fisher@edwards-vax.af.mil (01/26/91)
*** EXTRA DISCLAIMER - THIS ARE MY OPINIONS, NOT MY EMPLOYERS *** In article <1991Jan25.123903.1@rogue.llnl.gov>, oberman@rogue.llnl.gov writes: > DECUS registered him and he was attending sessions the first day when he was > intoduced to a DEC developer who was aware of the history. This person reported > it to his boss. It escalated to a DEC official (I don't know who) talking to > Bill Brindly and "requesting" that this person's registration be revoked. His > badge was pulled and an executive board meeting was called to discuss what to > do while the person cooled his heels at the Hilton. > I would like to give some personal history on this subject. I have met the individual on a few occasions, and have at least as frequently been on the receiving end of his attacks during his younger days. After several rounds of his being caught, being arreigned / tried / convicted, etc, it became obvious, at least in the past, that the person exhibited amoral tendancies. The following is from a fairly comprehensive news article published by the Los Angeles Times December 16, 1988 (reproduced w/o permission): Ex-Computer "Whiz Kid" Held on New Fraud Counts By Kim Murphy, Times Staff Writer Kevin Mitnick was 17 when he first cracked Pacific Bell's computer system, secretly channeling his computer through a pay phone in a San Fernando Valley parking lot to alter telephone bills, penetrate other computers, and steal $200,000 worth of data from a San Francisco corporation. A Juvenile Court judge at the time sentenced Mitnick to six months in a youth facility, and he was released on probation after serving his sentence. Suddenly, his probation officer found that her phone had been disconnected and the phone company had no record of it. A judges credit record at TRW Inc. was inexplicably altered. Police computer files on the case were accressed from outside. A new warrant for Mitnick's arrest was issued, accusing him of breaking into TRW's computer, but he fled to Isreal. Upon his return, there were new charges filed in Santa Cruz, accusing Mitnick of stealing software under development by Microport Systems, and federal prosecuters have a judgment showing Mitnick was convicted on the charge. There is, however, no record of the conviction in Santa Cruz's computer files. On Thursday, Mitick, now 25, was charged in two new crimpinal complaints accusing him of causing $4 million damage to a Digital Equipment Corp. computer, stealing a highly secret computer security system and gaining access to unauthorized MCI long-distance codes through university computers in Los Angeles and England. U.S. Magistrate Venetta Tassopulos took the unusual step of ordering the young Panorama City computer whiz held without bail, ruling that when armed with a keyboard he posed a danger to the community. "This thing is so massive, we're just running around trying to figure out what he did," said Assistant U.S. Atty. Leon Weidman, who is prosecuting the case. "This person, we believe, is very, very dangerous, and he needs to be detained and kept away from a computer." Investigators from the FBI, the Los Angeles County district attorney's office and the Los Angelese Police Department say they are only now beginning to put together a picture of Mitnick and his alleged high-tech escapades. "He's several levels above what you would characterize as a computer hacker." said Detective James K. Black, head of the Police Department's computer crime unit. "He started out with a real driving curiosity for computers that went beyond personal computers . . . He grew with the technology." Mitnick's lawyer, Anthony J. Patti, said he would have no comment on the case pending Mitnick's arraignment on two counts of computer fraud. The case is believed to be the first in the nation under a federal law that makes it a crime to gain access to an interstate computer network for criminal purposes. He faces a maximum of 20 years in prison and a $500,000 fine. Federal prosecuters also obtained a court order Thursday restricting Mitnick's telephone calls from jail, fearing he might gain access to a computer over the phone lines. At Mitnick's request, Tassopulos authorized him to telephone his lawyer, his wife, his mother and his grandmother under jail officials supervision. Los Angeles police are trying to determine what other damage Mitnick may have done with his computer terminal, Black said. [End of Los Angeles Times article, dated Friday, December 16, 1988] The basic problem with Kevin (in the past) has been an inability to keep straight. Whether it be boredom, or what ever else, he would always get back into trouble. I know of some other incidents involving some PDP-11 based systems in the past that both he and some others were probably involved with, as well as one or two incidents involving Decsystem-20's. The real question is that whether since this last incident Kevin has truly repented. I can see where the DECUS board may have had a "knee jerk" reaction, but looking at it rationally I feel Ray Kaplin's arguments do apply. To wit: 1) He did legitamitely register to the symposium. 2) He did not attempt to break any of the Decus rules. 3) He was willing to provide case / background information to the security community at large in the forum of the DECUS sessions. While Kevin is on probation, we really cannot assume guilt before any crime or rule infraction has even been committed! However, having seen Kevin go back to the "bad old days" on more than one occasion in his past, I can empathize with the Decus directors viewpoint. > As last I heard the executive committee was still meeting and I have not heard > any final words on their resolution or any grounds for such. If anyone has, > please post here or to comp.org.decus. > We shall see what the finding is. As I said, it is a difficult issue to tackle, and if we are to start limiting memberships to Decus when we have not in the past, it can quickly become easy to rationalize other reasons for denying membership. One question (I guess Ray Kaplin could answer this one), did Kevin's probation officer know he was attending this symposium? While I don't know the particulars of his probation, I suspect he may have to report such activities. -- --------------------------------------------------------------------------- Lawrence Fisher Internet: fisher@edwards-vax.af.mil Digital Equipment Corporation ^ Principal Software Specialist Currently working here | (Edwards AFB, CA) Specializing in Realtime Disclaimer: I don't speak for Digital or the U. S. Air Force --------------------------------------------------------------------------- P.S. Whether or no Kevin has truly repented, I would not personally show him anything that could lead to a system penetration. This doesn't mean I would not acknowledge him as a human being however.