Kevin Mitnick, whose pioneering antics of conning employees in the 1980s and 1990s into helping him steal software and services from major telephone and technology companies made him the most famous US hacker, has died aged 59.
Mitnick died Sunday in Las Vegas after a 14-month battle with pancreatic cancer, said Stu Sjouwerman, CEO of security training firm KnowBe4, of which Mitnick is chief hacking officer.
His colorful career – from student tinkerer to FBI fugitive, imprisoned criminal, and finally respected cybersecurity professional, public speaker, and writer consulted by US lawmakers and global corporations – reflects the evolution of society's understanding of the nuances of computer hacking.
Through Mitnick's professional trajectory, and what many consider to be the spirit of misplaced prosecution that put him behind bars for nearly five years through 2000, the public has learned how to better distinguish serious computer crimes from mischievous youth troublemakers eager to prove their hacking prowess.
“He never hacked for money,” said Sjouwerman, who became Mitnick's business partner in 2011. He mostly chased trophies, especially cellphone codes, he said.
Much furor followed Mitnick's high-profile arrest in 1995, three years after he had missed probation on an earlier computer-breaking charge. The government accused him of causing millions of dollars in damage to companies including Motorola, Novell, Nokia and Sun Microsystems by stealing software and changing computer code.
But federal prosecutors had trouble gathering felony evidence, and after being jailed for nearly four years, Mitnick reached a plea agreement in 1999 that commended him for his time served.
Upon his release in January 2000 from prison, Mitnick told reporters he “was a simple misdemeanor felony.” He said, “I want to know as much as I can about how the telephone network works.”
He was initially banned for three years from using a computer, modem, cell phone or anything that could give him internet access – and public speaking. Those requirements were gradually relaxed but he was not allowed back online until December 2002.
Mitnick's specialty is social engineering. He would impersonate a company employee to obtain passwords and data, a technique known as pretexting which remains one of the most effective hacks and which usually requires considerable research to succeed.
“His ingenuity challenges systems, encourages dialogue, and pushes boundaries in cybersecurity. He will remain a testament to the uncharted power of curiosity,” tweeted Chris Wysopal, who as a member of the white hat hacker group L0pht testified before the US Senate years before Mitnick did the same.
“My true hacking activity is a quest for knowledge, an intellectual challenge, a thrill, and an escape from reality,” Mitnick said during a March 2000 congressional hearing in response to a question by Senator Joseph Lieberman, D-Conn., about what motivated him.
In his prepared testimony, Mitnick boasted that he had “successfully penetrated some of the most robust computer systems ever developed.”
Mitnick was first arrested for computer crime at age 17 for daringly walking into a Pacific Bell office and carrying several computer manuals and a code to a digital door lock. For that, he served a year in a rehab center, deemed by a federal judge to be addicted to computer destruction.
Mitnick was raised in the bleak Los Angeles suburb of Panorama City by his mother, who divorced his father when he was 3 years old. An overweight and lonely teenager, he dropped out of high school and found only friends when he stumbled into the world of phone phreaks – teenagers who use stolen phone codes to make free long-distance calls.
The phone led to the computer, and Mitnick showed himself to be a determined, if not a stellar hacker. Fascinated by the possibilities of using computers to gain access and power, Mitnick began breaking into voice mail and computer systems, rummaging through private files and taunting those who passed them.
But the other side of Mitnick became clear in a conversation he had with investigative journalist Jonathan Littman printed in the mid-1990s in “The Fugitive Game: Online with Kevin Mitnick.” The hacker seems less of a threat than a frightened and disturbed young man, more annoying than vindictive.
And although a computer file containing 20,000 copied credit card numbers from internet service provider Netcom was found on Mitnick's computer after his 1994 arrest, there's no evidence he ever used any of the accounts.
Mitnick became a celebrity cause for hackers who found his 5 year prison sentence excessive. Several websites were vandalized to send messages demanding his release. Among his targets was The New York Times – which some sympathizers accused of exaggerating the social harm Mitnick posed.
Exaggerated stories about Mitnick's exploits and abilities also circulated, sometimes sparking hysteria.
One led prison officials to put him in solitary confinement for nine months, Sjouwerman said, because they feared he could start a nuclear war by whistling into a pay phone – mimicking a modem “to hack into NORAD and trigger a ballistic missile.”
Mitnick is the author of “The Ghost in the Wires,” which chronicles his adventures as a wanted hacker and three other books he co-authored including “The Art of Deception.”
In addition to his job at KnowBe4, where Mitnick is not involved in day-to-day operations, he runs a separate penetration testing business with his wife, ex Kimberely Barry.
He is a native of Australia, where the two met.