Professional Documents
Culture Documents
Running Head: Kevin Mitnick: From Black Hat To White Hat 1
Running Head: Kevin Mitnick: From Black Hat To White Hat 1
Isha Mujumdar
EC-Council University
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 2
Table of Contents
1. Abstract 4
2. Introduction 5
3. The Hacker 6
a. Early Life 6
b. Education 6
4. The Crime 8
5. The Punishment 10
b. As a Fugitive 11
6. Applying Theory 12
b. Controversies 14
c. Fan-following 15
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 3
a. The Author 16
b. The Consultant 17
c. Mitnick Security 17
9. Conclusion 18
10. Bibliography 19
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 4
Abstract
The most basic explanation of the term hacking can be given as finding a way to make
machines and/or technology do thinks in a way other than their routine tasks. This meaning has
changed many times over the years and today is mostly related to the unauthorized access and
use of digital devices and data. But many people have a misconception that hacking involves the
sole use of technology. Hacking also has a human element to it which has been targeted by
hackers for many years and still remains one of the major sources of cybercrimes. This paper is
about the life of a famous, probably “the” famous hacker who exploited this very human element
to become the greatest hacker of all. Kevin Mitnick – the name which immediately comes to
mind when anybody mentions the word hacker, used social engineering as his primary weapon
and shook the cyberspace by making any hack possible. This paper consists of everything related
to Kevin, from his crimes, his punishments, his fugitive days to the white hat hacker he is today
with a big cyber security firm and millions of fans and admirers.
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 5
Introduction
Hacking has taken various forms over the years ever since its debut at the MIT in the
1960s. Generations of hackers have come and gone, each bringing with them a new flavor to
hacking, whether it be good or bad. Where most of the hackers have worked anonymously, there
still are some very famous names in the hacker world who have rose to fame with their ethical as
well as unethical behavior. One of the most popular names is that of Kevin Mitnick, once termed
as the world’s most-wanted hacker. He can be called as the pioneering force behind the concept
of exploiting the human link for hacking, popularly known today as social engineering. He has
committed many cyber crimes ever since he was a teenager, been a fugitive, served term in
prison and today runs a cyber security firm. This research paper provides an insight into the
journey of Kevin Mitnick from a black hat cyber criminal to a white hat cyber security specialist.
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 6
The Hacker
“I went from being a kid who loved to perform magic tricks to becoming the world’s
most notorious hacker, feared by corporations and the government” – Kevin Mitnick. This single
Early Life
Born on 6th August 1963 in Van Nuys, California, he grew up in Los Angeles and stayed
with his mother after his parents got divorced (Mitnick & Simon, 2011). He always was a loner
and would go about exploring the countryside by himself, usually taking the bus, which he later
rode for free. He used to be fascinated by watching his neighbor perform different sorts of magic
tricks and got hooked onto the idea of becoming a magician because of him.
Education
The first mention of the term hacking was in the same decade in which Kevin was born
i.e. the 1960s. Hacking was not what it is today, it was neither a crime nor remotely related to
anything unethical. It was just a bunch of coding lines developed by the genius minds at MIT for
getting the regular work done faster in the mainframe computers of those times ("The History of
Hacking", n.d.). The main motive for hacking was usually the curiosity related to the machines
and technology and tinkering with them in order to make them do something new or different
This curiosity angle slowly began to be replaced by the thrill of getting stuff for free as
the 70s emerged. This means that from innocent tweaks to technology, hacking was now shifting
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 7
towards illegal activities, or what is called “cybercrime”. A common target of hacks that time
was the long-distance calling system, where the hackers used to study the routing and working of
telephone networks and make free phone calls (known as phone phreaking). Other cybercrimes
which became popular during this time were dumpster diving and impersonation. A famous case
of dumpster diving occurred when Jerry Neal Schneider used this technique to get important
printouts from Pacific Telephone and Telegraph company (Bosworth, Kabay, & Whyne, 2014).
Although impersonation does not exactly fit into computer-related crimes, it was, and still is, a
very effective social engineering technique used to get unauthorized access anywhere.
Such was the scenario of hacking and cyber crimes when Kevin was growing up and
although not very high-level cybercrimes had been committed by then, it would not be very later
when an impulsive teenager by the name of Kevin Mitnick would go on to carry out some of the
towards criminal activities. Kevin also had some characteristic attributes which attracted him
towards hacking and eventually cybercrimes. According to (Mitnick & Simon, 2011), he
developed a fascination for magic at a very young age and observed that people liked to be
deceived. The thrill he got from doing free phone calls or riding the bus for free pushed him
further towards illegal and unethical hacking. Some traits which he and many other black hats
possess are compulsive and obsessive nature, general disregard for rules and regulations,
ingenious minds, thirst for knowledge, acting on impulse etc. All these inherent traits made
Kevin continue to break rules just for the thrill of hacking and paved way for him to be the
The Crime
Kevin was never a technically genius programmer. Therefore, he almost always took
advantage of the human element to successfully hack into systems. His convincing powers and
presence of mind saw him through any kind of barrier which would present itself. Unsuspecting
and extremely helpful employees would thus reveal vital information to him without any
suspicious thought crossing their mind. This trick of getting information out of someone else is
today known as social engineering. It was Kevin who showed the world that a bunch of carefully
thought out words could help hack into any big organization, with minimal technical equipment
required. The art of social engineering is still widely practiced today by many hackers and
Phone phreaking was one of the most favorite types of hacking for Kevin. He had deeply
studied all the aspects of the working of telephones, trunking etc. and spent hours in making free
phone calls, posing as telephone operator, getting phone number of anyone he liked, including
many celebrities (Mitnick & Simon, 2011). Other than phreaking, Kevin used techniques like
1980 - Hacking into the RSTS/E1 system “Ark” at Digital Equipment using just
social engineering. He had gained accessed to the login credentials of all the
developers.
Pacific Bell.
Operations (SCO) and tying to get the source code of their Unix-based operating
system.
1988 – Hacking into the systems of Digital Equipment Corporation (DEC) and
1993 – Hacking into Sun Microsystems and copying a number of confidential files
and softwares.
Social engineering his way into successfully obtaining the source code for Motorola
1
RSTS/E
2
COSMOS
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 10
The Punishment
Kevin Mitnick was involved in various types of phreaking and hacking cases ever since
he was a teenager. So, it’s but obvious that he has had run-ins with law authorities on many
occasions. According to (Mitnick & Simon, 2011), the first one occurred when he was a student
at Monroe High School and had inserted a password stealing program in the lab computers of
Cal State campus at Northridge (CSUN). Although he was not arrested because of lack of
computer crime laws at that time, this was his first of many warnings from the authorities. His
hacking of the RSTS/E system of Bloodstock Research company finally brought the FBI on his
track for the first time. From here on, Mitnick had realized that he would be monitored by the
authorities, but he still continued his hacking pursuits and succeeded in evading law authorities
His first arrest occurred in 1981 on the charges of stealing COSMOS manuals. Being a
juvenile and because of the fact that handling cyber crimes was still new to the law authorities,
he was sent to California Youth Authority (CYA) facility for ninety days. Following this he had
to attend court-mandated counselling sessions, the result of which was he being declared as
obsessed/addicted to hacking.
His final and widely publicized arrest occurred in 1995 when the FBI tracked him down
to Raleigh, North Carolina with the help of Tsutomu Shimomura, who had been on Kevin’s trail
following the hacking of his computer system by Kevin (Chuang, 2018). He was charged with
multiple accounts of phreaking, hacking, copying software and causing losses to big companies
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 11
like Sun Microsystems, Motorola, Nokia and many more. This was followed by a five-year term
As a Fugitive
Kevin was arrested in 1989 on the charges of computer hacking. Nearing the end of his
supervised release in 1992, he ran away with the plan to disappear and live with a new identity.
Henceforth began his life as a fugitive. With the knowledge he had acquired as a kid by reading
books about disguises and changing identities at the Survival Bookstore, he took on a new name
“Eric Weiss” after his idol escape artist Harry Houdini (Mitnick & Simon, 2011). He chose a
person by the same name to impersonate and gathered information about him using his ingenious
After moving into Denver, Kevin managed to acquire a job in the IT Department of an
international law firm Holme, Roberts and Owen. It was during this time that he hacked into the
systems of Sun Microsystems, Novell and Motorola. Successfully covering his tracks, it had
become almost impossible for the FBI to nab Kevin. Then one day in December 1994, Kevin
broke into the computer system of Tsutomu Shimomura, a cyber security expert, for stealing
code to hack into cellular phones ("Great Rivalries in Cybersecurity”, n.d.). Shimomura took
offence personally and got hooked onto finding the hacker. He finally traced Kevin to Raleigh,
North Carolina and it was from here that FBI finally arrested their long-time fugitive in 1995.
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 12
Applying Theory
Kevin’s attraction to hacking started at a very early age. The various hacks which he
witnessed around him were the stepping stones towards his hacking record (Mitnick & Simon,
2011) -
Magic - At the age of 10, he got intrigued by one of the foremost arts of deception –
magic. And when he witnessed the audience getting immense joy at being deceived, that
was one of the factors which he took advantage of in the course of his hacking attempts.
Free calling - The next and most important factor which attracted him to hacking was the
concept of getting through phone calls for free. This was first introduced to him by a bus
conductor named Bob Arkow who demonstrated making of free phone calls using auto
Free bus rides – The concept of getting free stuff greatly appealed to Kevin and this did
not stop at phone calls. At the mere age of 12, he succeeded in riding buses for free by
punching his own transfers using a combination of social engineering and dumpster
diving techniques. The pleasure he got from saving all the money for bus tickets took him
There were many instances and people who directly or indirectly acted as a source of
motivation for Kevin to further continue his antics (Mitnick & Simon, 2011) –
The fact that he took free bus rides was known to his parents as well as some bus drivers.
But instead of stopping him, he was tagged as clever and his stunts were seen as just
laughable. Such a response from adults encouraged him to continue his illicit activities.
While learning to read aloud the Torah scroll, Kevin realized that he had a quite a good
knack of mimicking accents and gestures of others, which later served as his go-to tool
when he social-engineered people into trusting him and telling confidential information.
Once he saw his Uncle Mitchell talk his way into getting his work done at once at the
Department of Motor Vehicles (DMV). The ease with which his uncle was able to
convince the clerk to ignore the long line of people and attend to him first was an
inspiration to Kevin.
The success of his small antics from free calling, bus rides, frequently using his teacher’s
passwords etc. motivated him for bigger and more serious cybercrimes. The
underdeveloped cyber laws of that time also contributed to him continuing to breaking
The hacking abilities of Kevin were never a question to anyone in the world, especially
the U.S. government. They had a complete, although little exaggerated faith in Kevin’s ability to
hack anything. That may be the reason that when in prison, initially he was not allowed to use a
phone because authorities feared that he might be able to hack simply using the phone.
According to (Affiliate, 2013), he was considered so dangerous that it was believed he could use
a phone to trigger a nuclear war. He was also banned from using any type of computer for eight
The extent to which Kevin had intruded into big organizations exposed the various
security loopholes and propelled government as well as organizations to enforce a more secure
system. The difficulty in taking legal action against Kevin during his teenage years also lead to
reforms in the existing cyber/ IT laws of U.S. and it would not be wrong to say that in a way,
Controversies
The biggest controversy in the life of Kevin Mitnick is the question that was he really the
dangerous hacker as claimed by the FBI or not. Protestors claimed that the government wanted to
make an example out of this case and hence the unreasonable charges were put up against him
(Kroll, 2000). Many communities believed that authoritarian tactics were being used and Kevin’s
crimes had been exaggerated beyond proportion. While Kevin claims that all his hacks were
solely for learning purpose, the victim corporations like Sun Microsystems, Motorola, Nokia etc.
along with the government alleged criminal motives. This controversy did raise an important
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 15
issue on defining the boundaries of hacking and cyber crime and how much freedom should be
Fan-following
The hacker community has always been an ardent supporter of Kevin and today not only
hackers but people from various age groups across the world respect his skills. His arrest in 1995
and the charges put up against him lead to one of the famous movements in cyber history – the
“FREE KEVIN” movement. This was the first time that Kevin’s supporters came forward to
protest against the seemingly outrageous charges and cruel persecution. The leading supporters
in this were 2600 community who first started this movement with yellow banners reading
“FREE KEVIN” in bold, black letters (Kroll, 2000). A number of fellow hackers also joined in
by hacking many websites to display the “FREE KEVIN” text. Steve Wozniac, Apple co-
By reforming himself into a white hat hacker, Kevin has earned an even larger number of
fans and supporters today, with many cyber security professionals idolizing him and striving to
Kevin Mitnick today has come a long way from his illegal hacking career to be held as
one of the most distinguished personalities in cyber security. He took a life-changing decision
after the end of his five-year term of using his expert hacking skills for the betterment of
cyberspace and began his new journey as a white hat hacker. Since then he has played various
roles in contributing to cyber security through various awareness and training programs,
consultancy services, network security services and much more. Today he is the foremost
The Author
As the expert in social engineering, Kevin has shared his immense knowledge and
experience through a number of books all of which have been bestsellers ("The World's Most
The Art of Deception (2001) – Co-authored with William L. Simon, this book pits the
low technology aspect of hacking i.e. social engineering against high technology
security. It emphasizes on the importance of human factor in cyber security and that it
The Art of Intrusion (2005) - Co-authored with William L. Simon, this book consists
of several real-life stories of intrusions into computer systems and explains where the
victims of these intrusions went wrong. It gives an in-depth look into how actually
intruders succeed.
the story of the world’s most famous hacker in his own words. His autobiography
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 17
explores his cyber adventures right from childhood to the most sought-after cyber
security specialist.
The Art of Invisibility (2017) - Co-authored with Robert Vamosi, this book tells
explains how consumer data is used and gives instructions on how to remain
“invisible”.
The Consultant
Kevin was released from prison in the year 2000 and two months since his release, he
was invited to testify in front of Senate Committee on the topic of safety of government from
cyber-attacks (Mitnick & Simon, 2011). The speech he delivered impressed every member of the
audience and from that day onwards offers for public speaking, interviews, computer consulting
started pouring in. Today he is regarded as one of the topmost authorities in cyber security and
has addressed a wide range of audience in universities, organizations, online on topics regarding
Mitnick Security
Mitnick Security Consulting, started by Kevin to provide cyber security services, is today
one of the leading cyber security firms providing consultancy services to the FBI and Fortune
500 companies. The firm provides a wide range of services like vulnerability assessment,
penetration testing, digital forensics, product security testing, incident response etc. with a
network of white hat hackers which they call the “Global Ghost Team” ("The World's Most
Famous Hacker", n.d.). In addition to running Mitnick Security, Kevin is the Chief Hacking
Officer of cyber security awareness company KnowBe4, where he gives security awareness
Conclusion
The whole life of Kevin Mitnick is a rollercoaster ride fit to be made into a movie. The
little kid who once wanted to be a great magician grew up to become the world’s most popular
and feared hacker, and then one of the best cyber security experts. If people witness those things
happening which they deem impossible, it is considered magic. In a way, Kevin fulfilled his
childhood desire by hacking and getting access to any system he liked – a feat which is
impossible for most people. In carrying out the some of the greatest hacks of all time, Kevin
showed little regard for all the laws he was breaking. It can be said that he was so obsessed with
learning new technology and hacking it that any other thing did not matter. Although he did hack
into some major companies, he never used the data for any criminal purpose. His sole motive
was learning by hacking. Even then, some of the offenses against him were falsely registered and
The most commendable thing about Kevin is that he did not go back to illegal hacking
once he was out of prison. He chose to reform himself and use his extraordinary skills for
securing the cyberspace which he had invaded so many times. It is also noteworthy that the
government and law enforcement agency recognized his potential and gave him a chance to
transform his life from the “Darkside Hacker”, as he was once known, to the best cyber security
Bibliography
Affiliate, S. U. (2013, April 11). Kevin Mitnick: The Hacking Hamburglar. Retrieved March 5,
hacking-hamburglar/#5137fda34ac9
Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer Security Handbook. Hoboken, NJ:
Chuang, T. (2018, March 16). Kevin Mitnick was the FBI's most wanted hacker in the '90s. He
was hiding in plain sight in Denver. Retrieved February 25, 2019, from
https://www.denverpost.com/2018/03/16/kevin-mitnick-fbi-most-wanted-hacker-denver/
Great Rivalries in Cybersecurity: Tsutomu Shimomura vs. Kevin Mitnick. (n.d.). Retrieved
vs-kevin-mitnick/
Kevin Mitnick Case: 1999 - No Bail, No Computer, Hacker Pleads Guilty. (n.d.). Retrieved
Kroll, J. (2000, January 21). Free Kevin, Kevin Freed. Retrieved March 5, 2019, from
https://www.linuxjournal.com/article/5052
Mitnick, K. D. 1., & Simon, W. L. (2011). Ghost in the wires: My adventures as the world's most
http://plaza.ufl.edu/ysmgator/projects/project2/history.html
The World's Most Famous Hacker. (n.d.). Retrieved March 7, 2019, from
https://mitnicksecurity.com/