Recently a friend of mine, Vicki Davis, received a pre-publication copy of the new book by Kevin Mitnick the famous cracker. Vicki wrote here review of the book at Ghost in the Wires: Kevin Mitnick’s memoir. She found the book disturbing. BTW I refuse to call him a hacker because that is in many ways a term of respect. I don’t have any respect for the things Mitnick did to gain access to computers. What he did was to lie often and effectively to gain access to computers that did not belong to him. He’s a great liar – not something that engenders respect in my opinion. Most of what you hear and read about Mitnick comes from his own words. Someone who is both a convicted and admitted liar. There is a word for people who believe Mitnick and it is not a compliment. What you seldom hear are the stories of people whose computers he broke into. Well that changes now.
Are crackers harmless? Not really. I was a software developer some years ago working on a system called The Ark that was broken into. Unfortunately it was accessed during a time when the disk that held the source code for the operating system we were working on had read/write access. Now the hacker claimed that they didn’t change anything. So harmless right? Someone lies repeatedly to gain access to a computer. Time after time they tell falsehood after falsehood and now, after they are caught we should believe what they say? Does that sound as foolish to you as it does to me? Fans of Mitnick and others like him find that reasonable. On the other hand for the development team I was on this seemed a bit risky. After all this system would be used by hundreds of thousands of people, perhaps millions of people, all over the world. Major banks would be trusting it to be secure and safe. So we should just trust a serious liar that he left things alone? That was something that seemed unreasonable to us. So what did we do?
For a month approximately 70 people scoured the source code line by line. It was compared to developer notes, personal backups, old listings, read line by line and verified by every means we could think of. Seventy man months shot. The release of the software was delayed meaning lost opportunity costs. The lost productivity was measured, conservatively at hundreds of thousands of dollars. That is real harm. But there is more.
Have you ever had your home or car broken into? Know any one who has? It takes an emotional toll. It makes one feel violated. Having your development computer broken into leaves one much the same way. Thirty years later it still upsets me to remember that feeling of violation. People who break into other people’s computers are violating people’s personal spaces. They are taking an emotional toll beyond and different from ay financial toll. How would you feel finding out that someone your didn’t know was looking all through your personal files and projects? And then there are the people who were tricked, people who just wanted to be helpful and fell for the lies of someone out to prove how smart they are. How must those people feel knowing that they inadvertently let the wolf into the henhouse? Reportedly Mitnick names those people in his book. How can anyone see that as anything but twisting the knife that these people have been living with in their backs for years. “Changed people” don’t do that so if you think Mitnick is somehow changed for the better clearly you don’t base that on his book.
I know that a lot of people respect Mitnick – I don’t understand them but perhaps it is because they don’t really understand what Mitnick and others like him did. And what they continue to do today.