Mitnick wasn’t particularly cunning, he was persistent. The hardest part, really, was keeping the whole effort going. We had quite a group – four or five good people – and we had to keep our momentum.
I didn’t really see anything very clever. He tampered with the GTE phone switch, but that wasn’t very clever. Tracing the cellular transmission was trivial – it was a straight shot. Kevin wasn’t good – he was just very persistent and notorious. But I think he was better at manipulating people than computers.
You know, I feel sorry for him. But he’s caused a lot of people a lot of grief, and his behavior is clearly unacceptable. I don’t know what’s wrong with him, but he keeps getting in trouble. Throwing him in prison isn’t a very elegant solution, but I don’t have a better idea.
I’m pretty surprised at how much attention has been paid. We were just doing our thing. Kevin was a pain. But there are two lessons here. The first is that we won’t put up with this. Just because someone can do it doesn’t mean we have to let them do it. The second lesson is that we clearly need to do work in strengthening security protocols.
The problem is not Kevin; the problem is the fact that these things are not secure. As we have more information of commericial value on the Internet, we’ll see more of this kind of thing. Above all, we need strong cryptography. But I don’t think the technology will ever be good enough to prevent these things. There are always humans in the loop, always room for error.
Encryption. Strong cryptographic techniques. Not the mickey-mouse stuff. We need to get them deployed.
I don’t know. We didn’t know we had Kevin until we caught him – he didn’t even admit he was Mitnick until the day after the capture. But clearly, we take these things very seriously. What I would really like to do is teach these guys some manners.
