy the NetWare source code to a machine he designated.
There are also Motorola, NEC, Nokia, Fujitsu on this list. They are all well-known IT companies. Network protection seems to be impregnable, but as long as Mitnick is interested, he can always use social engineering to find gaps and infiltrate them.
His infiltration success rate is amazing 100%!
3
The Fugitive
What Mitnick did finally attracted the attention of the FBI and began to hunt him down.
The process of Mitnick's escape was just like a Hollywood blockbuster, with helicopters circling in the sky and police cars blocking all around, but Mitnick managed to escape time and time again.
He forged various documents, constantly changed his identity, and pretended to be someone else wandering around the United States.
In 1994, he worked as Eric in the IT department of a law firm in Denver. During a dinner party, the manager suddenly asked: Eric, you go to a college in Washington State. How far is it from Seattle?
Although Mitnick had memorized the names of the various professors in the college, he was stumped by this simple question.
He pretended to cough, ran to the bathroom, called Central Washington University, and said he was going to apply to the school, but he didn't know how long it would take to drive there from Seattle.
"Two hours, if there is no traffic jam."
Mitnick once again survived a crisis through social engineering.
He not only has to deal with his colleagues, but in turn monitors what the FBI is doing about him.
In order to allow agents to communicate in a wider range, the FBI installed repeaters in some high-altitude areas to transmit signals, but the signals were encrypted and Mitnick could not crack them. He tried to pretend to be an FBI agent and called Motorola, hoping to get the encryption key, but it didn't work.
So he launched Plan B, made a tool to interfere with the repeater's work, so that the agents could not hear the transmission, and after two or three times, the agents switched to plaintext transmission, and all the information was in Mitnick's hands.
4
caught and brought to justice
On Christmas 1994, while on the run, Mitnick provoked someone who should not have been provoked: Tsutomu Shimomura.
Shimomura has shoulder-length hair. His father is Osamu Shimomura, a Nobel laureate in chemistry. He skipped a grade and entered Caltech before graduating from high school. He is also an out-and-out computing genius.
People in the hacker community say Shimomura Tsutomu is very arrogant. Mitnick and another Israeli hacker JSZ decided to kill his arrogance. They used IP spoofing technology to invade Shimomura Tsutomu's computer.
Although they took great care to eliminate almost all traces of intrusion, they did not notice that a tool called tcpdump was running on Shimomura Tsutomu's computer all the time, and all network operations were sent to a designated mailbox. Their behavior was discovered by Shimomura Tsutomu.
This completely aroused the anger of Tsutomu Shimomura, and he made up his mind to help the FBI arrest Mitnick.
Tsutomu Shimomura has obtained unprecedented rights: he can access any network at will and monitor any of his communications.
The net has been cast, and although Mitnick has set up various obstacles and traps, it can be said that he is erratic like a ghost, but Shimomura Tsutomu finally found him: in Raleigh, North Carolina.
Mitnick, who had been on the run for three years, was finally arrested.
04
Golden basin to wash hands
Interestingly, although Mitnick admitted his hacking behavior, he said that his intention was not fraud, because he did not sell any proprietary software or trade secrets for profit, but only hacked into the computer and telephone company's system as pure entertainment.
Yes, this is Mitnick's interest, or rather, his addiction.
But the judge wasn't convinced, and Mitnick was charged with wire fraud (14 counts), possessing an unauthorized access device (8 counts), intercepting a wire or electronic communication and accessing a federal computer without authorization.
The Department of Justice even calculated the property value, or development cost, of the various source codes he copied to be $300 million.
Mitnick was sentenced to five years in prison. On January 21, 2001, Mitnick was released and was not allowed to use any means of communication other than landline telephones for three years.
In 2003, Mitnick, who was truly free, washed his hands and founded a security consulting company. His experience became a gold-lettered signboard, and Fortune 500 companies approached us one after another, asking for security consulting and penetration testing services.
Mitnick has also co-authored four best-selling books, among which "The Autobiography of Mitnick, the Number One Hacker in the Online Ghost World" was on the New York Times bestseller list, translated into more than 20 languages, and sold in more than 50 countries.
On July 16, 2023, Mitnick died of pancreatic cancer at the age of 59.
In this world, I am afraid that there will never be another hacker like Mitnick who is proficient in social engineering and computer technology.
Postscript: This article mainly refers to Mitnick's autobiography "Online Ghost: The Autobiography of Mitnick, the World's Number One Hacker"
Related Articles: The 12 Greatest Programmers in the World (Collection)