My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.
Kevin MitnickI can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access.
Kevin MitnickI made stupid decisions as a kid, or as a young adult, but I'm trying to be now, I'm trying to take this lemon and make lemonade.
Kevin MitnickHackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.
Kevin MitnickMy argument is not that I shouldn't have been punished, but that the punishment didn't fit the crime.
Kevin MitnickSocial engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker.
Kevin MitnickI could have evaded the FBI a lot longer if I had been able to control my passion for hacking.
Kevin MitnickItโs actually a smarter crime because imagine if you rob a bank, or youโre dealing drugs. If you get caught youโre going to spend a lot of time in custody. But with hacking, itโs much easier to commit the crime and the risk of punishment is slim to none.
Kevin MitnickWe have problems with our physical security, operational security through to management.
Kevin MitnickI characterize myself as a retired hacker. I'm applying what I know to improve security at companies.
Kevin MitnickWhen I was in prison, a Colombian drug lord, offered me $5 million in cash to manipulate a computer system so that he would be released. I turned him down.
Kevin MitnickWhen an attacker fails with one person, they often go to another person. The key is to report the attack to other departments. Workers should know to act like they are going along with what the hacker wants and take copious notes so the company will know what the hacker is trying to find.
Kevin MitnickA company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted.
Kevin MitnickSo the ethic I was taught in school resulted in the path I chose in my life following school.
Kevin MitnickI obtained confidential information in the same way government employees did, and I did it all without even touching a computer. ... I was so successful with this line of attack that I rarely had to go towards a technical attack.
Kevin MitnickThe perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess.
Kevin MitnickThe key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network.
Kevin MitnickThe intent of the individuals who created the DDoS attacks has nothing to do with hacking, and they are vandals, not hackers.
Kevin MitnickOracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It's not even illegal, because trash isn't covered by data secrecy laws.
Kevin MitnickYou can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
Kevin MitnickBack in my day, I would probe by hand. Now you can get commercial software that does the job for you.
Kevin MitnickNew security loopholes are constantly popping up because of wireless networking. The cat-and-mouse game between hackers and system administrators is still in full swing.
Kevin MitnickNo company that I ever hacked into reported any damages, which they were required to do for significant losses. Sun didn't stop using Solaris and DEC didn't stop using VMS.
Kevin MitnickBoth social engineering and technical attacks played a big part in what I was able to do. It was a hybrid. I used social engineering when it was appropriate, and exploited technical vulnerabilities when it was appropriate.
Kevin MitnickIf you go to a coffee shop or at the airport, and you're using open wireless, I would use a VPN service that you could subscribe for 10 bucks a month. Everything is encrypted in an encryption tunnel, so a hacker cannot tamper with your connection.
Kevin MitnickIt was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was - and is - respected and admired by others possessing similar technical skills.
Kevin MitnickI'm still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.
Kevin MitnickI got so passionate about technology. Hacking to me was like a video game. It was about getting trophies. I just kept going on and on, despite all the trouble I was getting into, because I was hooked.
Kevin MitnickCompanies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems
Kevin MitnickComputer hacking really results in financial losses and hassles. The objectives of terrorist groups are more serious. That is not to say that cyber groups can't access a telephone switch in Manhattan on a day like 9/11, shut it down, and therefore cause more casualties.
Kevin MitnickIt's true, I had hacked into a lot of companies, and took copies of the source code to analyze it for security bugs. If I could locate security bugs, I could become better at hacking into their systems. It was all towards becoming a better hacker.
Kevin MitnickIt doesn't work the same way everywhere. The Americans are the most gullible, because they don't like to deny co-workers' requests. People in the former Soviet bloc countries are less trusting, perhaps because of their previous experiences with their countries' secret services.
Kevin MitnickThe hacker mindset doesn't actually see what happens on the other side, to the victim.
Kevin MitnickI get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we've always found a hole.
Kevin MitnickMy primary goal of hacking was the intellectual curiosity, the seduction of adventure.
Kevin MitnickGarbage can provide important details for hackers: names, telephone numbers, a company's internal jargon.
Kevin MitnickI get hired to hack into computers now and sometimes it's actually easier than it was years ago.
Kevin MitnickI use Mac. Not because it's more secure than everything else - because it is actually less secure than Windows - but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.
Kevin Mitnick