Transatlantic Cable: The prince of hackers goes free

On the 21 January, a 36-year-old man was released from Lompoc prison in California after spending just under five years behind bars. After chatting to well-wishers, he was driven away by his family. Nothing unusual there, you might think. Except when you hear the name of the newly released prisoner: Kevin Mitnick.

If you've missed it, Mitnick is a hacker who became notorious after he managed to hack several high-profile companies, including Motorola, Netcom and Novell. The New York Times described him as "the prince of hackers", and the "most-wanted Cyberthief". He was eventually tracked down by the FBI and a security expert named Tsutomu Shimomura. Shimomura later wrote a book (with New York Times journalist, John Markoff) called 'Takedown', a book that made him a rich man - especially when he sold the film rights to Miramax.

The film was made, but it is still in post production and may never be released. After Mitnick was caught, the companies he hacked claimed that he had done millions of dollars of damage - one estimate claimed a total of over $300 million.

All of this would seem to show that Mitnick was some sort of genius who could hack his way into anything. However, that's somewhat far from the truth. In fact, he was really just a competent hacker with persistence and an ability to say the right things.

Take, for instance, an incident where he managed to obtain the source code for one of Motorola's cellular phones. You might assume that he hacked his way into its network, trashing firewalls and laughing contemptuously as he reformatted disks and made servers explode left, right and centre.

But that's not how it happened: he claims he rang up Motorola on the way home from work and asked the company to email him the code. In a recent interview on US TV, he explained how he did it: "I call up the 800 number for Motorola , and I ask for cellular engineering. I ask them who works on the Motorola Microtac projects. They tell me it's Pam Dilling's group, but Pam is out on vacation. Would I like to speak to Alisha instead? So I say sure, and when Alisha gets on the phone I say that Pam asked me to call her and said you could help me. I'm looking for the source code to the Ultralite [cellular phone]. To cut a long story short, by the time I get to my front door, she's already emailed me the source code." Motorola itself hasn't commented on this, but this sort of technique (called social engineering) is commonly used by hackers.

This underlines one of the major points about the case: the companies Mitnick hacked claimed that he cost them millions of dollars of damage, but there is no proof that Mitnick ever sold or distributed the data he collated. Again in his own words: "I saw myself as an electronic joyrider... I felt like I was James Bond behind the computer. It was all like a big game to me."

When asked why he hacked his way into Novell's corporate network, he claimed: "I just wanted to get access to their network because it was a huge company... because I was an explorer... There was no end. It was a hobby in itself..."

Of course, there is no doubt that what Mitnick did was wrong and that he knew it was wrong. He hacked his way into places that he wasn't allowed access to and he did break into accounts that he had no right to go anywhere near. He forced companies to take new precautions and reconfigure their networks.

But the scary thing is that none of the hacking techniques he used were new or unique: techniques like IP spoofing had been known about for some time. He simply wasn't the über-hacker that he was claimed to be. In fact, the hype about him built up to such ridiculous heights that he wasn't allowed access to a computer to review some of the nine gigabytes of evidence against him while he was in prison. What did they expect him to do: start World War III with a laptop with no modem?

In fact, it says something that the multimillion dollar claims of the companies he hacked ended up as somewhat less: an investigation by the prosecution was only able to prove damages of $1.5 million and his final plea agreement only forced him to pay $4,125. To be fair, this was partly due to the fact that his future earning potential is approximately zero because he's not allowed to use computers, any form of wireless communication or the Internet.

He'll be lucky to get a job at McDonalds, because he might not be able to use the computerised tills...