Skip to Content

The Talented Mr. Mitnick

A notorious hacker turns security guru.

From hijacked PCs that spew spam to denial-of-service attacks that crash Web servers, cyber-crime means billions of dollars a year in lost revenues and productivity. And no computer user is safe. “It’s not if,” says Kevin Mitnick, “it’s when are you going to get hacked.”

Mitnick should know. The former hacker perpetrated a series of high-profile corporate break-ins in the 1990s – and served five years in federal prison for it. Once the FBI’s most-wanted cyber-criminal, Mitnick is now one of the world’s most sought-after tech security consultants. “A few years back, companies spent more on coffee than on security,” he says. Now, they make security their top priority, hiring Mitnick to break into their systems, expose their weaknesses, and teach them how to protect themselves.

Hacking has been Mitnick’s priority ever since his teenage years in southern California. First telephone networks, then the Pentagon – then Nokia, Novell, and seemingly every other big company. Today’s laws on cyber-crime were practically invented because of Mitnick. His pranks earned him the respect of hackers as well as numerous arrests, culminating in his five-year prison stint. Mitnick spent eight months of that time in solitary confinement, he says, because the judge was told that Mitnick could start a nuclear war by calling up NORAD on a payphone and whistling modem tones into the receiver. His radio was seized for fear that he would turn it into a cell phone. Even using an electric typewriter in the prison library got him handcuffed and whisked away. “These guys were watching too much MacGyver,” he quips.

That was the turning point in his career. Since his release from prison in 2000, Mitnick has chosen to use his considerable skills to improve network security. Now 41 and sporting a decidedly buttoned-down look, Mitnick has made a guest appearance on the TV show Alias and earned honorable mentions in many other media outlets. Though he is often recognized as “that hacker guy” in airports and hotels, he says he registers under a fake name only at hacker conventions. But he doesn’t give out his private e-mail address or his city of residence; one can’t be too careful.

Indeed, the current pace of cyber-crime amazes even Mitnick. Last fall, he and Avantgarde, a tech marketing and design firm in San Francisco, hooked up six  computer platforms to the Internet via broadband DSL and recorded the cyber-attacks that occurred over a two-week period. It took less than four minutes for an automated attack to successfully break through the security defenses of one newly connected PC; most machines without an active firewall (a filter that screens suspicious code) faced more than 300 attacks per hour, while those with firewall protection faced fewer than four per hour. But  firewalls don’t protect against “social engineering,” a fancy term for conning users out of such sensitive information as passwords and PINs. The  idea that humans are the weak link in any security system was famously exploited by Mitnick in his glory days; he comes across as personable and authoritative, so it’s easy to see why people would give him information.

Mitnick’s case highlights a point that’s increasingly critical as more and more sensitive information and money change hands over the Internet: in his words, “Hacking is a skill set – how you use it is up to your ethics and morals.” And the arms race between malicious hackers and security experts will only escalate. “Computer systems are complex,” Mitnick says. “There will always be ways to break in.” Which means that no matter which side he is on – let’s hope it’s ours – Mitnick will always be in demand.

Keep Reading

Most Popular

Geoffrey Hinton tells us why he’s now scared of the tech he helped build

“I have suddenly switched my views on whether these things are going to be more intelligent than us.”

Meet the people who use Notion to plan their whole lives

The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.

Learning to code isn’t enough

Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.

Deep learning pioneer Geoffrey Hinton has quit Google

Hinton will be speaking at EmTech Digital on Wednesday.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.