Running Head: KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 1

Kevin Mitnick: From Black Hat to White Hat - Hat by Hat

Isha Mujumdar

EC-Council University
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 2

Table of Contents

1. Abstract 4

2. Introduction 5

3. The Hacker 6

a. Early Life 6

b. Education 6

c. Hacking during 1960s, 70s 6

d. Personality and Hacking 7

4. The Crime 8

a. Entry into the Hacker World 8

b. List of Some Major Crimes Committed 9

5. The Punishment 10

a. Arrests and Convictions 10

b. As a Fugitive 11

6. Applying Theory 12

a. Attraction towards Hacking 12

b. Motivation for Continuing Hacking 13

7. Impact on the World 14

a. Feared by U.S. government 14

b. Controversies 14

c. Fan-following 15
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 3

8. Journey from Black Hat to White Hat 16

a. The Author 16

b. The Consultant 17

c. Mitnick Security 17

9. Conclusion 18

10. Bibliography 19
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 4

Abstract

The most basic explanation of the term hacking can be given as finding a way to make

machines and/or technology do thinks in a way other than their routine tasks. This meaning has

changed many times over the years and today is mostly related to the unauthorized access and

use of digital devices and data. But many people have a misconception that hacking involves the

sole use of technology. Hacking also has a human element to it which has been targeted by

hackers for many years and still remains one of the major sources of cybercrimes. This paper is

about the life of a famous, probably “the” famous hacker who exploited this very human element

to become the greatest hacker of all. Kevin Mitnick – the name which immediately comes to

mind when anybody mentions the word hacker, used social engineering as his primary weapon

and shook the cyberspace by making any hack possible. This paper consists of everything related

to Kevin, from his crimes, his punishments, his fugitive days to the white hat hacker he is today

with a big cyber security firm and millions of fans and admirers.
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 5

Introduction

Hacking has taken various forms over the years ever since its debut at the MIT in the

1960s. Generations of hackers have come and gone, each bringing with them a new flavor to

hacking, whether it be good or bad. Where most of the hackers have worked anonymously, there

still are some very famous names in the hacker world who have rose to fame with their ethical as

well as unethical behavior. One of the most popular names is that of Kevin Mitnick, once termed

as the world’s most-wanted hacker. He can be called as the pioneering force behind the concept

of exploiting the human link for hacking, popularly known today as social engineering. He has

committed many cyber crimes ever since he was a teenager, been a fugitive, served term in

prison and today runs a cyber security firm. This research paper provides an insight into the

journey of Kevin Mitnick from a black hat cyber criminal to a white hat cyber security specialist.
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 6

The Hacker

“I went from being a kid who loved to perform magic tricks to becoming the world’s

most notorious hacker, feared by corporations and the government” – Kevin Mitnick. This single

line defines the whole life of Kevin Mitnick in a nutshell.

Early Life

Born on 6th August 1963 in Van Nuys, California, he grew up in Los Angeles and stayed

with his mother after his parents got divorced (Mitnick & Simon, 2011). He always was a loner

and would go about exploring the countryside by himself, usually taking the bus, which he later

rode for free. He used to be fascinated by watching his neighbor perform different sorts of magic

tricks and got hooked onto the idea of becoming a magician because of him.

Education

School: James Monroe High School

College: Pierce College, Los Angeles and University of Southern California

Hacking During 1960s, 70s

The first mention of the term hacking was in the same decade in which Kevin was born

i.e. the 1960s. Hacking was not what it is today, it was neither a crime nor remotely related to

anything unethical. It was just a bunch of coding lines developed by the genius minds at MIT for

getting the regular work done faster in the mainframe computers of those times ("The History of

Hacking", n.d.). The main motive for hacking was usually the curiosity related to the machines

and technology and tinkering with them in order to make them do something new or different

other than their intended tasks.

This curiosity angle slowly began to be replaced by the thrill of getting stuff for free as

the 70s emerged. This means that from innocent tweaks to technology, hacking was now shifting
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 7

towards illegal activities, or what is called “cybercrime”. A common target of hacks that time

was the long-distance calling system, where the hackers used to study the routing and working of

telephone networks and make free phone calls (known as phone phreaking). Other cybercrimes

which became popular during this time were dumpster diving and impersonation. A famous case

of dumpster diving occurred when Jerry Neal Schneider used this technique to get important

printouts from Pacific Telephone and Telegraph company (Bosworth, Kabay, & Whyne, 2014).

Although impersonation does not exactly fit into computer-related crimes, it was, and still is, a

very effective social engineering technique used to get unauthorized access anywhere.

Such was the scenario of hacking and cyber crimes when Kevin was growing up and

although not very high-level cybercrimes had been committed by then, it would not be very later

when an impulsive teenager by the name of Kevin Mitnick would go on to carry out some of the

biggest cyber crimes in the history of hacking.

Personality and Hacking

Personality of a person is a very important aspect in determining his/her inclination

towards criminal activities. Kevin also had some characteristic attributes which attracted him

towards hacking and eventually cybercrimes. According to (Mitnick & Simon, 2011), he

developed a fascination for magic at a very young age and observed that people liked to be

deceived. The thrill he got from doing free phone calls or riding the bus for free pushed him

further towards illegal and unethical hacking. Some traits which he and many other black hats

possess are compulsive and obsessive nature, general disregard for rules and regulations,

ingenious minds, thirst for knowledge, acting on impulse etc. All these inherent traits made

Kevin continue to break rules just for the thrill of hacking and paved way for him to be the

world’s most-wanted hacker.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 8

The Crime

Types of Crimes Committed

Kevin was never a technically genius programmer. Therefore, he almost always took

advantage of the human element to successfully hack into systems. His convincing powers and

presence of mind saw him through any kind of barrier which would present itself. Unsuspecting

and extremely helpful employees would thus reveal vital information to him without any

suspicious thought crossing their mind. This trick of getting information out of someone else is

today known as social engineering. It was Kevin who showed the world that a bunch of carefully

thought out words could help hack into any big organization, with minimal technical equipment

required. The art of social engineering is still widely practiced today by many hackers and

contributes to a major number of successful hacks.

Phone phreaking was one of the most favorite types of hacking for Kevin. He had deeply

studied all the aspects of the working of telephones, trunking etc. and spent hours in making free

phone calls, posing as telephone operator, getting phone number of anyone he liked, including

many celebrities (Mitnick & Simon, 2011). Other than phreaking, Kevin used techniques like

dumpster diving, tailgating and vishing to get access to different systems.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 9

List of Some Major Crimes Committed

 1980 - Hacking into the RSTS/E1 system “Ark” at Digital Equipment using just

social engineering. He had gained accessed to the login credentials of all the

developers.

 1981 - Stealing passwords and manuals containing COSMOS2 information from

Pacific Bell.

 1983 – Hacking into the computer system at University of Southern California

 1987 – Hacking into computers of Northern California company Santa Cruz

Operations (SCO) and tying to get the source code of their Unix-based operating

system.

 1988 – Hacking into the systems of Digital Equipment Corporation (DEC) and

copying the source code of their VMS operating system.

 1993 – Hacking into Sun Microsystems and copying a number of confidential files

and softwares.

 Trying to get a copy of Novell’s network operating system Netware.

 Social engineering his way into successfully obtaining the source code for Motorola

phone. ("Kevin Mitnick Case: 1999, n. d.)

1
RSTS/E
2
COSMOS
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 10

The Punishment

Arrests and Convictions

Kevin Mitnick was involved in various types of phreaking and hacking cases ever since

he was a teenager. So, it’s but obvious that he has had run-ins with law authorities on many

occasions. According to (Mitnick & Simon, 2011), the first one occurred when he was a student

at Monroe High School and had inserted a password stealing program in the lab computers of

Cal State campus at Northridge (CSUN). Although he was not arrested because of lack of

computer crime laws at that time, this was his first of many warnings from the authorities. His

hacking of the RSTS/E system of Bloodstock Research company finally brought the FBI on his

track for the first time. From here on, Mitnick had realized that he would be monitored by the

authorities, but he still continued his hacking pursuits and succeeded in evading law authorities

for some years.

His first arrest occurred in 1981 on the charges of stealing COSMOS manuals. Being a

juvenile and because of the fact that handling cyber crimes was still new to the law authorities,

he was sent to California Youth Authority (CYA) facility for ninety days. Following this he had

to attend court-mandated counselling sessions, the result of which was he being declared as

obsessed/addicted to hacking.

His final and widely publicized arrest occurred in 1995 when the FBI tracked him down

to Raleigh, North Carolina with the help of Tsutomu Shimomura, who had been on Kevin’s trail

following the hacking of his computer system by Kevin (Chuang, 2018). He was charged with

multiple accounts of phreaking, hacking, copying software and causing losses to big companies
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 11

like Sun Microsystems, Motorola, Nokia and many more. This was followed by a five-year term

in jail which finally ended in the year 2000.

As a Fugitive

Kevin was arrested in 1989 on the charges of computer hacking. Nearing the end of his

supervised release in 1992, he ran away with the plan to disappear and live with a new identity.

Henceforth began his life as a fugitive. With the knowledge he had acquired as a kid by reading

books about disguises and changing identities at the Survival Bookstore, he took on a new name

“Eric Weiss” after his idol escape artist Harry Houdini (Mitnick & Simon, 2011). He chose a

person by the same name to impersonate and gathered information about him using his ingenious

social engineering skills.

After moving into Denver, Kevin managed to acquire a job in the IT Department of an

international law firm Holme, Roberts and Owen. It was during this time that he hacked into the

systems of Sun Microsystems, Novell and Motorola. Successfully covering his tracks, it had

become almost impossible for the FBI to nab Kevin. Then one day in December 1994, Kevin

broke into the computer system of Tsutomu Shimomura, a cyber security expert, for stealing

code to hack into cellular phones ("Great Rivalries in Cybersecurity”, n.d.). Shimomura took

offence personally and got hooked onto finding the hacker. He finally traced Kevin to Raleigh,

North Carolina and it was from here that FBI finally arrested their long-time fugitive in 1995.
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 12

Applying Theory

Attraction towards Hacking

Kevin’s attraction to hacking started at a very early age. The various hacks which he

witnessed around him were the stepping stones towards his hacking record (Mitnick & Simon,

2011) -

 Magic - At the age of 10, he got intrigued by one of the foremost arts of deception –

magic. And when he witnessed the audience getting immense joy at being deceived, that

was one of the factors which he took advantage of in the course of his hacking attempts.

 Free calling - The next and most important factor which attracted him to hacking was the

concept of getting through phone calls for free. This was first introduced to him by a bus

conductor named Bob Arkow who demonstrated making of free phone calls using auto

patch service of ham radios.

 Free bus rides – The concept of getting free stuff greatly appealed to Kevin and this did

not stop at phone calls. At the mere age of 12, he succeeded in riding buses for free by

punching his own transfers using a combination of social engineering and dumpster

diving techniques. The pleasure he got from saving all the money for bus tickets took him

deeper into the hacker world.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 13

Motivation for Continuing Hacking

There were many instances and people who directly or indirectly acted as a source of

motivation for Kevin to further continue his antics (Mitnick & Simon, 2011) –

 The fact that he took free bus rides was known to his parents as well as some bus drivers.

But instead of stopping him, he was tagged as clever and his stunts were seen as just

laughable. Such a response from adults encouraged him to continue his illicit activities.

 While learning to read aloud the Torah scroll, Kevin realized that he had a quite a good

knack of mimicking accents and gestures of others, which later served as his go-to tool

when he social-engineered people into trusting him and telling confidential information.

 Once he saw his Uncle Mitchell talk his way into getting his work done at once at the

Department of Motor Vehicles (DMV). The ease with which his uncle was able to

convince the clerk to ignore the long line of people and attend to him first was an

inspiration to Kevin.

 The success of his small antics from free calling, bus rides, frequently using his teacher’s

passwords etc. motivated him for bigger and more serious cybercrimes. The

underdeveloped cyber laws of that time also contributed to him continuing to breaking

rules and regulations without any fear of getting caught.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 14

Impact on the World

Feared by U.S. Government

The hacking abilities of Kevin were never a question to anyone in the world, especially

the U.S. government. They had a complete, although little exaggerated faith in Kevin’s ability to

hack anything. That may be the reason that when in prison, initially he was not allowed to use a

phone because authorities feared that he might be able to hack simply using the phone.

According to (Affiliate, 2013), he was considered so dangerous that it was believed he could use

a phone to trigger a nuclear war. He was also banned from using any type of computer for eight

years, even after his release from prison.

The extent to which Kevin had intruded into big organizations exposed the various

security loopholes and propelled government as well as organizations to enforce a more secure

system. The difficulty in taking legal action against Kevin during his teenage years also lead to

reforms in the existing cyber/ IT laws of U.S. and it would not be wrong to say that in a way,

Kevin helped shape the reinforced laws that exist today.

Controversies

The biggest controversy in the life of Kevin Mitnick is the question that was he really the

dangerous hacker as claimed by the FBI or not. Protestors claimed that the government wanted to

make an example out of this case and hence the unreasonable charges were put up against him

(Kroll, 2000). Many communities believed that authoritarian tactics were being used and Kevin’s

crimes had been exaggerated beyond proportion. While Kevin claims that all his hacks were

solely for learning purpose, the victim corporations like Sun Microsystems, Motorola, Nokia etc.

along with the government alleged criminal motives. This controversy did raise an important
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 15

issue on defining the boundaries of hacking and cyber crime and how much freedom should be

allowed in the cyberspace.

Fan-following

The hacker community has always been an ardent supporter of Kevin and today not only

hackers but people from various age groups across the world respect his skills. His arrest in 1995

and the charges put up against him lead to one of the famous movements in cyber history – the

“FREE KEVIN” movement. This was the first time that Kevin’s supporters came forward to

protest against the seemingly outrageous charges and cruel persecution. The leading supporters

in this were 2600 community who first started this movement with yellow banners reading

“FREE KEVIN” in bold, black letters (Kroll, 2000). A number of fellow hackers also joined in

by hacking many websites to display the “FREE KEVIN” text. Steve Wozniac, Apple co-

founder and a friend of Kevin’s also endorsed this movement.

By reforming himself into a white hat hacker, Kevin has earned an even larger number of

fans and supporters today, with many cyber security professionals idolizing him and striving to

get a chance to interact and even work with him.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 16

Journey from Black Hat to White Hat

Kevin Mitnick today has come a long way from his illegal hacking career to be held as

one of the most distinguished personalities in cyber security. He took a life-changing decision

after the end of his five-year term of using his expert hacking skills for the betterment of

cyberspace and began his new journey as a white hat hacker. Since then he has played various

roles in contributing to cyber security through various awareness and training programs,

consultancy services, network security services and much more. Today he is the foremost

authority in social engineering tactics and how to be safe from them.

The Author

As the expert in social engineering, Kevin has shared his immense knowledge and

experience through a number of books all of which have been bestsellers ("The World's Most

Famous Hacker", n.d.)–

 The Art of Deception (2001) – Co-authored with William L. Simon, this book pits the

low technology aspect of hacking i.e. social engineering against high technology

security. It emphasizes on the importance of human factor in cyber security and that it

takes aware employees to prevent getting victimized to social engineering hacks.

 The Art of Intrusion (2005) - Co-authored with William L. Simon, this book consists

of several real-life stories of intrusions into computer systems and explains where the

victims of these intrusions went wrong. It gives an in-depth look into how actually

intruders succeed.

 Ghost in Wires: My Adventures as the World’s Most Wanted Hacker (2011) – It is

the story of the world’s most famous hacker in his own words. His autobiography
KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 17

explores his cyber adventures right from childhood to the most sought-after cyber

security specialist.

 The Art of Invisibility (2017) - Co-authored with Robert Vamosi, this book tells

today’s consumers how to maintain their privacy in this technology-driven world. It

explains how consumer data is used and gives instructions on how to remain

“invisible”.

The Consultant

Kevin was released from prison in the year 2000 and two months since his release, he

was invited to testify in front of Senate Committee on the topic of safety of government from

cyber-attacks (Mitnick & Simon, 2011). The speech he delivered impressed every member of the

audience and from that day onwards offers for public speaking, interviews, computer consulting

started pouring in. Today he is regarded as one of the topmost authorities in cyber security and

has addressed a wide range of audience in universities, organizations, online on topics regarding

hacking as well as cyber security.

Mitnick Security

Mitnick Security Consulting, started by Kevin to provide cyber security services, is today

one of the leading cyber security firms providing consultancy services to the FBI and Fortune

500 companies. The firm provides a wide range of services like vulnerability assessment,

penetration testing, digital forensics, product security testing, incident response etc. with a

network of white hat hackers which they call the “Global Ghost Team” ("The World's Most

Famous Hacker", n.d.). In addition to running Mitnick Security, Kevin is the Chief Hacking

Officer of cyber security awareness company KnowBe4, where he gives security awareness

trainings for phishing attacks.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 18

Conclusion

The whole life of Kevin Mitnick is a rollercoaster ride fit to be made into a movie. The

little kid who once wanted to be a great magician grew up to become the world’s most popular

and feared hacker, and then one of the best cyber security experts. If people witness those things

happening which they deem impossible, it is considered magic. In a way, Kevin fulfilled his

childhood desire by hacking and getting access to any system he liked – a feat which is

impossible for most people. In carrying out the some of the greatest hacks of all time, Kevin

showed little regard for all the laws he was breaking. It can be said that he was so obsessed with

learning new technology and hacking it that any other thing did not matter. Although he did hack

into some major companies, he never used the data for any criminal purpose. His sole motive

was learning by hacking. Even then, some of the offenses against him were falsely registered and

his controversial trial proved that.

The most commendable thing about Kevin is that he did not go back to illegal hacking

once he was out of prison. He chose to reform himself and use his extraordinary skills for

securing the cyberspace which he had invaded so many times. It is also noteworthy that the

government and law enforcement agency recognized his potential and gave him a chance to

transform his life from the “Darkside Hacker”, as he was once known, to the best cyber security

consulting specialist helping them against cyber criminals.

KEVIN MITNICK: FROM BLACK HAT TO WHITE HAT 19

Bibliography

Affiliate, S. U. (2013, April 11). Kevin Mitnick: The Hacking Hamburglar. Retrieved March 5,

2019, from https://www.forbes.com/sites/singularity/2013/04/11/kevin-mitnick-the-

hacking-hamburglar/#5137fda34ac9

Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer Security Handbook. Hoboken, NJ:

John Wiley & Sons.

Chuang, T. (2018, March 16). Kevin Mitnick was the FBI's most wanted hacker in the '90s. He

was hiding in plain sight in Denver. Retrieved February 25, 2019, from

https://www.denverpost.com/2018/03/16/kevin-mitnick-fbi-most-wanted-hacker-denver/

Great Rivalries in Cybersecurity: Tsutomu Shimomura vs. Kevin Mitnick. (n.d.). Retrieved

March 2, 2019, from https://www.cybersecuritymastersdegree.org/tsutomu-shimomura-

vs-kevin-mitnick/

Kevin Mitnick Case: 1999 - No Bail, No Computer, Hacker Pleads Guilty. (n.d.). Retrieved

February 27, 2019, from https://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html

Kroll, J. (2000, January 21). Free Kevin, Kevin Freed. Retrieved March 5, 2019, from

https://www.linuxjournal.com/article/5052

Mitnick, K. D. 1., & Simon, W. L. (2011). Ghost in the wires: My adventures as the world's most

wanted hacker. New York: Little, Brown.

The History of Hacking. (n.d.). Retrieved February 24, 2019, from

http://plaza.ufl.edu/ysmgator/projects/project2/history.html

The World's Most Famous Hacker. (n.d.). Retrieved March 7, 2019, from

https://mitnicksecurity.com/