Kevin Mitnick was a very dear friend of mine, even though I played a part in putting him in federal prison for five years. I also helped get him out. It's a long story.

He passed away in July of 2023, and I have a ton of stories to tell about him.

Back in the 80s, Kevin was trying very hard to hack into Novell's network. I was a network administrator. Of course, we had no idea it was Kevin, but things were happening that made it fairly obvious we had a persistent threat. Phones ringing sequentially throughout the building (war dialing) and all sorts of other signs... we knew something was up.

Late one night at home, I got a phone call from a Novell employee named Gabe Nault. The "employee" wanted direct inbound dial access. Since I was responsible for the entire network's inbound connectivity, I knew this type of request was abnormal and against policy. I had a secure dial-back system for modems where you couldn't make a connection unless you were calling from a known phone number. Not only that, any access required approval by a manager, and this guy had a story about working on a top-secret project called Snowbird (real) and needing to make some emergency code changes, but he was on vacation in Vail at a hotel. He needed the coveted, policy-breaking, direct inbound modem access. Right. He even mentioned his vacation in Vail, which conveniently matched the greeting on Gabe Nault's voicemail. But it all felt wrong.

With a feeling of suspicion creeping in, I played it cool. I said, "Hey man, I'd love to help you out, but I can't do what you want from here at home anyway, so I'll have to do it in the morning as soon as I get to the office. But in case I forget, please leave me a voicemail." He agreed, and that was that.

When I got to work, the voicemail was there, and I immediately recorded it onto a cassette recorder for safekeeping. That recording became the primary evidence in Kevin's case. It took some time to actually catch Kevin, though. There's a whole other story about how Tsutomo Shimomura apprehended him in Raleigh, North Carolina.

When he was caught, I found out that my voicemail was the only real evidence, and I would be the primary witness in this high-profile trial. So, I worked very closely with the prosecutors, including Christopher Painter and Ken McGuire, for five years. Eventually, I became fed up with the delays and concerned that Kevin hadn't even been given a chance to argue for bail or access evidence. I questioned the long delays. I said, "There are people who believe you are violating his civil right to due process." The prosecutor's response sent chills down my spine. As a strong believer in the rule of law, I couldn't accept his words. Here was a top prosecutor at the DOJ basically telling me, "They say we are violating his rights, but we are sending a message to other would-be hackers."

Think about that.

Our right to due process is the foundation of a just society. This was unacceptable. If this was acceptable, it meant they could put anyone in prison just to intimidate people.

The conversation turned into a heated debate about my idealistic beliefs, and I ended up parting ways with the DOJ. I immediately tried to contact Kevin's lawyers, but since all they knew was that I was the star witness on the opposing side, they weren't interested in talking. I finally left a convincing voicemail, which resulted in a call with both of his lawyers and Kevin himself the very next day. Keep in mind, up until that phone call, Kevin and I were adversaries. Up until then, I had done everything possible to ensure a conviction.

Soon after, Kevin was released from prison with a plea deal. While he did bring a lot of this on himself, that doesn't justify the government acting like an oppressive regime.

A short time later, I got a sincere apology from Kevin. We decided to meet face-to-face. Of all places, it ended up being at RSA in San Francisco, and a reporter named Eleanor Abrue was there. She wrote an article about our meeting, and it went kind of viral. The only thing I disliked about the article was the misleading headline, "Mitnick Meets His Pigeon." If you know anything about the case, that's the exact opposite of what happened.

The truth is, I was the only person in the entire case who managed to trick him into leaving a crucial piece of evidence: the voice print from the voicemail. It ended up being the only direct evidence linking the 'crimes' to Kevin. Everything else was circumstantial. You can't cross-examine a keystroke.

Anyway, we hit it off when we met. Somehow, we became great friends in the process, and I have had a wonderful time watching him develop into a real man. I am truly sad he is gone as he was a big part of my life for the last quarter century.

I have to say, I loved this man like a brother and I will miss him more than I can say. I have promised to make sure his soon-to-be-born son is trained in the ways of the Jedi, Amateur Radio, and maybe a bit about staying out of prison. RIP Kev.

Kevin literally breaking into my laptop with a zero-day

September 2023

The Federal Indictment

The Free Kevin Movement

When We Met at RSA

Here is the story published in Wired about when Kevin and I met face-to-face for the first time. There's some significant factual errors in there, but that's the news for you. It was the beginning of a great friendship. Kevin came to see me present on his favorite topic, Social Engineering. Afterwards, he said he liked my slide deck so much that he wanted permission to use parts of it. To be honest, I didn't even think twice before I said yes. Kevin went on to be a captivating and sought-after speaker.

Many years later, we were at RSA again, and I insisted on taking Kevin and his wonderful wife Kimberley to Alcatraz. He was such a great sport about it.