Kevin Mitnick – Once the world’s most wanted hacker, now he’s getting paid to hack companies legally

Reading Time: 8 Minutes

Who is Kevin Mitnick?

Kevin Mitnick, once called the “Most-Wanted hacker”, is an American security researcher who was born in Los Angeles in 1963.

Early life

In 1975, as a 12 years old boy, Mitnick was already using the art of social engineering and dumpster diving to bypass the punch card system used in the Los Angeles bus system, for taking free rides with buses around L.A.

DEC hack

In 1979, at the aged of 16, he gained unauthorized access into Digital Equipment Corporation’s (DEC) computer network, and resulting to the leak of their software after a group of “fellow” hackers who were working for the L.A Unified School District dared him to hack the Ark, the computer system at DEC at that time.

They gave him a dial-up number to the DEC computer system, but without any username or password.

Mitnick at such a young age called the systems manager pretending to be Anton Chernoff, a lead developer of the system, and managed to convince the manager that he forgot his password and that he needed to reset it.

He logged in with the account of a system developer, meaning that he got all the privileges of a system developer and not an ordinary user.

To believe him, he gave the credentials of the privileged account to the so-called friends-hackers of his.

They downloaded the source-code of the DEC operating system and then called their security department and told them that someone hacked into their system, turning Mitnick in.

Early 80s first encounter with FBI

In the early 1980s, most security systems were simple and pretty vulnerable to the increasing volume of digital data.

Phreaking or Phone-Freak, a technique where Mitnick mastered through his youth years and described it as “Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees.”

Mitnick was making phone calls, impersonating a police officer and a company representative and managed to elicit the “Requester code “(a code that DMV workers used to confirm a trusted source ) by deceiving the DMV clerk and then to gain access to the system files of the California Department of Motor Vehicles – DMV.

Mitnick though, hacked an administrator account by using his friend’s father account and gained access to DMV systems, his friend Micah on the other hand, tried to do the same and he wasn’t as successful enough as Mitnick in covering his tracks and therefore the company noticed the breach and notified FBI.

Micah pointed the finger to Mitnick who later paid a visit by the FBI, Mitnick then, who wasn’t even 18 years old and computer hacking was not even regulated at that time resulted in nothing more than a warning from the authorities to the young Kevin. Mitnick was just encouraged by the latest incident and soon started exploring his curiosity again, he wanted to see how far he would go by just making a phone call or by accessing a machine.

This time Mitnick with the help of his friend, Lewis, socially engineered an attack through the phone to a US leasing giant company. He managed to deceive the company employee by pretending to be a technician who was calling to report a computer bug, then he got access to an admin account to “fix” the problem.

Lewis’s girlfriend though who broke up with him wanted vengeance. She was also a hacker and manage to gain control over the US leasing system herself by the data Lewis had laying around and gave Mitnick to the cops.

Mitnick was arrested and sentenced to stay in a juvenile detention center for 90 days because he was 17 at the time.

Mitnick graduated from a short computing program at school and then manage to get a job at GTE telephone company who he previously hacked but luckily he was never caught. His job was to identify areas of weaknesses of the company’s systems and improve their security. After only 9 days at the job he was fired because he had to have access to sensitive information about the company and his managers wanted to run a background check on him, he refused because it could lead to finding out that he was a convicted hacker.

Soon enough, Mitnick was caught red-handed when he hacked into Santa Cruz Operations (SCO). The company filed a lawsuit against him for a whopping 1.4 million dollars. The only reason they did that was that the company wanted to know how he hacked in their systems, so in exchange for his cooperation, they dropped their charges luckily for Mitnick.

Worlds most wanted hacker

Kevin Mitnick mugshot – FBI wanted post 

Knowing about the FBI surveillance

In 1989 Mitnick found him in jail again, after a “friend” of his told the police about his hacking activities.

Upon completing his sentence, he couldn’t resist getting back in the hacking game and at that time, Eric Heinz was gaining popularity as the new hacker in town and Mitnick wanted to find out more.

After several meetings with him, Mitnick was suspicious about Heinz who told him that he could listen to every phone call in California after having his hands-on access codes. Mitnick manages to listen to Heinz’s phone call conversations to find out that he was an FBI agent wanting to put Mitnick behind bars and get a search warrant for his house.

At 28, Mitnick began spying on the FBI, trying to outsmart them.

FBI agents were watching every move of Mitnick and they were ready to clinch every opportunity they had to get a search warrant or a piece of evidence. Mitnick was expecting a visit from them, so he cleaned up his apartment and to let them know that he was aware of what was going on he even put doughnuts in the fridge with a note “FBI doughnuts”. FBI didn’t manage to find anything to charge Mitnick but their investigation wasn’t over yet.

After the three years of probation ended, he could now travel. After FBI visit his mother after his probation ended he knew that to avoid going to prison he needed to move into a new town with a new identity.

He was able to move to Las Vegas, and by using his social engineering skills he managed to acquire a fake social security number and birth certificate under the name of Eric Weiss, the real name of his lifelong idol, Harry Houdini.

Mitnick was always sure to carry on him his money and ID at that time, this resulted in being robbed at the gym where a thief stole his 11000$ from his locker room.

After that Mitnick decided to find a real job, and move to Denver, Colorado. He got an interview at Holme, Roberts & Owen, a local law firm.
He did a brilliant interview but he was lacking references, so he invented a fake company, a fake phone number a P.O box, and put it in his resume.
He socially engineering his interviewers after making a call to them pretending to be his former employer where he gave himself a perfect recommendation landing him the job position.

Cell-phone technology was booming at that time, and Mitnick was eager to learn how the new devices by Nokia, NEC, and Motorola worked.

He hacked Nokia and Motorola and gained their source code. Hacking NEC though almost got him in trouble when the NEC systems administrator noticed some of the company’s source code was being transferred to an L.A server. While hacking NEC he intercepted the email where the administrator sent to the FBI, informing them about the leaked source code making him take precautions to avoid prison.

Getting fired from his job

In the mid-90s, a 30-year-old Mitnick was having a good time with his job at the law firm in Denver.
His bosses soon after find out that he was making social engineering calls during his lunch break, and then they proceeded to fire him because they were suspicious that he was using company resources to perform independent consultancy work.

He moves to Seattle, Washington, and changed his name to Brian Merrill.
He found a job in the tech industry but living the life of a fugitive can mess with your psyche, which is what happened to Mitnick.

He was convinced that he was followed by the authorities and that they know where he lives and that even his phone was tracked by them.

He eventually caught the attention of the Seattle authorities by his strategy of covering his tracks while making free phone calls and spoofing his phone number to look that he was calling from a different phone number.

FBI got involved then, a former friend of his, regarded as a hack buddy, was now working for the FBI and after Mitnick called him, the FBI learned that Brian Merrill was the infamous fugitive, Kevin Mitnick.

Mitnick knew that FBI was closing on him and decided to move to Raleigh, North Carolina.

Since Mitnick didn’t do code, he needed to find someone who did, and someone who had custom cellular phone software.
Mitnick after unsuccessful attempts to con code with others, he targeted Tsutomu Shimomura, a computer security expert who was at the time, working to a federally financed San Diego Supercomputer Center.

Mitnick eventually broke into the home computer of Tsutomu and he was able to track Mitnick down.

He (Tsutomu) determined that last week, Mitnick was operating through a modem connected to a cellular telephone somewhere near Raleigh, N.C. Tsutomu after series of hints he understood that Mitnick, was using a cellular telephone and a modem to conceal his location. He then flew to Raleigh and helped the telephone company, federal investigators to use cellular-frequency scanners to determine the apartment complex of Mitnick’s.

He also uses the help of John Markoff, a reporter of the New York Times, who in 1991 co-authored a book called: “Cyberpunks” ( describing hacking adventures of Mitnick along with two other hackers), and was no stranger to Mitnick. Markoff was a victim of Mitnick’s, who he previously hacked his email account.

Tsutomu then proceed with the help of John Markoff, to write a paper: “Takedown: The Pursuit and Capture of America’s Most Wanted Computer Outlaw” analyzing in technical details how he caught him.

On the 15th of February, 1995, and after being on the run for three years Mitnick finally got caught by the FBI.

Kevin charges filed against him in the courtroom in North Carolina. Mitnick was treaded as a supervillain by the prosecutors and they charged him 20 years in prison for every cloned cell phone call, with 23 illegal calls he was facing up to 460 years in prison.

The mobile-phone companies demanded 300$ million in damages from Mitnick, because of the source-codes hack and the 20000 credit card numbers he had in his possession. In reality, Mitnick never used any of the source codes or credit card numbers for personal gain/profit but only to feed his curiosity.
FBI wanted to set an example for the future hackers with the never-heard of charges, he even denied the right to check evidence or bail hearing.

The “Free Kevin” campaign was quickly created after hearing the prosecutors charges for Kevin., their followers even hosted a website for supporting him.

Free Kevin Movement

The “Free Kevin” movement made a huge difference for Mitnick and received a better plea agreement, resulting in a decrease in the number of damages that he should pay from 300$ million to $4125. His sentence was also reduced to 5 years in prison.

Free Kevin Movement

Mitnick released from prison

Kevin Mitnick after released from prison

On Jan. 21, 2000, Mitnick was released from the prison grounds of Lompoc, California. At the time he was not able to use a computer, cellular phone, and any medium for communication technology for another 3 years.

Kevin Mitnick posing with “Kevin” “Free” words after released from prison

Mitnick came out and criticized his prosecutors for misrepresentation of his image while stating that his case was only to feed his curiosity.

He made a series of interviews which he accused Markoff and others of portraying him as a monster, along with other comments he said:
“Markoff has single-handedly created ‘The Myth of Kevin Mitnick,’ which everyone is using to advance their agendas,” he was quoted as saying. “… If I was an unknown hacker accused of copying programs from cell phone companies, I wouldn’t be here. Markoff’s printing false and defamatory material about me on the front page of The New York Times had a substantial effect on my case and reputation.”
“Once I get out of here and get on with the rest of my life, I’ll never intentionally violate the law,”.

After he was released, Kevin Mitnick became famous and used his skills in a positive way

Kevin Mitnick today

Mitnick decided to change his life altogether after being released.

Us Senator Fred Thompson and Joseph Lieberman invited him by a letter to take part in a Senate hearing to protect the US government and their computer systems from cyber-attacks.

In his own words: “I never thought that would be, kind of, the jump-start to a career in security consulting but, naturally, I fell into it because the difference between black hat hacking and ethical hacking is simply authorization from the client. Plus, I never had the motivation to make money or to harm anybody.”

Mitnick saw that as an opportunity to offer his expertise for good.

After receiving a lot of similar requests, and since he couldn’t use a computer yet, he started earning money for helping others. He wanted to share his knowledge so he decided to become a writer and an information security consultant.

His first book, Art of Deception, become a best seller in the first months of its release in 2002.

Mitnick then, in 2003, he created his security consulting company, Mitnick Security, and started using his hacking skills for good, as a speaker or as a security consultant with his company.

In 2005 he release another book, “The Art of Intrusion” which was again, a bestseller.

As a writer and eager to share his knowledge, Mitnick went on and released another 2 books, one in 2011, “Ghost In The Wires: My Adventures as the World’s Most Wanted Hacker” which he co-authored with William L. Simon and another one in 2017, “The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data”, which is a form of a book-guide on online security and how to become “invisible” online, sharing also real-life examples.

In 2012, Mitnick joined the cybersecurity firm, KnowBe4 as its Chief Hacking Officer (CHO) and he used his expertise to help organizations identify, correct, and prevent network security vulnerabilities.

Today’s Mitnick is a highly paid and successful security consultant in Mitnick Security and consults with some of the world’s biggest companies including Microsoft, FedEx, Toshiba, CBS, IBM, and Lockheed Martin.
In his own words:
“My primary business is doing penetration testing,” he said. “We test the physical security, technical security, the people. We test their wireless networks, their VOIP phones. We test everything across the board to look for vulnerabilities so our clients can fix them.”

In one of his recent interviews, he said that he and his team of security experts-hackers have a 100% success rate on penetrating computer systems, “It’s just a fact” he says.

In many of his projects, Mitnick is asked not only to penetrate the company’s systems but also to social engineer and train their employees to such attacks, whereas a matter of fact, people are the “weakest” link in any company’s security.

When the aim is to breach a computer network, the best way to do that is to get someone inside a target company to open a computer file they shouldn’t. “If you’re going after a law firm, for example, you can usually get someone to click to open a PDF document in a heartbeat,” he said. That innocent-looking PDF might be loaded with malware that gives the attacker a foot in the door to the firm’s network.

Looking back, Mitnick could have been in jail for 20 years for hacking companies, and now he is doing it for fun and the big paychecks.

Without the prison, FBI involvement, “Free Kevin” movement, New York Times front covers, etc., there would be no legend. And without the legend, there would be no consulting fees, no books, no media coverage, and his life would have probably taken a different path, but now he’s enjoying it.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]