Kevin David Mitnick
August 6, 1963 – July 16, 2023
Kevin Mitnick was a very dear friend of mine, even though I played a part in putting him in federal prison for five years. I also helped get him out. It's a long story.
He passed away in July of 2023, and I have a ton of stories to tell about him.
Back in the 80s, Kevin was trying very hard to hack into Novell's network. I was a network administrator. Of course, we had no idea it was Kevin, but things were happening that made it fairly obvious we had a persistent threat. Phones ringing sequentially throughout the building (war dialing) and all sorts of other signs... we knew something was up.
Late one night at home, I got a phone call from a Novell employee named Gabe Nault. The "employee" wanted direct inbound dial access. Since I was responsible for the entire network's inbound connectivity, I knew this type of request was abnormal and against policy. I had a secure dial-back system for modems where you couldn't make a connection unless you were calling from a known phone number. Not only that, any access required approval by a manager, and this guy had a story about working on a top-secret project called Snowbird (real) and needing to make some emergency code changes, but he was on vacation in Vail at a hotel. He needed the coveted, policy-breaking, direct inbound modem access. Right. He even mentioned his vacation in Vail, which conveniently matched the greeting on Gabe Nault's voicemail. But it all felt wrong.
With a feeling of suspicion creeping in, I played it cool. I said, "Hey man, I'd love to help you out, but I need a favor. I can't do what you want from here at home anyway, so I'll have to do it in the morning as soon as I get to the office. But in case I forget, please leave me a voicemail." He agreed, and that was that.
When I got to work, the voicemail was there, and I immediately recorded it onto a cassette recorder for safekeeping. That recording became the primary evidence in Kevin's case. It took some time to actually catch Kevin, though. There's a whole other story about how Tsutomo Shimomura apprehended him in Raleigh, North Carolina.
When he was caught, I found out that my voicemail was the only real evidence, and I would be the primary witness in this high-profile trial. So, I worked very closely with the prosecutors, including Christopher Painter and Ken McGuire, for five years. Eventually, I became fed up with the delays and concerned that Kevin hadn't even been given a chance to argue for bail or access evidence. I questioned the long delays. I said, "There are people who believe you are violating his civil right to due process." The prosecutor's response sent chills down my spine. As a strong believer in the rule of law, I couldn't accept his words. Here was a top prosecutor at the DOJ basically telling me, "They say we are violating his rights, but we are sending a message to other would-be hackers."
Think about that.
Our right to due process is the foundation of a just society. This was unacceptable. If this was acceptable, it meant they could put anyone in prison just to intimidate people.
The conversation turned into a heated debate about my idealistic beliefs, and I ended up parting ways with the DOJ. I immediately tried to contact Kevin's lawyers, but since all they knew was that I was the star witness on the opposing side, they weren't interested in talking. I finally left a convincing voicemail, which resulted in a call with both of his lawyers and Kevin himself the very next day. Keep in mind, up until that phone call, Kevin and I were adversaries. Up until then, I had done everything possible to ensure a conviction.
Soon after, Kevin was released from prison with a plea deal. While he did bring a lot of this on himself, that doesn't justify the government acting like an oppressive regime.
A short time later, I got a sincere apology from Kevin. We decided to meet face-to-face. Of all places, it ended up being at RSA in San Francisco, and a reporter named Eleanor Abrue was there. She wrote an article about our meeting, and it went kind of viral. The only thing I disliked about the article was the misleading headline, "Mitnick Meets His Pigeon." If you know anything about the case, that's the exact opposite of what happened.
The truth is, I was the only person in the entire case who managed to trick him into leaving a crucial piece of evidence: the voice print from the voicemail. It ended up being the only direct evidence linking the 'crimes' to Kevin. Everything else was circumstantial. You can't cross-examine a keystroke.
Anyway, we hit it off when we met. Somehow, we became great friends in the process, and I have had a wonderful time watching him develop into a real man. I am truly sad he is gone as he was a big part of my life for the last quarter century.
I have to say, I loved this man like a brother and I will miss him more than I can say. I have promised to make sure his soon-to-be-born son is trained in the ways of the Jedi, Amateur Radio, and maybe a bit about staying out of prison. RIP Kev.
Shawn
Sept 2023
The Federal indictment.
When we met at RSA
Here is the story published in Wired about when Kevin and I met face-to-face for the first time. There's some significant factual errors in there, but that's the news for you. It was the beginning of a great friendship. Kevin came to see me present on his favorite topic, Social Engineering. Afterwards, he said he liked my slide deck so much that he wanted permission to use parts of it. To be honest, I didn't even think twice before I said yes. Kevin went on to be a captivating and sought-after speaker.
Many years later, we were at RSA again, and I insisted on taking Kevin and his wonderful wife Kimberley to Alcatraz. He was such a great sport about it.
Kevin introduced me to Woz, who became a very good friend.
Kevin's business card
This card was Kevin's trademark. They actually are quite useful.
Kevin's book, Ghost in the Wires, is a classic. It is full of facts and no embellishment. It's a seriously good read even though I'm in it. Even the phone numbers in it are real. I'll never forget the phone number I gave to Kevin when he 'hacked' into Novell. It was a number I had reserved with AT&T for something special, and I had never used it for anything until the day I told him it was out direct inbound dial number for the modems. 1-800-37-TCP/IP. You see, at Novell, we had not fully embraced TCP/IP yet, and it kind of irked me. So, I decided to burn it on this hacker fishing exercise by assigning it to the hacker and only the hacker.
What I had hoped was he would use it once, allowing me to know exactly what number he called it from. 800 numbers are cool that way. But, since he had access to the AT&T internal phone system, he simply looked up what DiD number that 800 number switches to and he never used the 800 number. Not gonna lie, though... while I was watching for that 800 number to be used, Kevin got in on the DiD line and that caught me off-guard.
Freedom Downtime is the best documentary about Kevin. The movie "Takedown" is complete BS.
Watch this one after Freedom Downtime, really good.
Kevin passed away in July of 2023. I had spent a lot of time with him during his battle with cancer. Whether it was during chemo downtime in Malibu or across the country for his surgeries, he always remained upbeat and positive. I feel lucky and privileged to have spent so much time with my friend during that difficult 14 month battle. His wife, Kimberley, was so amazing throughout and there was a period of time when the doctors we saying he had a miraculous outcome. Sadly, this did not last long. Kimberley and Kevin were blessed with a pregnancy before he passed, and now we have beautiful baby Morty, who is the perfect image of Kevin, right down to his social engineering skills, and general ability to melt hearts.
It makes me so happy to hold this baby! Morty is going to be a force to be reckoned with. He's already the best social engineer I've ever met.
