The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

Kevin D. Mitnick

William L. Simon THE ART OF INTRUSION The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers THE ART OF INTRUSION The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers

Kevin D. Mitnick

William L. Simon Vice President & Executive Group Publisher: Richard Swadley Vice President and Executive Publisher: Bob Ipsen Vice President and Publisher: Joseph B. Wikert Executive Acquisitions Editor: Carol Long Development Editors: Emilie Herman, Kevin Shafer Editorial Manager: Kathryn Malm Bourgoine Senior Production Editor: Angela Smith Project Coordinator: April Farling Copy Editor: Joanne Slike Interior Design: Kathie S. Rickard Text Design & Composition: Wiley Composition Services

Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright � 2005 by Kevin D. Mitnick and William L. Simon Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, e-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war- ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommen- dations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between then this work was written and when it is read. For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data: Mitnick, Kevin D. (Kevin David), 1963-

The art of intrusion : the real stories behind the exploits of hackers, intruders, and deceivers / Kevin D. Mitnick, William L. Simon.

p. cm.

Includes index.

ISBN 0-7645-6959-7 (cloth)

1. Computer security. 2. Computer hackers. I. Simon, William L., 1930- II. Title.

QA76.9.A25M587 2005

005.8--dc22

2004025697 For Shelly Jaffe, Reba Vartanian, Chickie Leventhal,

Mitchell Mitnick

For Darci and Briannah

And for the late Alan Mitnick, Adam Mitnick,

Sydney Kramer, Jack Biello.

For Arynne, Victoria, Sheldon, and David, and for Vincent and

Elena

Chapter 2 When Terrorists Come Calling . . . . . . . . . . . . . . . . . . . . . . .23

Chapter 3 The Texas Prison Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Chapter 4 Cops and Robbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Chapter 5 The Robin Hood Hacker . . . . . . . . . . . . . . . . . . . . . . . . . .91

Chapter 6 The Wisdom and Folly of Penetration Testing . . . . . . . . . . .115

Chapter 7 Of Course Your Bank Is Secure -- Right? . . . . . . . . . . . . . .139

Chapter 8 Your Intellectual Property Isn't Safe . . . . . . . . . . . . . . . . . .153

Chapter 9 On the Continent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Chapter 10 Social Engineers -- How They Work

and How to Stop Them . . . . . . . . . . . . . . . . . . . . . . . . . . .221

Chapter 11 Short Takes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261 Preface

Hackers play one-up among themselves. Clearly one of the prizes would be bragging rights from hacking into my security company's Web site or my personal system.

Another would be that they had made up a story of a hack and planted it on me and my co-author Bill Simon so convincingly that we were taken in, believed it as true, and included it in this book.

That has presented a fascinating challenge, a game of wits that the two of us have played time after time as we did the interviews for the book. For most reporters and authors, establishing authenticity is a fairly rou- tine matter: Is this really the person he or she claims to be? Is this person or was this person really working for the organization he or she claims? Did this person have the position he or she says? Does this person have documentation to back up the story, and can I verify that the documents are valid? Are there reputable people who will support the story or parts of it?

With hackers, checking the bona fides is tricky. Most of the people whose stories appear in this book, other than a few who have already been to prison, would face felony charges if their true identities could be determined. So, asking for real names, or expecting to be offered as proof, is an iffy proposition.

These people have only come forward with their stories because they trust me. They know I've done time myself, and they are willing to rely on my not betraying them in a way that could put them in that position. Yet, despite the risks, many did offer tangible proof of their hacks.

Even so, it's possible -- in fact, it's likely -- that some people exagger- ated their stories with details intended to make them more compelling, or spun a story that was a total fabrication, but constructed around enough workable exploits to give them the ring of truth.

Because of that risk, we have been diligent in holding to a high stan- dard of reliability. Through all the interviews, I have challenged every technical detail, asking for in-depth explanations of anything that didn't

ix x The Art of Intrusion

sound quite right, and sometimes following up later to see if the story was still the same or if he or she told it differently the second time around. Or, if this person "couldn't remember" when asked about some hard-to-accomplish step omitted from the story. Or, if this person just didn't seem to know enough to do what he or she claimed or couldn't explain how he or she got from point A to point B.

Except where specifically noted, every one of the main stories in this book has passed my "smell test." My co-author and I agreed on the believability of every person whose story we have included. Nevertheless, details have often been changed to protect the hacker and the victim. In several of the stories, the identities of companies are disguised. I modi- fied the names, industries, and locations of targeted organizations. In some cases, there is misleading information to protect the identity of the victim or to prevent a duplication of the crime. However, the basic vul- nerabilities and nature of the incidents are accurate.

At the same time, because software developers and hardware manufac- turers are continually fixing security vulnerabilities through patches and new product versions, few of the exploits described in these pages still work as described here. This might lead the overconfident reader to decide that he or she need not be concerned, that, with vulnerabilities attended to and corrected, the reader and his or her company have noth- ing to be worried about. But the lesson of these stories, whether they happened six months ago or six years ago, is that hackers are finding new vulnerabilities every day. Read the book not to learn specific vulnerabili- ties in specific products, but to change your attitudes and gain a new resolve.

And read the book, too, to be entertained, awed, amazed at the con- tinually surprising exploits of these wickedly clever hackers.

Some are shocking, some are eye-opening, some will make you laugh at the inspired nerve of the hacker. If you're an IT or security profes- sional, every story has lessons for you on making your organization more secure. If you're a non-technical person who enjoys stories of crime, dar- ing, risk-taking, and just plain guts, you'll find all that here.

Every one of these adventures involved the danger of a knock at the door, where a posse of cops, FBI agents, and Secret Service types would be waiting with handcuffs ready. And, in a number of the cases, that's exactly what happened.

For the rest, the possibility still remains. No wonder most of these hackers have never been willing to tell their stories before. Most of these adventures you will read here are being published for the very first time. Acknowledgments

By Kevin Mitnick This book is dedicated to my wonderful family, close friends, and, most of all, the people that made this book possible -- the black-hat and white-hat hackers who contributed their stories for our education and entertainment.

The Art of Intrusion was even more challenging to write than our last book. Instead of using our combined creative talent to develop stories and anecdotes to illustrate the dangers of social engineering and what businesses can do to mitigate it, both Bill Simon and I relied heavily on interviewing former hackers, phone phreaks, and hackers turned security professionals. We wanted to write a book that would be both a crime thriller and an eye-opening guide to helping businesses protect their valuable information and computing resources. We strongly believe that by disclosing the common methodologies and techniques used by hack- ers to break into systems and networks, we can influence the community at large to adequately address these risks and threats posed by savvy adversaries.

I have had the extraordinary fortune of being teamed up with best- selling author Bill Simon, and we worked diligently together on this new book. Bill's notable skills as a writer include his magical ability to take information provided by our contributors and write it in such a style and manner that anyone's grandmother could understand it. More impor- tantly, Bill has become more than just a business partner in writing, but a loyal friend who has been there for me during this whole development process. Although we had some moments of frustration and differences of opinion during the development phase, we always work it out to our mutual satisfaction. In a little over two years, I'll finally be able to write and publish the The Untold Story of Kevin Mitnick, after certain govern- ment restrictions expire. Hopefully, Bill and I will collaborate on this project as well.

xi xii The Art of Intrusion

Bill's wonderful wife, Arynne Simon, also has a warm place in my heart. I appreciate her love, kindness, and generosity that she has shown me in the last three years. My only disappointing experience is not being able to enjoy her great cooking. Now that the book is finally finished, maybe I can convince her to cook a celebration dinner!

Having been so focused on The Art of Intrusion, I haven't been able to spend much quality time with family and close friends. I became some- what of a workaholic, similar to the days where I'd spend countless hours behind the keyboard exploring the dark corners of cyberspace.

I want to thank my loving girlfriend, Darci Wood, and her game-loving daughter Briannah for being supportive and patient during this time- consuming project. Thank you, baby, for all your love, dedication, and support that you and Briannah have provided me while working on this and other challenging projects.

This book would not have been possible without the love and support of my family. My mother, Shelly Jaffe, and my grandmother, Reba Vartanian, have given me unconditional love and support throughout my life. I am so fortunate to have been raised by such a loving and dedicated mother, who I also consider my best friend. My grandmother has been like a second mom to me, providing me with the same nurturing and love that usually only a mother can give. She has been extremely helpful in handling some of my business affairs, which at times interfered with her schedule. In every instance, she made my business a top priority, even when it was inconvenient to do so. Thank you, Gram, for helping me get the job done whenever I needed you. As caring and compassionate peo- ple, they've taught me the principles of caring about others and lending a helping hand to the less fortunate. And so, by imitating the pattern of giving and caring, I, in a sense, follow the paths of their lives. I hope they'll forgive me for putting them on the back burner during the process of writing this book, passing up chances to see them with the excuse of work and deadlines to meet. This book would not have been possible without their continued love and support that I'll forever hold close to my heart.

How I wish my Dad, Alan Mitnick, and my brother, Adam Mitnick, would have lived long enough to break open a bottle of champagne with me on the day our second book first appears in a bookstore. As a sales- man and business owner, my father taught me many of the finer things that I will never forget.

My mother's late boyfriend, Steven Knittle, has been a father figure to me for the past 12 years. I took great comfort knowing that you were always there to take care of my mom when I could not. Your passing has Acknowledgments xiii

had a profound impact on our family and we miss your humor, laughter, and the love you brought to our family. RIP.

My aunt Chickie Leventhal will always have a special place in my heart. Over the last couple years, our family ties have been strengthened, and our communication has been wonderful. Whenever I need advice or a place to stay, she is always there offering her love and support. During my intense devotion to writing this book, I sacrificed many opportunities to join her, my cousin, Mitch Leventhal, and her boyfriend, Dr. Robert Berkowitz, for our family get-togethers.

My friend Jack Biello was a loving and caring person who spoke out against the extraordinary mistreatment I endured at the hands of jour- nalists and government prosecutors. He was a key voice in the Free Kevin movement and a writer who had an extraordinary talent for writing com- pelling articles exposing the information that the government didn't want you to know. Jack was always there to fearlessly speak out on my behalf and to work together with me preparing speeches and articles, and, at one point, represented me as a media liaison. While finishing up the manuscript for The Art of Deception (Wiley Publishing, Inc., 2002), Jack's passing left me feeling a great sense of loss and sadness. Although it's been two years, Jack is always in my thoughts.

One of my closest friends, Caroline Bergeron, has been very support- ive of my endeavor to succeed on this book project. She is a lovely and brilliant soon-to-be lawyer living in the Great White North. Having met her during one of my speaking engagements in Victoria, we hit it off right away. She lent her expertise to proofreading, editing, and correct- ing the two-day social engineering seminar that Alex Kasper and I devel- oped. Thank you, Caroline, for being there for me.

My colleague Alex Kasper is not only my best friend but also my col- league; we are currently working on delivering one-day and two-day sem- inars on how businesses can recognize and defend against social engineering attacks. Together we hosted a popular Internet talk radio show known as "The Darkside of the Internet" on KFI radio in Los Angeles. You have been a great friend and confidant. Thank you for your invaluable assistance and advice. Your influence has always been positive and helpful with a kindness and generosity that often extended far beyond the norm.

Paul Dryman has been a family friend for many, many years. Paul was my late father's best friend. After my dad's passing, Paul has been a father figure, always willing to help and talk with me about anything on my mind. Thank you, Paul, for your loyal and devoted friendship to my father and I for so many years. xiv The Art of Intrusion

Amy Gray has managed my speaking career for the last three years. Not only do I admire and adore her personality, but I value how she treats other people with such respect and courtesy. Your support and dedication to professionalism has contributed to my success as a public speaker and trainer. Thank you so much for your continued friendship and your commitment to excellence.

Attorney Gregory Vinson was on my defense team during my years- long battle with the government. I'm sure he can relate to Bill's under- standing and patience for my perfectionism; he has had the same experience working with me on legal briefs he has written on my behalf. Gregory is now my business attorney diligently working with me on new contracts and negotiating business deals. Thank you for your wonderful support and diligent work, especially when needed on short notice.

Eric Corley (aka Emmanuel Goldstein) has been an active supporter and close friend for over a decade. He has always looked out for my best interest and has publicly defended me when I was demonized by Miramax Films and certain other journalists. Eric has been extremely instrumental in getting the word out during the government's prosecu- tion of me. Your kindness, generosity, and friendship mean more to me than words can express. Thank you for being a loyal and trusted friend.