I was pretty much the government's poster boy for what I had done.
We have problems with our physical security, operational security through to management.
Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.
My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.
Some people think technology has the answers.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
I'm an expert witness in a case that's in appeal about a guy who allegedly misappropriated source code from a major, major company - he actually worked there and then apparently they found it on his laptop later.
So what you have to do is think about authenticating credit card transactions more than thinking about obfuscating the credit card number.
My message today is primary the same... I usually go around speaking on the threat of the human element, particularly on social engineering.
Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.
It's still basically just solving a puzzle, ... Years ago, with poor judgment, I was intrigued to break through security on computer systems. Now I do it with the client's permission, for socially acceptable reasons.
Then again, my case was all about the misappropriation of source code because I wanted to become the best hacker in the world and I enjoyed beating the security mechanisms.
As a young boy, I was taught in high school that hacking was cool.
I made stupid decisions as a kid, or as a young adult, but I'm trying to be now, I'm trying to take this lemon and make lemonade.
But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.
So the ethic I was taught in school resulted in the path I chose in my life following school.
It was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was - and is - respected and admired by others possessing similar technical skills.
At the time the books were released, I was in custody, so I had higher priorities - dealing with my criminal case - than dealing with litigation. There's a lot of information out there that is inaccurate.
All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.
I can't really stereotype the whole industry, but they'll be proactive about anti-virus software because they've already seen the effects.
I basically look at it as... if the guy hacked into Citibank and stole millions of dollars, would I hire him to secure my bank Maybe not.
Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain the people who use, administer and operate computer systems,
Should we fear hackers? Intention is at the heart of this discussion.
Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive.
That's not a badge of honor I enjoy, ... I never had malicious intent. I was never trying to hurt anyone or damage anything.
Steve Wozniak and Steve Jobs founded Apple Inc, which set the computing world on its ear with the Macintosh in 1984.
Of course I'm sure half the people there hate me and half the people like me.
So what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock.
I believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.
The hacker mindset doesn't actually see what happens on the other side, to the victim.
Not only are all of his skills ... oriented toward computers, but even if he were to not want to work in the computer field, it's very hard to get a job of any kind that does not require you to work with computers.
More Kevin Mitnick Quotations (Based on Topics)
People - Security - Youth - Computers & Technology - Business & Commerce - Education - Management - Engineering - Books - Mastery & Expertise - Judgment - Honor - Discussion - Time - Law & Regulation - Intention - World - Cats - Reasoning - View All Kevin Mitnick Quotations
Paris Hilton - Michael Schumacher - Linda Tripp - Jerry Springer - Jean Alesi - Giacomo Casanova - Eva Braun - David Copperfield - Cat Deeley - Ayrton Senna