The Fugitive Game: Online With Kevin Mitnick (54 page)

Read The Fugitive Game: Online With Kevin Mitnick Online

Authors: Jonathan Littman

Tags: #Non-Fiction, #Biography, #History

BOOK: The Fugitive Game: Online With Kevin Mitnick
11.43Mb size Format: txt, pdf, ePub

The real story was that Internet providers, the new equivalent of
phone companies on the information superhighway, appeared naive
about how to investigate breakins while protecting the privacy of
their subscribers. After an FBI computer child-pornography investiga-
tion was made public in September of 1995, the Bureau revealed that it
had read thousands of e-mail correspondences, and invaded the pri-
vacy of potentially dozens of citizens in the course of its investigation.
Privacy activists complained that constitutional rights were being
bulldozed, but the FBI announced the public should expect more of the

same. "From our standpoint, this investigation embodies a vision of
the type of investigatory activity we may be drawn to in the future,"
said Timothy McNally, the special agent in charge.

The government seemed to be promoting a hacker dragnet to
make sure the Internet was crime free for the millions of dollars of
commerce on its way. Kent Walker, the Assistant U.S. Attorney who
left the Justice Department within weeks of Mitnick's arrest for a job
with a Pacific Telesis spin-off, was one of the many government offi-
cials who claimed the FBI couldn't crack high-tech cases without
people like Shimomura.

Perhaps prosecutions would increase if the FBI bolstered its force
with nonprofessionals. But where would that leave the law and the
Constitution?

■ ■ ■

A few days after Mitnick's arrest, Shimomura received another voice
mail threat that reportedly sounded much like the previous ones.
The cybersleuth chose not to post that message publicly to the Inter-
net. Kevin Mitnick couldn't have left it. Who did?

In August of 1995, I flew to a hacker conference in Las Vegas and
spent four hours talking with Mark Lottor, the cell phone hacker.
He told me that the week before Shimomura helped arrest Mitnick,
the cybersleuth saw "stuff on his screen that made him pretty cer-
tain" that the Christmas IP spoof attack was not executed by Mit-
nick, but by the "guy in Israel."

By this time, the statement didn't surprise me. Markoff himself
had told me that the evidence overwhelmingly pointed away from
Mitnick. Hackers who knew and talked to the Israeli were convinced
he wrote the spoof program and launched the attack. Would Shimo-
mura or Markoff ever admit this publicly?

I sent Shimomura a series of interview requests, and received a
phone call and a fax from an attorney. He told me Shimomura
would not agree to an interview, but later wrote that if I planned on
printing any "critical" remarks I should contact him and Shimomura
might respond. I sent four pages of detailed questions to Shimomura.

Five weeks later, John Markoff sent me two copies of what he
called their joint response, a letter bearing no signature or letterhead
but with a San Francisco postmark, and an e-mail sent from Markoff's
New York Times
account. The letter denied that "Tsutomu"
had baited Mitnick, and insisted that Markoff had never assisted or
participated in any aspect of the Kevin Mitnick investigation.

There were no comments on the Israeli and a number of other
critical subjects, and only a handful of denials to the several dozen
questions I had posed. The coauthors stated that if I included mate-
rial on what they described as "Tsutomu's cellular telephone soft-
ware development work," journalistic ethics would require me to
include the following: "Tsutomu, unlike Mitnick, in all of his com-
puter security research over a fifteen year period, has always, when-
ever he has found a vulnerability, made it known to the appropriate
people, whether CERT, or a private company at risk, or the United
States Congress." The letter is included at the back of the book.

And what of Lewis De Payne, Mitnick's old pal? In September of
1995 he was still managing the computers of a wholesaler. The gov-
ernment had given little indication that it seriously considered pursu-
ing De Payne, but Mitnick's old prankster buddy still seemed to hold
out hope. He sent me a fax that looked like a
Wheel of Fortune board. When he later provided the missing letters over the phone his
question read: "any indication of him [Mitnick] cooperating to

THE POINT OF INCRIMINATING OTHER INDIVIDUALS?"

■ ■ ■

When Kevin Mitnick was arrested there were two heroes, Tsutomu
Shimomura, the honorable samurai, and the chronicler of Mitnick's
deeds, John Markoff. Shimomura was technically superior to Kevin
Mitnick, but this wasn't merely a question of computer expertise. It
was a contest between two sets of values. In the end, the game was
just as Shimomura said it would be, "a matter of honor."

Tsutomu Shimomura and Kevin Mitnick will be judged by their
actions and their motives. They both hacked and they both had an
apparent disdain for the law. We can guess why Kevin Mitnick
hacked. He had a troubled childhood, a mean streak, and an obses-
sion with the technology that society embraces. Money or crime
never seemed to be the driving forces behind Kevin Mitnick. But
Tsutomu Shimomura's underlying motives remain unexplained. We
know he worked for the Air Force and the NSA. Could this have

been another undercover assignment for U.S. intelligence? Or was it
just a hacker's vendetta, a simple case of revenge?

By late October 1995, the ultimate punishment for Mitnick's al-
leged crimes had yet to be determined. Would the Justice Depart-
ment succeed in convicting Kevin Mitnick of massive computer
fraud, or would the failure in Raleigh be repeated? Would the gov-
ernment be forced to plea-bargain a slap on the wrist of the world's
most dangerous cybercriminal?

In one of Mitnick's last letters from jail, he wrote me something
I'll never forget. It was a typical Mitnick remark: wry, humorous,
and flippant.

"Tsutomu thinks he's got his man. No cigar!"

Epilogue to the
Paperback Edition

In the aftermath of Kevin's cap-
ture, attention turned to the
hacker's pursuer, Tsutomu Shimomura.
Newsweek, The New
Yorker,
and other national publications criticized the cybersleuth,
questioning whether he was really the white knight in this supposed
tale of good and evil. But surprisingly, the most damning revelations
came from Shimomura himself. In his January 1996 book, he wrote
that in December a year before, Mitnick and "possibly some of his
cronies" had broken into his computers and stolen software he'd
written, "which if abused, could wreak havoc on the Internet com-
munity." It was surprising enough that Shimomura acknowledged
that he had written the dangerous program. But why would the
highly skilled security expert have left it vulnerable on the Internet
for hackers to copy?

Security experts spoke of the basic methods Shimomura could
have easily employed to prevent the attack. Any of a handful of
readily available products and techniques would have made the at-
tack impossible. Some postulated that Shimomura may have baited
the hackers. But as criticism of the security expert escalated, it be-
came increasingly clear that Shimomura held himself accountable to

a different standard. He kept repeating mantras such as "tools are
tools" and seemed to see himself as the digital equivalent of the in-
ventor of the A-bomb. He knew his "tools" could be used for good
as well as evil and couldn't understand what all the fuss was about.

In his defense, there was no evidence his software had caused ma-
jor breakins or disruptions on the Internet. Nevertheless, Shim-
omura defended his actions in a question-and-answer session on his
publisher's World Wide Web site, with self-serving answers to care-
fully prepared questions such as "Tsutomu, people have said you
should be criticized for not maintaining better security on your own
system." Remarkably, Shimomura revealed on the Web that he had
no proof that Mitnick had broken into his San Diego computers. His
only evidence was that Mitnick appeared to have copies of stolen
software half a day after it was taken, but many other hackers also
had copies. Shimomura acknowledged that "Mitnick probably did
not write the program that was used to break into my computer"
and hypothesized, "Instead, he probably used a program written by
another, more skilled programmer, who has not yet been appre-
hended."

Shimomura's retreat raised new questions. If he had no proof Mit-
nick had broken in and thought that he didn't even write the "bril-
liant" attack program, why did Shimomura think Mitnick had
"probably" used someone else's program? What proof did he have
that his fixation with Mitnick was not a case of mistaken identity?
Even the supposed Mitnick "Kung Fu" voice mail threats to Shim-
omura that had infused the story with a sense of danger no longer
seemed to be solidly grounded in fact. After some digging, I deter-
mined that the calls had not been made by Mitnick; another infa-
mous phone phreak had left the messages as a racist, tasteless bad
joke. When the messages had been publicized by the
New York
Times,
and mistakenly interpreted as part of the attack on Shim-
omura, the phreak rode out the prank and left a tantalizing final
message after Mitnick's capture, proving that it couldn't have been
Mitnick. So there it was. If Mitnick was not the mastermind, not the
designer of the brilliant attack, not even the rogue behind the death
threats, it was hard not to find Shimomura's snap accusations trou-
bling: for if Mitnick did not hack Shimomura, or leave the taunting

messages, it's worth asking whether Shimomura had tracked and
captured the wrong man.

What some found surprising was how Shimomura boasted about his
own character faults in his book. He admitted that he had persuaded
Markoff to mislead the Bureau and pretend he was on Shimomura's
team. Then, when an FBI agent caught wind of their ruse, Shim-
omura arrogantly suggested the agent trick his superiors into think-
ing Shimomura had been up-front about the deception, what he
called "plausible deniability." The FBI agent angrily informed Shim-
omura that he had "lied" and "endangered the operation."

And Shimomura had crossed other lines. Markoff later argued that
because Mitnick wasn't paying for his phone calls, he couldn't complain
about Shimomura intercepting his conversations in Raleigh. But what
about the other person on the line, Emmanuel Goldstein? He did not
appear to have broken any law. Though without a court order from a
federal judge the FBI couldn't reveal his name or the fact that the conver-
sation took place, Shimomura published Goldstein's name and parts of
his intercepted conversation with Mitnick.

After Mitnick's capture, Shimomura included potential evidence in
the federal investigation on his Web page. Characterized by the FBI as
an independent consultant to the Well and Netcom, Shimomura
could only have legally wiretapped on the Internet as an "agent of a
provider of wire or electronic communication service." That may
have given Shimomura the right to snoop for the Well or Netcom; it
didn't give him the right to publicize transcripts of wiretapes. At least
one Internet provider, aware of the criminal penalties for unlawful
disclosure of intercepted communications, demanded that he remove
the disclosed wiretaps from his Web page.

By the summer of 1996, Shimomura had disappeared from the radar
screen, his meteoric rise to fame matched only by the swiftness of his
decline. Miramax abandoned its attempt to make a feature film on the cy-
bersleuth, and
Wired
magazine, which just a few months before had fea-
tured Shimomura's exploits on its cover, downgraded the man the
New
York Times
had only recently dubbed a hero to its list of the "Tired 100."

In June of 1996, sixteen months after his capture, Kevin Mitnick
considered crying uncle. David Schindler, the lead Assistant U.S.
Attorney in the case, had told him he could spend forty years in
prison if he went to trial and lost. Schindler's calculation was based
on a kind of double jeopardy and the hypothesis that Mitnick was
responsible for $80 million in losses, a fantastically exaggerated
sum. He told the hacker he could face a nationwide revolving door
of trials, asserting that he had no control over the other authorities
that might want to try him in San Diego, San Francisco, Seattle,
Dallas, and North Carolina. In addition to those threats, Mitnick
had another problem. John Yzurdiaga, his attorney, had taken his
case on a pro bono basis, and was losing time and money on the
defense. He advised Mitnick to accept the government's proposed
guilty plea — an eight-year sentence, with the potential of future
prosecution for other crimes. Even if Yzurdiaga had the time to go
through a protracted trial, he wasn't convinced he could beat the
deal.

But at a scheduled status hearing on June 17, 1996, attorney
Richard Sherman stunned Schindler with the news that he was replac-
ing John Yzurdiaga as Mitnick's new counsel. Mitnick wanted to
exercise his constitutional right to a trial, and Sherman was the
toughest attorney he could find. Sherman had publicly reprimanded
Schindler for the crimes committed by Justin Petersen while he was an
FBI informant and also sued the government on De Payne's behalf to
get back belongings confiscated in a 1992. search. There was no love
lost between the two men. Schindler had not appreciated Sherman's
letter to Janet Reno on De Payne's behalf describing his Petersen
undercover operation as "illegal and contrary to Bureau policy." And
Sherman, a former Assistant U.S. Attorney himself, had not enjoyed
being investigated as an alleged murderer by FBI agent Stan Ornellas,
who sometimes worked with Schindler. The allegation was subse-
quently dropped.

Other books

ARIA by Geoff Nelder
Midnight Train to Paris by Juliette Sobanet
Immortal by J.R. Ward
Legacy (Alliance Book 3) by Inna Hardison
Midsummer Murder by Shelley Freydont