Kevin Mitnick’s knack for social engineering and unflappable curiosity had him hacking major telecom companies and tech industry giants when he was just a teenager.
That trajectory led him to become one of the most wanted hackers in history, culminating in a 2.5-year FBI manhunt across the US — and a litany of unbelievably simple yet sophisticated hacks.
But Kevin Mitnick isn’t the cybersecurity monster he once was. His fascinating journey has ultimately brought him to the other side: a white-hat hacker who uses his skills for the greater good.
Kevin Mitnick at a Glance
- Los Angeles-born Kevin Mitnick got involved with the phone phreaking scene in high school, manipulating phone systems to make free calls, pull pranks and cause other telephonic mayhem.
- In a series of adolescent heists, Mitnick hacked into the systems of companies like Digital Equipment Corporation and Pacific Bell, even gaining unauthorized access to ARPAnet.
- After several minor brushes with the law, Mitnick was sentenced to a year in jail for hacking DEC once again in 1987.
- As his probation was about to end, Mitnick got caught hacking Pacific Bell yet again in 1992 and spent the next two and a half years on the run from the FBI.
- During his time as a fugitive, Mitnick spied on FBI agents’ cell phones, stole information from the DMV to make fake IDs, and used hundreds of cloned phones to avoid detection.
- In 1995, Mitnick was arrested in North Carolina and spent the next five years in prison for his crimes.
- After being released in 2000, Mitnick began working as a cybersecurity consultant and speaker, helping his clients avoid being hacked by people like his past self.
The Life of Kevin Mitnick
Kevin Mitnick’s Early Life
Born in Los Angeles, California, in 1963, Kevin Mitnick’s childhood was one of independence — and loneliness.
His parents divorced when he was three, and his mother worked long, erratic hours as a waitress to support him. This meant that he spent much of his time alone, practicing magic tricks and exploring the city of L.A. by foot and by bus.
It was the latter that, in a roundabout way, served as a springboard for his later interest in hacking.
At age 12, Mitnick boarded a bus and realized that the driver used a special hole puncher to mark his ticket. This intrigued him: if he could obtain one of those hole punchers, he could punch his own tickets and ride the bus anywhere in the city for free.
Mitnick told the bus driver that he was working on a school project that required him to punch unique holes in a piece of cardboard, then asked where he could buy one of the special hole punchers. The driver told him, and after buying one and finding a book of blank transfer tickets in the trash, Mitnick was free to ride wherever and whenever he wanted.
In high school, Mitnick became interested in ham radio and made friends with a couple of other students with similar interests. One of them had another fascinating hobby: phone phreaking, an early type of hacking that allowed the “phreaker” to make free phone calls, access unlisted numbers, and even modify phone company databases.
Stay One Step Ahead of Cyber Threats
Mitnick studied the way his friends made pretext calls to phone companies, faking their way into gaining access to the phone systems. It was like magic, and before long, he was conducting his own phreaking operations, sweet-talking telecom employees into granting him privileged systems access, and becoming an all-around tech expert.
At the time, phone systems were transitioning from analog to digital, so Mitnick began learning computer hacking to support his phreaking antics. Most of these were relatively benign, juvenile pranks befitting his 16-year-old self: relabeling a friend’s home phone as a pay phone so the system would demand he insert a dime or assuming the role of operator and fielding directory assistance requests.
But his mischief would soon cross a line from irreverent to truly illicit.
From the Ark to the ARPAnet
In 1979, when Mitnick was 16, he befriended a group of hackers who dared him to hack into the Ark, the system used by Digital Equipment Corporation for developing the RSTS/E operating system.
The hack almost went off without a hitch, but Mitnick was betrayed by a member of the hacking group, who turned him in after obtaining all the desired source code. But Mitnick’s young age worked in his favor, and he faced no consequences — except the feeling of betrayal by someone he considered a friend.
Two years later, Mitnick and two friends attacked a new target: Pacific Bell’s COSMOS center, home to phone system mainframes and used by phone companies around the nation for record keeping.
However, one of his coconspirators’ girlfriends ratted the group out to the police, and Mitnick was arrested. As he was still a minor, he was sentenced to three months in juvenile detention and a year of supervised release.
The arrest didn’t faze Mitnick: as soon as he was free, he resumed his hacking adventures, often taking advantage of the computer equipment available at the nearby University of Southern California.
This led to his next arrest in 1983, when he was caught trying to hack into a Pentagon computer using USC’s ARPAnet access. After serving six months behind bars for this crime, he decided to turn over a new leaf and put his hacking days behind him — or, at least, to try.
Mitnick Faces the Feds
Through 1987, Mitnick kept a relatively low profile: he began taking classes at a vocational school, got a girlfriend, and moved in with her. But that year, he was caught hacking into the systems of Santa Cruz Operation, a software company, and was sentenced to 36 months of probation.
As long as he wasn’t in jail, Mitnick was determined to keep hacking. His next target was one he was familiar with from his adolescence: Digital Equipment Corporation, which was developing an OS called VMS that Mitnick was dying to get his hands on.
This time, the DEC infiltration was all-remote, and Mitnick made sure to cover his tracks multiple times over. He used several computer terminals to conduct the hacks and used his phreaking skills to break into the telecom systems, reroute the switches and divert his modem calls to become untraceable.
It would have been a successful heist were it not for the human element.
Mitnick’s friend, Lenny DiCocco, had helped him with the hack, but Mitnick wasn’t very appreciative of his efforts. Quite the contrary: Mitnick had started making harassing phone calls to DiCocco’s employer, pretending to be the IRS and saying that DiCocco was wanted for tax crimes.
DiCocco, who had used his employer’s computers to help Mitnick hack DEC, grew sick of the harassment and confessed the scheme to his employer. The employer then notified DEC and the FBI, and Mitnick was arrested for federal computer fraud in 1988.
At his trial, Mitnick said that his actions were the result of a “computer addiction” and entered a plea bargain: he would spend one year in prison, six months in a halfway house for his addiction, and three years under probation.
Mitnick on the Lam
In 1992, towards the end of his probation term, the FBI received word that Pacific Bell had been hacked again. Someone at the Teltec Detective Agency, a private investigation firm in California, had been illegally accessing the company’s databases.
And the agency’s most recent hire was Kevin Mitnick.
It was clear that Mitnick hadn’t changed his ways at all. But when the FBI arrived at his apartment to arrest him for violating his probation, he was nowhere to be found.
Mitnick spent the next two and a half years on the run, using his hacking skills to cover his tracks, assume new identities, and keep an eye on his pursuers.
He called the DMV, posing as a police officer and requesting the driver’s license data and photo of a police informer, ostensibly to make himself a fake ID that would get him out of any law enforcement encounters. Then he set off across the country, hiding his location with cloned cell phones.
And, after discovering that some of the FBI agents on his tail had cell phones through PacTel Cellular, he hacked the phone company’s systems to keep track of the agents’ call records and locations.
His fugitive status only raised his profile even further. In July 1994, the New York Times published a front-page article about Mitnick in which he was declared cyberspace’s “Public Enemy No. 1”.
Mitnick’s luck ran out seven months later. He was arrested in North Carolina in February 1995 after he hacked the computer of Tsutomu Shimomura, who had collaborated with the FBI and the author of the New York Times piece.
Mitnick’s Fresh Start… Again
Mitnick was charged with multiple counts of wire fraud, computer fraud, and several other crimes. His repeated requests for a bail hearing were denied, and he spent four and a half years in pretrial detention, with eight months in solitary confinement.
When he finally appeared in court, he pled guilty and was sentenced to 58 months in prison.
By then, Mitnick had already served most of his sentence. He was released in January 2000 and remained on probation for another three years.
Upon his release, Mitnick decided to go straight, this time for good. To his surprise, his national notoriety had drawn the attention of numerous companies looking to hire a cybersecurity consultant — a job that would allow him to use his hacking skills for good.
Under his new company, Mitnick Security Consulting, he began providing penetration testing, social engineering education, and security audits to private companies and government agencies. Mitnick found that his new job gave him the same endorphin rush as his previous hacking, but this time it was all above board.
Today, Mitnick is one of the most in-demand cybersecurity experts and has written several books about both his life and his hacking expertise. He has spoken at dozens of tech conferences and is the Chief Hacking Officer at KnowBe4, a company specializing in cybersecurity awareness.
Kevin Mitnick: On the Road to Redemption
Few hackers have been so notorious as to be named “Public Enemy No. 1” in the world’s biggest newspapers.
And even fewer have managed to turn that reputation on its head, dedicating their lives to helping others avoid the same attacks they once perpetrated.
But Kevin Mitnick, in his evolution from phreaker to fugitive to for-hire security guru, has done just that. And whatever you think of his original crimes, there’s no denying that his transformation has been both remarkable and rewarding — for both himself and the people whose lives he’s helped secure.
Kevin Mitnick Demonstrates the Access Card Attack (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional