Taking advantage of the spot that I have in Una a día, I am going to interview great hackers that I have met throughout my life. It is about getting to know them a little better, and letting you learn something of what they are like deeply. Since it could not have turned out any other way, I wanted to start with Kevin Mitnick, probably the most famous hacker in history.
Okay, before reading the interview, you should know that Kevin Mitnick and I are very good friends. We have given talks together, we meet in any corner of the world where we coincide, like Chile, Las Vegas, San Diego or Madrid. And we share PoCs, Hacks, tools and investigations, so don’t take the first answer into account.
Also, Kevin is a funny guy, first and foremost. He likes hacking, new tricks, laughs, jokes, he is always cheerful, and when you give him a “new toy” his eyes shine. You can see the evil smile thinking about the next one he is going to mess.
We have shared many talks over a soda, eating a hamburger, or a coffee by video conference, we have gone to ride jet skis at Hoover Dam, dined with Steve Wozniak together, and done some evil to each other. And choosing him first is not just because he is Kevin Mitnick “the man”, but because he is Kevin, the kid who loves hacking and fun things
1.- Kevin is the World’s most famous hacker on Earth, but who hacker do you admire the most?
Chema Alonso, of course!!! I love your presentations because you have a fantastic sense of humor and always make me laugh. It’s been a pleasure to be your friend for so many years and meeting up at security conferences around the world.
2.- In your shows, you demo a lot of hacking tricks, bugs, and exploits, but… what is the hacking technique, vuln, or exploit you love the most of all that you have known in your career?
There are so many that are my favorite. One that stands out is from years ago, I was able to hack into an audience member’s voicemail via BTN (billing telephone number) spoofing and change their outgoing greeting using my voice!
*Note: Kevin refers to OpenBTS attacks using 2G network spoofing that allows man-in-the-middle. More details on Hacking Comunicaciones Móviles.
3.- Today, hackers and hacking are part of the tech industry, but years ago, when you started to “play this game”, everything was different. Did you imagine at that time that you would become a so admired person?
No, I never thought the security industry would be critically important to businesses as it is today. I started hacking/phone phreaking in 1978 when I had 110 baud modems in high school. Our industry has grown exponentially since the ’70s (wow, I am old). I love hacking and security. To me, it’s like solving a puzzle. I get so focused on pen-testing and red teaming that it’s almost like playing a game than working.
No, I had no idea that I would become so popular. I think my case brought a lot of attention back in the 90s’. The US Government made all these ridiculous claims like I could whistle into a phone and start World War III. The media characterized me like Carlos the Jackal, but the tech people knew it was bullshit.
I was made the example by the US Government based on the “Myth of Kevin Mitnick”, which actually increased my popularity in the tech community.
4.- And now AI, DeepFakes, Metaverse, Connected Human, biohackers, and a bunch of new extraordinary advances, are you envisioning new hacking tricks on this day-by-day closer to Matrix or Ready Player One World?
I would love to get a copy of the software that Adobe developed for deep fake voice technology. Imagine receiving a call from your boss to install a new software tool on your computer. But in reality, it’s me calling you!
5.- You never let the stage and tech to be a business executive. Can you see your life without hacking stuff?
I found my passion when I was a teenager – hacking. It would be difficult to change after all these years. And to clarify, not hacking to cause harm but to solve the puzzle of bypassing security controls for the challenge and adventure.
That’s precisely why I own and operate a penetration testing company – Mitnick Security Consulting. I still get to hack, albeit with the authorization of my clients. If this existed two decades ago, I probably would have never ended up in trouble in my youth.
6.- Do you think that people and governments better understand what a hacker is, or are we still far from being understood by society?
I think the media defines what a hacker is – and they get it wrong most of the time. They equate the term hacker to a criminal. It’s an incorrect characterization to group all hackers into one stereotype, such as malicious criminals. Of course, this is shallow thinking because many journalists don’t dig into the facts, but simply repeat what someone else has written.
7.- You are always doing things, and I would like to know what you are working on right now.
I am working on answering these questions right now
All kidding aside, I’m the Chief Hacker Officer of KnowBe4, the number one security awareness training company in the world. We offer many services like security awareness training, simulated phishing, and other products that help businesses – small and large – mitigate the risk of social engineering.
I’m a public speaker. Unfortunately, because we are still in this global pandemic, all my performances of late have been virtual. I miss the days of keynoting in person and having the opportunity to meet people in the audience. And finally, I manage Mitnick Security, wherein we offer offensive security testing services. If you’re interested in learning more, please visit my website www.mitnicksecurity.com
8.- This interview will be published in the first daily newsletter of hacking in Spanish. I started my career in hacking reading it. What do you tell young people to do if they want to be a new Kevin Mitnick?
Don’t follow in my footsteps because I went down the wrong path and took the hard road. Today the world has changed. There are many legitimate paths to learning about information security and becoming an ethical hacker. I recommend becoming fluent with system, network, and database administration. Understanding web application development is also important. It will help you understand how networks, databases, and web applications are designed from the ground up. This will help you think like a hacker when testing networks for security vulnerabilities.