Kevin Mitnick Presenters: Eric Caspary and Bill Giallourakis “ The World’s Most Famous Hacker”
The Kevin Mitnick/Tsutomu Shimomura Affair Presenter: Bill Giallourakis
An accomplished hacker
Had already been arrested for various computer crimes
Computer security researcher working at the San Diego Supercomputer Center
Tsutomu’s Computers in San Diego
Ariel: Contained research and technology information about computer security and cellular technology .
This information could be used to anonymously break into many other systems.
Note: Hacker previously tried to get this cellular technology from another system, but failed.
Took place on Christmas Day, 1994
Mitnick remotely took control of a PC at Toad.com
He used this PC to launch the attack
Note: Ironically, Tsutomu was spending time with a friend at Toad Hall during the exact time the hacker took over the computer and attacked his systems.
Two different attack mechanisms were used:
IP source address spoofing
TCP sequence number prediction
Gained access to a x-terminal workstation
Mitnick got root access
Hijacked an existing connection and got access to the rest of the system
The Defense, Part 1
Shimomura did not have a firewall
Thought they were too restrictive
Used a set of log files to track activity on his machines:
Logs emailed to a research assistant to check for intrusions
During the break in, Mitnick deleted the log file to cover his tracks
The Defense, Part 2
After the attack, the log files were emailed to the research assistant
An automated process compared all log files mathematically with one another.
An inconsistency was found and the assistant contacted Shimomura
Application to CSE 551
Availability vs. Security
Log-based Intrusion Detection
Mitnick left taunting messages behind on Tsutomu’s computers
He also made taunting phone calls to Tsutomu’s voicemail
“ Kung Fu”
Some of the calls threatened Shimomura’s life
The Pursuit, Part 1
Tsutomu had his machines “halted”
Took the disks to the San Diego Supercomputing center to analyze them
He looked at the very basic data structure of the disk to recreate the deleted log file
Tsutomu and his assistant created various programs to analyze the bit patterns on the disk to retrieve the log information
The Pursuit, Part 2
Shimomura’s stolen files were found on a commercial network called The Well.
This network was a staging point for many of the intruder’s attacks.
Mitnick was using modified cellular technology to try to hide himself.
The Pursuit, Part 3
Shimomura teamed up with federal agents on February 8, 1994 as the hunt intensified.
It was discovered that Mitnick was accessing The Well through Netcom, a large ISP.
Mitnick’s phone activity was traced to the Raleigh-Durham area.
The police could not trace the exact location because Mitnick had engineered a looping switch.
Shimomura’s used his own modified cellular technology to track Mitnick
Once they found the source of the calls, Shimomura and his team called in the FBI.
Kevin Mitnick was arrested at his apartment in Raleigh, North Carolina at 1:30 am on February 15, 1995
Kevin Mitnick: “The Showdown in R-Town” Presenter: Eric Caspary
Nature of the Crime, Part 1
Kevin Mitnick committed a series of federal offenses in a 2½-year computer hacking spree
In 1993, California state police issued a warrant for the arrest of Kevin Mitnick
Accused of wiretapping calls from the FBI to the California Department of Motor Vehicles and using law-enforcement access codes gleaned from the wiretaps to illegally gain entry to the driver’s license database
In December 1994, Mitnick was involved in stealing software, email and other files from a computer belonging to Tsutomu Shimomura, a computational physicist and computer security expert at the San Diego Supercomputer Center
Nature of the Crime, Part 2
In February 1995, Kevin Mitnick was arrested in Raleigh, North Carolina, after more than two years on the run
Kevin Mitnick pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication
In a global plea agreement he admitted that he broke into a number of computer systems and stole proprietary software belonging to Motorola, Novell, Fujitsu, Sun Microsystems and other companies
How Information Security Was an Issue
Mitnick admitted using a number of tools to commit his crimes, including "social engineering“
He also use cloned cellular telephones, "sniffer" programs placed on victims' computer systems and hacker software programs
As part of his scheme, Mitnick acknowledged altering computer systems belonging to the University of Southern California
He also admitted that he stole E-mails, monitored computer systems and impersonated employees of victim companies
What Laws Were Applied
18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers
Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--(A) information contained in a financial record of a financial institution, or of a card issuer;
Knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value;
Knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
shall be punished as provided in subsection (c) of this section.
What Laws Were Applied, Part 2
18 U.S.C. § 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications
Any person who:
Intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;
Intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection;
Intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication;
shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).
What Laws Were Applied, Part 3
18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access
Intentionally accesses without authorization a facility through which an electronic communication service is provided;
Intentionally exceeds an authorization to access that facility;
and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.
What Laws Were Applied, Part 4
18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices
Knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices;
Knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services;
Knowingly uses, produces, traffics in, has control or custody of, or possesses hardware or software, knowing it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization;
shall, if the offense affects interstate or foreign commerce, be punished as provided in subsection (c) of this section.
Were Applicable Laws Well Thought-Out?
The case against Mitnick tested then-nascent laws that had been enacted for dealing with computer crime, and it raised public awareness of security issues involving networked computers
At the time of his capture and subsequent prosecution, I imagine the laws applicable to his case were not as thorough, well thought-out, or all-encompassing as they are now
Due in part to mass paranoia, Mitnick was held without bail for over two years before sentencing following his 1995 arrest
He has said that he set some kind of United States record by being held for four and a half years without a bail hearing, while also held in solitary confinement for eight months "in order to prevent a massive nuclear strike from being initiated by me via a prison payphone"
This gives one an idea about how computer criminals may have been treated in the 80’s and 90’s and how the legislation at that time may have been somewhat inappropriate
At the time of Mitnick’s trial, some legislation was very likely incomplete
The “new technological frontier,” was just that, new, and it probably took a few years for legislation to catch up with technology
In later years, however, anti-hacking legislation was greatly expanded. I believe that the currently existing legislation applicable to Mitnick’s case is sufficient and that no further legislation is necessary at this time
Digital Evidence, Part 1
Here are excerpts of the letters sent to the FBI that were used to help calculate the damages caused by Kevin Mitnick in which the companies involved specified damages:
Sun Microsystems: values the current (Solaris software) product in the hundreds of millions of dollars
NEC America, Inc: the (stolen) software design for a NEC cellular mobile telephone…is valued at one million seven hundred fifty thousand dollars ($1,750,000.00)
NOKIA Mobile Phones (UK) LTD: a minimum loss estimated to total US $135 Million
NOVELL: the cost associated with the development of the source code is well in excess of $75,000,000
Fujitsu: GRAND TOTAL: $5,517,389.61. Total recall cost (for source code rework) for 96,441 unit population
Evidence, Part 2
Evidence against Mitnick also includes:
Voice mail messages to Tsutomu
Call to Mark Lottor
Mitnick’s on-line sessions
Analysis of the machine state after the break-in
Photo from files stolen from Tsutomu
Netcom login records for gkremen (a stolen account)
How Evidence Was Handled
Mitnick’s attorney, Donald Randolph, tried repeatedly to get Mitnick a computer so he could review evidence that reportedly includes witness statements totaling 1,400 pages, 10 gigabytes of electronic evidence and 1,700 exhibits in all
But after one hearing, Randolph told reporters that Judge Pfaelzer "didn't seem to want to hear 'computer' and 'Mitnick' in the same sentence"
The court ultimately allowed Mitnick access to a laptop