this summer. send us tweet @booktv. >> coming up next, former computer hacker kevin mitnick who recounts the three years he spent on the run. mr. mitnick served nearly five years in prison and is currently a security consultant who has testified before the u.s. senate on information security. this is just over an hour. [applause] >> greetings, everybody. for those that decided to come to the talk tonight, you can go ahead and leave your phones on for me. and turn blue tooth on, please. just kidding. it's fantastic to be here. "ghost in the wires" took two years. myself and my co-author, bill simon -- raise your hand -- worked on this. [applause] i couldn't have done out without bill.

i mean, we had much, we had different work schedules because i usually slept in until 2 p.m. and worked until 5 a.m., and bill woke up at 6 a.m. and worked until 6 p.m.. i mean, i put him on spanish time for about two years, right, bill? [laughter] so you're ready for the second edition? so as you might know if you know a little bit about my background, i, obviously, was a computer hacker that ended up in a lot of hot water. and for seven years i was actually restricted from writing this book. i was released from custody in 2000, in 2007 i was permitted to go ahead and tell the story. and how i started with computer hacking was really from my love of magic as a young kid, 10 years old. i used to ride my bike to the the magic store just to learn how the tricks worked because i was so fascinated with it. and when i entered high school, and i know you're going to probably read a lot of -- about

this in the book, and he was a phone freak. he can do, like, he was able to do really incredible stuff. for example, if i call forwarded my number somewhere, he was able to breakthrough it. if my parents had an unlisted number, he can get it in 15 seconds. and one day he said, hey, kevin, i'm going to give you a cool trick. you call this telephone number, you wait for a tone, you put in five digits, and you can call anywhere in the world for free. and i said, how does that work? it must be a fluke of the phone company. he showed me all these cool things he could do, and i just was taken aback with this technology. it was just like, wow. and, um, he kind of showed me how he could get information from the phone company. if he had my parents' number, he

could get the name it was listed to. if he had a friend's name, he could get the nonpublished number. it was like this kid had full control over the phone company. so i became a phone freak. but i loved pranks. and what i used to do with my phone knowledge, actually, pull pranks on friends. one of my favorite bernanke pranks was to modify my friend's phone service so whenever he or his parents would make an outgoing call on their home phone, it would say, please, deposit a coin. and i just loved doing this type of stuff. i remember as a kid i was able to intercept directory assistance so instead of getting the operator in the rhode island, they got me. and you can imagine when you're 16 years old how much fun you could have with that. and, of course, i did things like what city, you know, providence, may i have the name, leads? whatever or bill smith. and i'd say that number is 555-2

and one-half 37. >> ho, how do i dial a half? oh, you didn't get a new phone, you have to go down to the phone store. [laughter] i was fascinated, and ham radio opened up a whole new world for me. again, with my pranker the type of persona, i did my favorite hack of all times, and my favorite hack was, actually, to mcdonald's. and what this hack was, does this actually work when i walk around? what this hack was imagine a customer drives up to the mcdonald's drive-up window, and i've sitting across the street. i could actually overpower the guy with the headset in the mcdonald's, and i could be, now, the mcdonald's customer service person. so you could imagine what fun d people would come up, i'd like a big mac, large fry, coke. oh, we now serve tacos.

police would drive up, okay, get rid of the cocaine. yes, sir, may i take your order? is. [laughter] i could see the poor guy inside the mcdonald's freaking out, right? because he could hear everything that was going on but couldn't stop it. and, you know, we're 16, 17 years old and one of the pranks that's in the book is a customer drives forward, may i take your order please? well, our coke machine's broken, would you like a free apple juice? yes, our ice machine's broken, but go ahead and drive -- small, medium or large? of course large, it's free. and then a recording of what sounded like pee anything a cup. and i irritated mcdonald's so much, the manager comes out of the store, and he's peering into every car in the parking lot trying to find the culprit. we're across the street, i cross, you know -- across, you know, a major street.

and then he puts his face this close, and i couldn't resist. i go, what the fuck you looking at? [laughter] and this guy flies back, like, 15 feet, stumbling. you know, like the mcdonald's drive-up window is possessed. so anyway, then, you know, i pushed the envelope. i, after i got involved with, you know, hacking and mainly my hacking was to gain more control over the phone company's systems so i could pull more pranks. and then i got involved with all the phone company switches throughout the united states, and be i started, like, really pushing the envelope because as i was doing this, i was having problems with the phone company security department to the point where when i was 17 years old, they sent a letter to my mom, we're removing your phone service. and my mom was so angry with me

that she grounded me. but, you know, but i said, mom, don't worry about it, i can get our phone back. [laughter] so we live inside a condominium complex, and our unit number was 13. and i called a certain department in the phone company that does provisioning for new lines and stuff, and i told them there's a new unit being added to the property, this unit's going to be added, it's unit 12b, to go ahead and provision it. and a few days later i went to the hardware store, took down 13, put up 12b for our unit number, called the phone company and ordered service for 12b. now, when i did this, i asked for a special number, and i asked the telephone company, i'd like a number ending in 007. what's your name, sir? i go, jim bond, and i'd like a number ending in 007. and she didn't even flinch.

at the end of the conversation i said, well, you should maybe make the listing out to my real first name, which is james. so i had james bond, 895-9007. we had that company for about three weeks before -- had that number for about three weeks before the phone company got wise. at one point in my life i was arrested for hacking into digital input corporation, and the government at the time really needed, like, to set an example for, hey, we have this behavior, this hacking, it's scaring us. we need to set an example for everyone, you know, in the united states. so i remember when i was going for a detention hearing, that's a bail hearing in the case, the federal prosecutor had told a judge that not only do we have to detain mr. mitnick, but we have to make sure he doesn't get

near a telephone in prison. [laughter] and the prosecutor said the reason is that mr. mitnick can pick up a phone, dial into norad and whistle the launch codes. [laughter] and i'm in court. i actually laughed, because i thought that was incredibly stupid of the guy because i figured he was going to lose all credibility. and wouldn't you know it, the judge bought it hook, line and sinker, so i was in solitary confinement for about a year. but would you think putting someone like me in solitary confinement was going to stop me? so they had a special list of numbers i could call which my wife at the time -- the marriage didn't really work out because i was in custody. that's another story. as you can imagine. what they would do, i was in the hole, i was in high security. so before they, before you could -- when you are moved from outside your cell, they actually

handcuff you, and they shackle your legs, and then they move you to a phone room which has three pay phones on the wall. and then a guard with me would look in a book and say, okay, mitnick, who do you want to call today? i'd say, i want to call mom. he would dial the number and hand me the phone and back up three to tour feet and sit in a chair, and he wouldn't take his eyes off me, right? so i was thinking, how could i defeat this? well, as i was -- the handset cord was quite long, so i'd walk back and forth, and i'd always be scratching my back, and i just got the guard used to this behavior, and then i actually put my hand behind my back, and i could feel the switch hook. and then i thought one day, i was in a conversation, and i just ended the call, but i kept talking as if call didn't end. and what i did was i leaned back, i hold down the switch hook, and then i put my arm in front because you have 18 seconds before the phone's going

to boo beep, beep, beep, beep. so i knew this. so within about five seconds later i go to scratch my back again, i dial 0 plus another phone number. the next thing that's going to come on and say who's the collect call from? then i was able to call anywhere to anybody that would accept the collect call while in high security on a court-ordered, you know, phone restriction. so that lasted only about a few weeks. then one day my cell door opens, it's the executive of the prison. they shackle me up, they put me in this attorney/client conference room, and they sit me down, and the captain goes, how are you doing it, mitnick? i go, how am i doing what? our officer's watching you and somehow you're redialing the phone. i said, hey, guys, i'm not david

copperfield, i don't think what's going on with your -- i don't know what's going on with your monitoring system, but i don't know what you're talking about. two days later i hear some commotion outside the door of my cell, and it's pacific telephone installing a jack. and i go maybe these guys are just going to install a phone in my room so they don't have to bother me anymore. the next day a guard brings a phone, plugs it into the jack, and they had a 25-foot handset cord. so they placed the handset through the cell, and kevin couldn't touch the pad. it kind of reminded me of "silence of the lams" and hand bell elector. social engineering is where you use manipulation, deception and influence to get someone to do

something they wouldn't ordinarily do. hackers will, you know, ask for pass words. now that, you know, maybe 5% of the time or usually get someone to do something that lets the attacker in. like today how it works is they have a thing called spear fishing where an attacker will do some research, find somebody that works within the company they want to compromise, try to find out who that person deals with, vendors, suppliers, customers, other facilities of the same company, and then what they'll do is they'll manufacture an e-mail and send a booby trapped pdf file. and the pdf file is booby trapped so when they open it up, it exploits a vulnerability, and now the hacker is now on that person's desktop which is connected to the internal commercial. that's an example of giving the attacker some sort of benefit. so let's go back to 1993.

i'm living in the denver, colorado. and at the time i wasn't living under kevin mitnick because there were certain federal law enforcement agencies that wanted to talk to me, and i didn't want to talk to them. in fact, i was using the name eric wise. does anyone know who eric weiss is? harry houdini. i thought i had a sense of humor, but the fbi has no sense of humor. but that's a story for another day. one of my buddies handed me this bro sure for the micro tack ultra light cell phone. and this cell phone is kind of like the iphone is today. it was like, you know, if you're a trekkie fan, it reminds you of the star trek communicator, right? and i wanted to understand how this worked as a hacker because i was the type of hacker, my number one driver was pursuit of knowledge. i wanted to know how things

worked. i had curiosity, and i liked, you know, doing things i wasn't supposed to do for the fun of it. it wasn't about destroying stuff or stealing money. but i wanted to get access to this. and motorola, you can't say, hey, i'd like your firmware please because the source code is proprietary. remember the old orange julius with the powder? same kind of concept. so while i was in denver working at this law firm, i left the office at about 3:00 in the afternoon, and i called up directory assistance for 1-800 numbers and got the number for motorola, and i asked the operator, obviously, for the number, the 800 number. i called the number and said, listen, i'm looking for the project manager of the microtack ultra light project. ..

and this was -- by this time i am walking down, what was its, broadway in downtown denver. it was snowing. horns were hawking, and i was trying to press the self, was using tight to my years of -- she could not use -- hear the traffic. i was never expecting this to work. she goes, what version to you want? and am thinking i don't even know their version number.

i go hot the latest and greatest. she's stepping on her computer. she goes, i found the latest release. there is a problem. what is the problem? she does, there are hundreds of directories demand within each directory, hundreds of files. i asked her if she had to use when is it under windows. she goes, no. i said, would you like to of light? is he goes, yes, i love to learn new things. i became her instructor for the date. at the end we had a three mb file that contained the source codes so that i could understand how it works. max question was, do you know how to use ftp. she does, file transfer program? precisely. oh, my god.

she's going to send me the code, and i could not give her my hosts e-mail. that is obviously outside of motorola's domain, but i have a great knack for emerging ip addresses. so i remember -- i remembered an ip address. i gave her one. when she tried connecting to it would timeout. two, three, four times. then she goes, rick. yap. and then disappointed. she does, i really have to talk to my security manager about what you're asking me to do because i think this is the security issue. i go, no, no, no, no. wait. i am on hold. al, my god. the gig is up. you know when you are waiting for somebody to return to the phone, and seconds feel like minutes. i'm walking down the street to almost my apartment. it's like five minutes.

i assume that motorola is a template tape recorder because i was going to be exhibit a for a court case letter. chickens back on the line. i'm careful. i don't actually talk. rick, i talked to my security manager about what you're asking me to do. that ip address you gave us is outside of motorola's campus. i'm not talking. then she said, well, my security manager told me that we have to use a special proxy server to send files of side of motorola. [laughter] she goes to my don't have an account on the proxy server. and i guess i'm sorry for moving back and forth. i don't have an account of the proxy server, but my security manager was kind enough to give me his personal user name and password, so i can send you the file. it's a buy the top of the key to the front door of my apartment i have the source code. now, you think about motorola. a great company, the best

security that money can buy. firewall, intrusion protection. it did not train their people well enough. i deputy prosecuted. it was so damn easy to do. so, eventually i became a fugitive. all of the book covers my cat and mouse with the fbi. the fbi sent an informant to help them that me, and then i was able to figure out that this guy was truly an informant. then i was so curious about what was going on. i just had to know if i hacked into the local sulfone provider, kind of like at&t, but this was actually pactel cellular. i was able to identify the telephone of the fbi agents that were telling me -- chasing me.

i was able to do traffic analysis, so i could see who was telling him, who they were calling, and to those people were calling, and i was able to give location information. i was basically watching the fed's trying to capture me playing this cat and mouse game. eventually i was able to set up a device at my office, i was working as happy i inlaw says lewis. i was able to set up a device so if any of the fbi phones came within one or 2 miles of me it would send me an alert. my fbi early warning system. so one day on september 20th 1992 i'm walking into the office early, which is kind of on like me, and i put in the cut to get into the office. i keep hearing this speed, beat, beat the monday. what did they do, change the code? as i walked into my office the beeping is to the latter.

i hear it is coming from my office. as start getting concerned. i got to my computer and its executive, fbi sulfone within the area two hours ago. the fbi came to search my apartment. so i wanted to help them out. i went over to the donut shop and bought a big box. making sure there was nothing interesting there, cleaning up my apartment to mike and a big box tomorrow fbi doughnuts and suck them in the refrigerator. they were kind of irritated. again, i was in this insane cat and mouse game with the federal government. eventually, as always, the fbi always get their man. i was arrested. 1995 they through the buck me. in solitary for a while.

went through long process of dealing with the federal government. we finally settled the case. three months after i got out of custody, who is calling? senator fred thompson said at -- senator fred thompson and joseph lieberman. they want me to come to washington so that i can advise them on many computer systems owned or operated by the federal demint. here i am walking out of custody after being this bad hacker. now the government is asking me for my health. i went and testified and offered them the advice that i could. then i basically from that point became what we call an ethical hackers. now i have acted to systems all the time. a couple of days ago and broke into a server. the only difference is now have authorization. the company now allows me to hacked in so that i can find security holes, so that they can fix them before the real bad guys break-in and cause damage. there is a little bit about my

story. i have some demos to show you. when i do speaking engagements buzzing makes the audience happier than doing some demos. interested in taking a look? all right. perfect. about six months ago i had a assignment to break physically into my client's building in san diego california. have you ever seen a lot of, at least a lot of access devices that the physical and his aides id cards? with this device is, and that didn't build it, i simply bought it. it is called h. id cards to for. so if i can get close enough to somebody wearing the card i can steal the access credentials and then replay them into the

device. now, imagine if you're wearing a suit. this is kind of, you put this in your pockets. you run this up the sleeve. hi, how're you doing. tap someone of the shoulder and you will be close enough to capture their credentials. i'll show you how this works. let me see. i have three demos that i think i kind of need. so, this is like an hiv reader. you pass the card. hold on a second. let me restate this. of course, murphy's law, right? where is none else. i think my machine broke. one second. i don't even see the mouse.

oh, there it is. all right. who is heading into a limousine. all right. all right. this is like a card i.d. this id is 113. you have probably seen this on a lot of doors around new york city. imagine i'm the bad guy. i want to steal the credentials. all i have to do is set this up. i have this little battery pack. obviously not trying to carry a computer with you, so the battery pack is hidden, kind of like a magician. this is the antenna. basically how it works is if you press down this button it basically goes into a mode where

this is 1led is lit. this is a replay. pass it in front of the device. there should not be anything there. hold that up for me. nothing is there. it nothing to replace. did what i do is press down here, and you will see another led. now is in listen mode, waiting for me to steal cars credentials. take a look. you will see goes off. it has not stolen the credentials. i stole them. now i want to use them. press the button again, and now is in play mode. ipads the card. this is called a. ♪ spill over. if someone is getting too close to you and patting you on the back. they might just be, you know,

not really a good friend of yours. trying to steal your credentials. i use this in security assessments. i find restaurants, starbucks. usually a lot of the word of their hip rather than around the neck. it takes a second. brush by them. steal their credentials. that's one. kind of cool. let me show you another . this is called mice by breached. everybody has heard the fishing. citibank, ebay kamal paypall tony there's been a problem with your account. it brings you to a page it definitely is not paypall or ebay. someone trying to steal credentials. now, as the industry has pushed down on the bubble of fraud,

what it does is pops out somewhere else. they are using voice response systems. call your bank. you never get a person. you get an automated system. they want you to put in your credentials, account number. if it is correct a chance for you to somebody. imagine if i could send you, make it look like it is coming from a financial institution, but instead of asking you to click on the link because everyone is smarter than that, and you're not a point of the love for. it says, we found a problem with your account, please tell us or you're cal will be terminated. what are the chances you simply call the bank? let me show you what happens if i sent you this e-mail and you call. i want you to watch the screen. aboard to try to put this on speaker phone. i don't have a phone here.

what we are going to do is called chase. anybody have a chase card here? [laughter] i don't know why nobody volunteers. i have one. so imagine getting an e-mail that says to call. the number. whoops. on a speakerphone. and then i want you to watch my computer as this happens. this is the real thing. >> welcome to credit-card services. please enter the last four digits of your credit card account number. >> asking me for my credit card account number. that's weird. >> we're sorry, the number you entered was not recognized.

please enter your full 16 digit credit-card account number. >> some people will put in their account number. put your pans away. capturing the card number in real time. >> please enter your zip code. >> telling me to authenticate with my zip code. 89074. >> to speak to an advisor, please press zero at any time. your current balance is 10,000 -- okay. >> that's a big balance. these bits of hotels in new york. so, anyway, how these actually worked is i did the man in the middle attack. i give out a telephone number that looks like it is the banks, toll-free. when the victim calls it, they're calling a number that i have control of which connects to a system running open source. my system calls up to the real

thing. i am the man in the middle. you can do all the transactions and talk to the customer service representative, but i get all your credentials, and there is no way to detect this. the only way to detect this is to be worried a check to make sure the phone-number actually belongs to the bank. so this is -- the way hackers were doing this before, and i thought of this is a better system, they set up an open source, which is an open source pbs. what they do is call banks, credit card companies, record crops. they set up their own number, so it sounds like the bank and feels like the bank, but if you put in your real critics as it does not work because it is a fake. basically they say, well, we are sorry. there has been a problem with your account. please talk to our customer service rep. and we will transfer you to music on hold forever. this is a better way. one last memo that i thought

would be cool to show. it's about getting information. i need a volunteer. what i'm going to try to do is get your address, phone number, date of birth, and social security number within 60 seconds. so, if i can do it, that you know that the identity the stand, too. this is kind of a wake-up call to show you how easily somebody can get your information on the internet. i'm looking for somebody that does not have a name like bill smith, somebody that has established credit, not somebody who is in high school. the volunteers? you have to allow me to display all of your staff to everybody in this room. [laughter] come on down. come on down. you have to give me your real name, not somebody else's. i no you're not donald trump. all right. databases. "ghost in the wires" new york?

>> sorry? >> to you live in new york? >> yes. >> here is a database that anybody can subscribe to. let me make the window a little bit different. well we're going to do -- i will just to name and state to make it easier. so your name? spell it. r-e-i -- and your first name? [inaudible] >> that is good. that is not going to be like bill smith or terry jones. let's see what we can find. how long have you been in new york? >> twenty-three years. >> this should find you. all right. for a dollar 50 let me show you what led to the thieves can do. scary. is that you? your social. >> my lawyer can answer that question. >> twenty-two.

june 1st, 1989. so this is how easy edge is the thieves can use databases teeter social commentator birth to my driver's license information. that is easy as well. [inaudible] >> by u.s. mail. >> does not matter. does not matter. does not matter. in fact, people think their mother's maiden names are secret. of show you another. in fact, what is your mother's maiden name? [inaudible] >> what? [inaudible] >> thank you very much. i will use that later. [laughter] i'm sorry. all right. : one second. hopefully my cows still works here. this is kind of scary. i was surprised.

in case you are looking for my password, a is kevin 123, making easier. so, mother's maiden name. who played in catch me if you can't? frank abigail? dicaprio. he was born in california. let's see if i could find his mother's maiden name. so dicaprio. and then we will dislike for anyone, leonardo. we'll do a search. there we go. we found leonardo dicaprio, his mother's maiden name. that is how easy it is. if you lived it -- you live in a database nation. kirsten get your mother's maiden name, driver's license number, social security, never use those as a password. i remember calling my bank five

years ago. they go, having been authenticate me. i said, want to use a password. they said, no, your social is secure. no one can get it. d'agata, can i give your name, i want to show you something cool. oh, no. i was that it will test show that they can believe that the socialists like an open book. i am here to sign books. i have a gift for all of you that have showed up. the gift is my business card. what is cool about this business card, what is cool is that if you get locked out of your house this is a lock picks said. [laughter] so every time i go through the airport and tsa, i carry a lot of them. d'agata bag check. they go, that is cool. a circuit board. i go, no. i explain. a lock pick said. cool, can i have one. i make friends with everyone at

tsa. so i have a car for all of you. kind of a gift. [applause] [applause] you can ask me anything you want. except my password. and then i will be happy to, you know -- then i guess you will do some book signings or whenever. >> if everybody could please wait for the microphone. important for the recording and so everyone can hear. >> height. now that you have revealed -- >> i know your name. >> shoot me now. >> now that you have revealed everything, how do you conceal or keep it private for the future? >> you have no privacy, get over it. that is the problem. that is why there is such a problem with that into the theft of america. it is so easy to steal the information. it is simple. that is the problem.

the system is broken. you authenticate under social security number or mother's maiden name, which is not the thing to do nowadays. >> do you agree with your friend adrian? >> what? >> your friend, adrian. >> yes. >> do you agree with his decision to give to the authorities? >> i don't agree with why. adrian is the guy that turned in bradley manning who was the, i think, the private in the u.s. army who stole the documents and turned them over to wikileaks. what i know of his background, and i know the only reason he did it was for media attention, not because he was a patriot or afraid to be a co-conspirator. i think he did it to their reasons, to basically informed on somebody for his own personal benefit. for that reason i don't agree with it. if he did it because he wanted to protect the country or he was afraid of being prosecuted as a

co-conspirator than 100 percent he should have done it. there is my answer. >> thanks. >> you're welcome. wait for the microphone. >> hello. i've wondered if when people use a service like restitution dot com to get themselves removed whether that actually works. >> you get removed out of some, but the information is already out there, but and sold. there is no way. the only way to get yourself out of databases is do what i did. i would not suggest it. that is the only way, unfortunately. yes, sir. a microphone. thank you. >> high. my name is steve. first, i want to thank you for the radio interview this morning. that's all i learned about this. >> great. okay. >> i have been involved in education and teaching a lot of

stuff with computers and robotics. a number of years ago i personally got into this thing with a company that was developing software, basically that was encrypting your own personal e-mail, your own personal messages. >> okay. >> one of the company's was using an algorithm called blowfish. his company. and after that, ppg and other things like this. steve you have any idea why in the present society people are so open with these communications and send stuff basically to the internet and through the air and through everywhere without a cryptic it? or do you feel that encryption is something that can be hapten ---broken into at this meeting is to use. >> love, when i was a fugitive the fbi used in cryptic radio transmissions. i really wants to know what they were saying in case there were close to me taser there are not

talking about me so that i can get the hell out of there. and so rather than trying to crack the crypto, which was developed by motorola, are trying to get the key, what i did was call a denial of service attack. one side was trying to communicate, would jam the signal. i did this to your four times. the agents about their radios or malfunctioning and went into the clear, so i can hear the whole conversation. that was a way of cracking government cracked up to five crypto without the key. >> i was talking about government, i was talking about me sending you any melt so i know only you would be getting it. in fact and i am so terrified of this e-mail business that most of my -- >> you can use crypto. >> most of my communication with the outside world, i seriously use u.s. milk. >> but if i wanted to get your communications i would not be worried about intercepting it in

real time. i would basically break into your system using some sort of exploit in plan now where so that i could intercept your keystrokes just because you use income to the milk is not be your secure. >> you are saying the encrypted e-mail is taxable. >> that depends on the end point. you kids break into alice or bob's computer and get the anchor to communication without bothering to crack, you know, the key. >> i have been the victim of two banks. municipal bonds being transferred from one bonds -- one bank to the other, and between the two it was literally robs into never wear. detective three years to try to trace it. that was the only thing that was physical. from that point on i do robotics top programming. very much into public domain.

i am terrified of the melt. i think you understand the reason. >> and the stand for. >> sake you very much. >> sent you for coming. i want to the pass the mike. >> how did you get started with the free kevin movement? >> well, at 2600 magazine. what happened, because of the unusual things that happened in my case that i was held for four and a half years without trial, a lot of -- they would not give us access to discovery, a lot of issues. emmanuel goldstein, after about three years of this happening, stuff in the free kevin movement, to get the word out about what was happening with my case. >> how did you hear about it it originally? >> basically by family, people sending the snail mail when i was in custody. that's all i found out. telephone calls that i had with family and friends. >> i just thought it was an interesting story of you putting the sticker to the window and

everything. >> oh, yes. when i was in custody is in the bumper stickers. on my 305th birthday people from 2600 magazine came out to the prison. i knew there were there. as said, wait until 130 in delegate at pastille the law library. i had every cabin bumper sticker. while i was in custody i was able to get put the bumper sticker up and there could snap a photo. >> that you very much. you go ahead. i cannot hear you. >> is being a white hack -- >> microphone. >> is being a white hacker and death row and interest that to replace? >> oh, yeah. my drive for hacking was intellectual curiosity, pursuit of knowledge, you know, seduction of adventure.

it was never about stealing money or running elsewhere. i did get a huge endorphin rush when i was able to crack a system because it was like a video game that bypasses a security obstacles. and get the same endorphins today. when i get into a system i really feel good about it, and it is kind of like a little bit of those seeking. i get paid for what i did illegally years ago. that's pretty good. i was like, you know, take something that is a criminal activity in make illegal. yes. >> when i saw you doing the hi t intercept on my immediate thought was basically to so everyone knows, rf id. is that pretty easily breakable as low? >> i have not really messed with rfid. there is a guy named chris paget. he was able to -- i think that is defcon.

able to that intercept rfid cards and a pretty substantial distance. again, you know, the technology is the only one that i have looked at because of doing physical testing. i have not really looked at c-span.org stuff. -- rfid stuff. >> high. >> hey. >> obviously you have experienced the problems with the system. >> just a bit. >> and what type of advocacy duty today in order to fix some of these things? and you have testified before congress. is there any more underground stuff going on? >> well, i have not advocated anything because i feel like and powerless to chase the system. you know, the world has changed. mike case was prior to september 11th, and everything was completely different.

the patriot acted a lot of laws passed to protect us from terrorism, but the government wants to keep them on the books even after threats dissolved because it gives them more power. i mean, it has actually got worse than it was back in the mid-90s. unfortunately we have to live with it. yes. >> lopez, question for you. my entry started at a young age with computers. by you, i must say. thank you. what was your first experience with a computer system. >> high-school. i was a senior in high school and i tried to get into the computer class, and the instructor refused because i did not meet the prerequisites of having calculus and all of these other prerequisites under my belt. i started showing him some of the tricks. he said, okay.

you can come into class. that was my first experience working with computers. of course, the teacher probably regrets that decision today. i kind of drove him crazy. one of the first programming assignments was to write a program that would find the first 100 phonology numbers. i thought that was kind of boring. i thought up cool a program would be one that would still everyone's password. that would be cool. the students would be at the terminals. i wrote a log in simulator. when they were locking in they were talking to my program and of the computer's operating system. so, unfortunately i did not have enough time to finish the fibonacci assignment. i turned then my password stealer program, and the teacher was impressed and give me in a. and a lot of that a boy. he read this program. today if you did that school you would probably be arrested. so back in my day hacking was

not illegal, and you were actually encouraged by teachers and high-school that it was a cool thing to do. and because, probably he's ethics is let me on the path of where i started out attacking. i got so passionate with it that i just didn't stop. in the other questions? the question of there. >> sorry. i have it right here. >> okay. >> when you were doing all of your hacking and when you were on the lam, did you think that you would be caught and, you know, at the end. >> no. actually, when i was running from the government i was so adept at creating new identities that i thought it would be really difficult. i always thought in the back of my mind that i would keep doing the same thing. i continue to hack. eventually i figured that if i made a mistake and probably wouldn't get caught, but i was

not thinking that i'm going to get caught. i thought i would house what the fbi which obviously was a ridiculous notion. many, many years ago. this began as a cat and mouse game. i did not look over my shoulder. i was not afraid of every cop car that past because i had bonafide government issued aideed and legitimate jobs, working in a law firm in denver, hospital in seattle. i set up early warning systems that the law firm. one of my responsibilities was supporting the law firm's telephone system, which was kind of cooled off. i could not have written this job description better myself because now i was able to insert coded to the telephone system so that if anyone called the u.s. attorney's office or the fbi it would immediately send me a page with a four digit code. 6565, which happens to be the last four digits for the

telephone for the fbi in los angeles. early warning system so if anyone hit the tripwire i would be allowed to get out quickly enough. >> i want to know. it seems like obviously you are doing all this for the thrill of it. is there anything you are seeing now that kind of scares you that people are doing? >> the trend for hacking has changed. all about organized crime, leveraging hacking skills, recruited to steal credit card accounts, bank fraud. now has become a huge problem. back in my day the people i seceded within myself, it was not about the money, it was about the thrill and exploration. it is all changed. you still have groups of hackers the do it. but they were more for the media attention than four sending a political message.

but most of the trend has gone toward profit. >> so, i have kind of a funny question. i have heard a couple different versions of the date you got actually arrested. one of the versions has you coming to the door, and the fbi agents saying, this is kevin. you are kevin. you deny it and say come back to you wanted to show up tomorrow. it threw them for a loop. >> it's actually detailed in the book. >> excellent. >> the full details of what has happened to, i had the fbi. they were not sure that i was kevin mitnick 43 and and a half hours because i guess i was a good actor that date. error number at one point when they were searching my apartment they handed me a wanted poster. they handed it to me. they said, does that look like

cute. i studied it thinking that i could really get out of this. i go, no, it doesn't. what am i going to say. so i have them going for three and a half hours. they don't play games. if they was mitnick they would arrest me and take me down. they don't have time to joke around. i was really hoping for, and at 1. i was hoping i could get out of the situation. one of the case agency says, well, we're going to have to take you down to the office and trigger preview to see if your ready mitnick not. i said, what did you think of that idea earlier and we would not have wasted all this time. tell me what time to show up tomorrow morning in a beecher office. i tried. i had nothing to lose. i did my best. of course it didn't work. i did my best. he's a mike. >> my question was actually

about, in essence your book is a lot -- you're packing his social engineering. >> both. >> you consider yourself more analogous to frank abignail, jr. then you do are stereotypical understanding of what a hacker is, like from what we see in movies. d you think that is more of what you do to, as opposed to what frank abignail, jr. was doing? >> actually, i was doing social and jerry and technical attacks. for example, a technical exploit to get into a large company looking for a piece of code because of wanted to examine that code. if i accepted figure on how to break into that type of operating system. then i would use social engineering to find out what server the dakota was interested in was on because it would be much faster than the sitting of the network from month looking for a.

i basically used social engineering technical exploitation, but we've focused more on the social engineering side because we thought it was more interesting. and frank abignail, jr. reviewed the book and he liked it. he called me a master social engineer. i don't know what that means in his category, but my guess is compliment. very happy that he did because he never reviews books. it was a great honor. any other questions? >> what is your relationship to john bark of? >> john bark off you follow me on twitter. obviously we have not spoken. the new york times reporter who wrote about me back in the 1990's. in his reporting he actually stated things as facts that were not true. i have acted to norad in 1983 and nearly severed a nuclear

war. that was right out of war games. and amongst other ridiculous accusations, and what it did was elevate the interest the government had in the kevin mitnick case. his agenda, i think, was actually he was to write a book into a movie. so if you have the new york times at your disposal, imagine the interest you can create and cashen. so on twitter the other day, of course, fan naturally born smart. i said, new york times did a book review. i said, i don't understand this. the last three times they are about the ag was on the front page, and i'm not this time. so mark of actually responded one of today's later and said committee that is because it wasn't written well. i told him, i said, listen. let bygones be bygones. i really think he should become

of fictional writer because you have a great imagination. then it all stopped. anyone else to back. >> were you in the carding game also? >> what? >> carding. >> no. that is using other people's credit card numbers. >> have you read kevin's new book? >> an excellent new book called kingpin. it is about the carding underground, and i highly recommend it. >> everything is true in that book. >> i believe so, yes. >> is there anything you would like to share? >> we could be here all night.

>> well,. >> party till tomorrow morning. a lot the could not put in the buck. paris, my editor over there, my fantastic editor -- a. [applause] -- kept telling bill and night, over word count come over workout, captain, would become a 30%. i could not figure out what stories to cat. there were so interesting to me. just like and up -- on miracle. he decided we would leave a lot of the stories said. but i actually -- we just missed the story. i wanted to include. obviously can't added in now. next book. >> the next book. >> i'm trying to think of what i was thinking of the other day. okay. here is one. when i was running from the

government's on my computer i kept everything in a cryptic. at the time i was using norton discreet. supposed to be using 56 bit two in crib your virtual disk. this guy named peter deadman, world-renowned cryptographer wrote a white paper talking about how vulnerable this tree was. i read it and went to welcome my god. i'm using this product. what i did as a hacker, i hacked into norton into the source code. i analyze the myself and found out there was only 30 bits of atrophied, meaning 56 bits of keys was really 30 effective dates which means that anybody can crack in that time. of course, as any good hacker would come back changed the encryption july was using, and the feds were never -- never able to crack the key. there is one story that is not in the book.

i had back there. >> to you have any advice for starting your own penetration testing company or anything like that? obviously things are a lot different nowadays. >> you want to be my competitor and advise you? [laughter] i think it is a terrible business, and you should not compete. [laughter] actually, hire the best people. when i detest, i have an hourly rate. what i'd do is figure out how many hours it will take. because i am so passionate with this type of technology, i ordinarily spend twice the amount of time, so i'm basically, you know, doing this pretty much free because in this bill but the agreement i only have to spend x amount of time, but i find i want to investigate something. i end up spending sometimes double the time.

i'm not judging the client more because of what to do a great job. the good thing is i get a lot of repeat business. my clients go, wow, you went overboard. yes. i want to own everything you half. own means break-in. if i don't reckon to everything i don't feel i've done my job. >> start with this. when you were talking, he said the world has changed a lot. from my experiences, i work with high-school students. there are a lot of kids that are fascinated by hacking. what they are doing are things like trying to take video games and get the codes so that they can change the game's elite so that they can move it from one game platform to a computer or something else. old-style hacking is alive and well to some extent. the second thing i wanted to

point out, how do you feel about open source material, open source coding, things that are publicly shared? >> i am a proponent of open source. i use it myself. in fact, there is a 10-year-old girl, she was actually able to crack some of the video games by messing with the timing. 18-year-old girl that was a hacker. so kids these gains, what are they going to grow up to be? really did pen testers are scary people? any other questions? so, these business cards actually cost me money. rather than sell them to you, all i needed your password. [laughter] i'm kidding. [applause] [applause]

i hope you enjoy the book. it has been great talking to everybody here. alcohol last thing. in each chapter you will see on the chapter heading there is a cryptogram. so of the odd chapters the cryptograms are quite easy. on that even chapters there are a little more difficult. because i cannot legally do this , this is what i will probably do. it is not a promise. everyone who is able to crack the code, i will have a website you can register at to prove you were able. i will put their names and a bucket and drop to names. the fbi was kind enough to return my computer evidence. the fbi evidence banks and fingerprint dust. i will probably give out ten of those. not a promise, so it's not a contest, but that is probably what will do. i will be happy to give out cards, books, or whenever.

all right. let me do that after. [inaudible conversations] >> for more permission on kevin mitnick visit mitnick security dot com. >> what are you reading this summer? book tv wants to know. ♪ tell us what you are reading this summer. send us that tweets @booktv. >> and the core issue just to kind of pan out of little bit is, how did you get young people into the work force?

in this case specifically the white-collar work force. how do you move students, especially from site 101 classrooms in a building like this into office jobs where they will probably be in our service economy? what is that process? what is the best way to do that, the most humane way to do that, and the way that ensures a sort of highest level of social justice possible in terms of making that an equitable process. i essentially find that the current haphazard unregulated free-for-all system of internships has grown up to be inadequate. details are test of what would be a rational, humane, and even efficient way of getting people from point a to point b. just to see it on of very macro level.

anyway, internships originated. the term in turn originally from french. for several hundred years, use in french hospitals as a term for junior doctors, apprenticing doctors. comes to the states probably sometime in the mid-19th century. the word itself at that time, still spelled intern with an espn. kinda french. it is essentially means a young doctor who is in turn to. the four walls of the hospital for your soul, usually a year, the junior tasks, bloodletting, applying leeches. whenever it was. grisly things, probably over work and possibly with some resemblance to today's. in any case, working with anna hospital before they get to

become a full on medical practitioner. and i think this is more speculative, but there are probably a number of workplace practices that you can practice medicine and law because these are prestigious fields. that is certainly the case with internships. it has become common practice, nearly 20th-century, just at the time when the medical profession is rationalizing and modernizing itself. they're shutting down. the country used to be full of substandard medicine schools, producing doctors of highly varying quality. the american medical association taking steps as we need to get rid of the lack of certification and accreditation and these things which are arising in the early 20th-century and lots of different areas, but in medicine

one of the results this and internships as a time of applied postgraduate, as it were, kind of learning, a transition time between your school years in medical school, essentially, and your work as a medical practitioner. so, those are the origins, and it takes a long time. essentially not until -- it takes several decades, not until the 1930's and 40's to use the other fields in industries kind of looking to this in turn should malo and borrowing the word. as far as i can tell, people may find other examples. in the 1930's you see the feel the public ministration going to the same process. so the government of new york, los angeles, detroit, the state government of california. in the 1930's and establishing programs, essentially just the time when governments are vastly

expanding, various social programs. there is a push to rationalize public administration. one of the things you rationalize when you do your standardization and rationalization of the field is the process by which people enter. so internships fill that role. it seems like public administration, not politics so much, not what you might have think of a species unto itself. but public ministration in the first place, adopting in intensive model. after world war two it begins to become much more general, in d.c. corporate america looking for internships. you see the growth of public -- human resources in terms, it becomes any firm of any size, i human-resources department, and the human resources department is tasked with having a rational means of reporting in green in

new in please. and they established internships programs. large companies like general electric, at&t committees to -- kinds of companies. at that time there mostly paid situations. page, trading based. seem to be about recruitment. it is about, you know, going to the local colleges and universities and bringing in the best and brightest. paying them what you're training them and then drawing them into the corporate culture. then they will work for you. a certain number of interns each year. very structured programs based around ideas of structured training. so, a new threat in tears in the 1960's and '70's. as far as i can tell, this is where the academy becomes more

interesting, internships as a kind of applied learning beyond the classroom. it is that the first example of that experiential education. the ideas about applied learning and learning and going back 100 years, but the specific model of internships, for instance, sociology departments in the 1960's and '70's began to contact a student planning department. i know this happened in new york. take a few of our students each year, each semester to, you know, to show them how the planning office works, that sort of thing. and so you see the academy began to be involved, especially at this time this is also a very american kind of phenomenon. just know that on this side, although i want to mention the international dimension. the internships explosion. and essentially schools are

saying that they are responding to students' needs. this is the generation of baby boomers at universities saying, we want to apply our learning and get academic credit. we want to, you know, go beyond the classroom and be active in the community. seen as a kind of, you know, seen as an interest in the broader society, going beyond the ivory tower. that is another theme that enters the into chip discourse. but particularly interesting and what i particularly cover in the book is like of the explosion. >> you can watch this and other programs online at booktv.org. ♪ >> coming up next, book tv presents "after words," an hourlong program where we invite guest host to its