In the late 90s Schmitz has gained publicity through his several high profile break-in claims. He was part of the German BBS scene and had his own BBS called "House of Coolness". On March 23 1998, Schmitz was sentenced to two years on probation for computer fraud: He hacked into a large number of X.25-connected corporate computer systems and abused international telephone services. By that time, he had already founded a computer security company called "data protect", a contributing factor to the court's decision not to send him back to jail where he had already suffered two months of detention. His arrogant style of dealing with the computer scene and his publication of technical details on phone phreaking earned him top spots the "Most Hated Person" charts in the Worldcharts diskmag for years ahead. (As of the last issue, released in 2002, he was #6.)
He sold data protect in 2000 to "TÜV Rheinland". In 2001 TÜV Data Protect was renamed to TÜV SecureIT. Today Schmitz is on probation for attendance in insider trading: He had harvested huge profits from buying $375,000 worth of shares of the nearly bankrupt company "LetsBuyIt.com" and subsequently announcing his intention of investing EUR 50 Million, creating the biggest single-day rise of a share price in the history of the German stock market. He quickly sold his shares and walked away. To date, he remains the only person to ever have been convicted for insider trading in Germany.
On CeBIT 1999 in Hannover, he displayed a Mercedes S-Class equipped with a GSM channel bank for in-car Internet access and video conferencing. The prohibitive cost of 16 parallel connections turned the project into a huge commercial failure.
Since 2001, Schmitz has had media coverage as a founder of a Hong Kong based investing company called Trendax. The company claimed to use AI for best investment options' selection, but never went public.
Aside from his flamboyant corporate activities, Schmitz got attention for several PR stunts. In 1999 he was driving around on the Munich airport for hours taking photos of himself in the cockpits of parked airplanes. In 2001 he offered a reward of USD 10 million for capture of Osama Bin Laden. His newly founded hacker group "YIHAT" (Young intelligent hackers against terrorism) didn't succeed in any of their anti-terrorism goals.
Schmitz is active in the streetracing scene. He took part in the Gumball 3000 rally several times and was the first to finish in 2001. He ran a website that claimed he is organising a street race called "Ultimate Rally". The event was originally announced for August 2006, but was postponed to 2007 after collecting money from potential participants. In late 2006, the concept was sold to an unknown investor, and entrants received a refund.
In January 2002 he announced his own suicide on his personal homepage. In fact his announcement was just part of a marketing campaign for his new project "Kimpire". The Kimpire website was a central point with linked to all of his projects and companies.
Schmitz is currently reported living between Germany, Hong Kong and Australia. As of late 2006, a number of his websites (including www.kimble.org) are blank. He has abandoned his extravagant lifestyle and is now acting as an advisor to Internet startup companies such as Friendster, iFilm, Gizmodo and Megaupload.
John T. Draper (born 1944), also known as Captain Crunch, Crunch or Crunchman (after Cap'n Crunch, the mascot of a breakfast cereal), is a former phone phreak.
Draper was the son of a US Air Force engineer; he described his father as distant in an interview published on the front page of the Jan 13-14, 2007, issue of The Wall Street Journal. Mr. Draper himself entered the Air Force in 1964, and while stationed in Alaska helped his fellow servicemen make free phone calls home by devising access to a local telephone switchboard. He was honorably discharged from the Air Force in 1968, and did military-related work for several employers in the San Francisco Bay Area. He adopted the counterculture of the times and operated a pirate radio station out of a Volkswagen van.
A blind friend of John Draper's named Joe Engressia (now known as Joybubbles) informed him that a toy whistle that was, at the time, packaged in boxes of Cap'n Crunch cereal could be easily modified to emit a tone at precisely 2600 hertz—the same frequency that was used by AT&T long lines to indicate that a trunk line was ready and available to route a new call. This would effectively disconnect one end of the trunk, allowing the still connected side to enter an operator mode. Experimenting with this whistle inspired Draper to build blue boxes: electronic devices capable of reproducing other tones used by the phone company.
“I don't do that. I don't do that anymore at all. And if I do it, I do it for one reason and one reason only. I'm learning about a system. The phone company is a System. A computer is a System, do you understand? If I do what I do, it is only to explore a system. Computers, systems, that's my bag. The phone company is nothing but a computer.” — From Secrets of the Little Blue Box by Ron Rosenbaum, Esquire Magazine (October 1971)
The class of vulnerabilities Draper and others discovered was limited to call routing switches that employed in-band signaling, whereas newer equipment relies almost exclusively on out-of-band signaling, the use of separate circuits to transmit voice and signals. Though they could no longer serve practical use, the Cap'n Crunch whistles did become valued collector's items. Some hackers sometimes go by the handle “Captain Crunch” even today; as a result of this incident 2600 The Hacker Quarterly is named after this whistle frequency. The expense of sustaining the unbilled phone calls, the redesign of the line protocols and the accelerated equipment replacement due to the blue box is difficult to calculate, or even to separate from something as complex and dynamic as the telephone long-distance network, but it is generally acknowledged to be a huge sum.
The 1971 Esquire Magazine article which told the world about phone phreaking got Draper in hot water. Draper was arrested on toll fraud charges in 1972 and sentenced to five years' probation. The article also brought him to the attention of Steve Wozniak. In the mid 1970s he taught his phone phreaking skills to Steve Jobs and Steve Wozniak, who later founded Apple Computer. He was briefly employed at Apple, and created a telephone interface board for the Apple II personal computer. Wozniak has said that the reason that the board was never marketed was that he was the only one in the company who liked him and partially due to Draper's arrest and conviction for wire fraud in 1977. Draper wrote EasyWriter, the first word processor for the Apple II, in 1979. According to the Wall Street Journal, he hand-wrote the code while serving nights in the Alameda County Jail, then entered the code later into a computer. However, another account had him writing the code as he served his four-month sentence at the Federal Correctional Institution, Lompoc, California.
Draper later ported EasyWriter to the IBM PC, beating Bill Gates on the bid for the IBM contract. Draper's company, Capn' Software, posted less than $1 million revenue over six years, and he subsequently sued his software's distributor, Bill Baker, over an unauthorized version of EasyWriter that Baker released. In the 1980s, Draper worked for AutoDesk, but was laid off. His eccentric behavior sometimes led to difficulties with potential clients. Currently he writes computer security software, is senior developer of KanTalk! VoIP software for teen singer/software model Kandice Melonakos, and he hosts an Internet TV show, Crunch TV.
One oft-repeated story featuring Captain Crunch goes as follows: Draper picked up a public phone, then proceeded to "phreak" his call around the world. At no charge, he routed a call through different phone switches in countries such as Japan, Russia and England. Once he had set the call to go through tens of countries, he dialed the number of the public phone next to him. A few minutes later, the phone next to him rang. Draper spoke into the first phone, and, after quite a few seconds, he heard his own voice very faintly on the other phone. This is just one example of his career in phreaking exploits. Draper was a member of the Homebrew Computer Club. Draper also claimed, in the interview with the Wall Street Journal, that he once managed to place a direct call to the White House and spoken directly with someone who sounded like Richard Nixon; Draper told him about a toilet paper shortage in Los Angeles.
Eric Gordon Corley, also frequently referred to by his pen name of Emmanuel Goldstein, is a figure in the hacker community. He and his non-profit organization 2600 Enterprises, Inc., together publish a magazine called 2600: The Hacker Quarterly, which Corley founded in 1984.
Corley's pseudonym, Emmanuel Goldstein, is taken from the book 1984. In the book, Emmanuel Goldstein is the mysterious, and questionably existant leader of the opposition to Big Brother and the totalitarian state.
In 1999 Corley was named as a defendant in Universal v. Reimerdes, the movie industry's attempt to squelch DeCSS. DeCSS is a computer program capable of decrypting content on a DVD video disc encrypted using the Content-Scrambling System (CSS). 2600.com had provided links to websites which contained the DeCSS code. Corley was the only defendant who chose to fight the industry in court. United States District Judge Lewis A. Kaplan ruled against Corley.
In 1999, Corley released the full length documentary Freedom Downtime (which he wrote, directed and produced), which was about convicted hacker Kevin Mitnick and the Free Kevin movement, among other things. He is currently in the process of filming his latest documentary, Speakers' World. Furthermore, he was creative advisor to the movie Hackers.
He was arrested on August 31, 2004 in New York City, while trying to videotape a demonstration against the Republican National Convention, in which Corley asserts he was not a participant. After being detained for more than 30 hours, he was charged with disorderly conduct. At a hearing on November 29, 2004, the city dropped all charges against Corley.
Eric Corley currently lives in Middle Island, in Long Island's Suffolk County.
Corley hosts a radio show Off The Hook on WBAI, and is concerned with legal matters related to social engineering and other issues affecting the hacker world.
Corley also hosts a show on WUSB 90.1 FM called Off the Wall, a semi call-in show that discusses current world topics, and usually whatever is on his mind. He has done other radio shows there, including The Voice of Long Island, and Brain Damage.
Corley is an alumnus of Ward Melville High School and the State University of New York at Stony Brook, which is host to WUSB (FM). He attended from 1977 to 1982, graduating with a degree in English.
Jon Lech Johansen (born November 18, 1983 in Harstad, Norway), also known as DVD-Jon, is a Norwegian (his father is Norwegian and mother is Polish) who is famous for his work on reverse engineering data formats. He is most famous for his involvement in the release of the DeCSS software, which decodes the content-scrambling system used for DVD licensing enforcement. Jon is a self-trained software engineer, who quit high school at the first year to spend more time with the DeCSS case. He moved to the United States and worked as a software engineer in October 2005 until November 2006, and has now moved back to Norway for unknown reasons.
Johansen is featured in the documentary film info wars.
The DeCSS prosecution
After Johansen released DeCSS, he was prosecuted in Norway for computer hacking in 2002.
The prosecution was conducted by Økokrim, a Norwegian crime unit investigating and prosecuting economic crime, after a complaint by the US DVD Copy Control Association (DVD-CCA) and the Motion Picture Association (MPA). Johansen has denied writing the decryption code in DeCSS, saying that this part of the project originated from someone in Germany. His defense was assisted by the Electronic Frontier Foundation. The trial opened in the Oslo district court (Oslo tingrett) on December 9, 2002 with Johansen pleading not guilty to charges that had a maximum penalty of two years in prison or large fines. The defense argued that no illegal access was obtained to anyone else's information, since Johansen owned the DVDs himself. They also argued that it is legal under Norwegian law to make copies of such data for personal use. The verdict was announced on January 7, 2003, acquitting Johansen of all charges.
This being the verdict of the district court, two further levels of appeals were available to the prosecutors, to the appeals court and then to the Supreme Court. Økokrim filed an appeal on January 20, 2003 and it was reported on February 28 that the appeals court (Borgarting lagmannsrett) had agreed to hear the case.
Johansen's second DeCSS trial began in Oslo on December 2, 2003, and resulted in an acquittal on December 22, 2003. Økokrim announced on January 5, 2004 that it would not appeal the case to the Supreme Court.
In 2001, Johansen released OpenJaz, a reverse-engineered set of drivers for Linux, BeOS and Windows 2000 that allow operation of the JazPiper MP3 player without its proprietary drivers.
In November 2003, Johansen released QTFairUse, an open source program which dumps the raw output of a QuickTime AAC stream to a file, which could bypass the digital rights management (DRM) software used to encrypt content of music from media such as those distributed by the iTunes Music Store, Apple Computer's online music store. Although these resulting raw AAC files were unplayable by most media players at the time of release, they represent the first attempt at circumventing Apple's encryption.
Johansen had by now become a VideoLAN developer, and had reverse engineered FairPlay and written VLC's FairPlay support.  It has been available in VideoLAN CVS since January 2004, but the first release to include FairPlay support is VLC 0.7.1 (released March 2, 2004).
On April 25, 2004 Johansen released yet another program: DeDRMS. Written in C#, this 230 line program is also said to remove copy prevention.
On July 7, 2004 he released FairKeys, a program that can be used to retrieve the keys needed by DeDRMS from the iTunes Music Store servers itself.
On August 12, 2004 Johansen announced on his website that he defeated Apple's AirPort Express's encryption which lets users stream Apple Lossless files to their AirPort Expresses.
On November 25, 2004 he released a proof of concept program that allows Linux users (via VLC) to play video encoded with Microsoft's proprietary WMV9 codec, by porting the reference version of the software. This is a significant development as Microsoft has been lobbying to have their codec used with the next DVD standard.
On March 18, 2005, Travis Watkins and Cody Brocious, along with Johansen, wrote PyMusique, a Python based program which allows the download of purchased files from the iTunes Music Store without DRM encryption. This was possible because Apple Computer's iTunes software adds the DRM to the music file after the music file is downloaded. On March 22, Apple released a patch for the iTunes Music Store blocking the use of his PyMusique program. The same day, an update to PyMusique was released, circumventing the new patch.
On June 26, 2005, Johansen created a modification of Google's new in-browser video player (which was based on the open source VLC media player) in less than 24 hours after its release, to allow the user to play videos that are not hosted on Google’s servers. The significance of the modification was exaggerated by the online media.
In late summer, Håkon Wium Lie, the Norwegian co-creator of Cascading Style Sheets and long-time supporter of open source, named Jon Lech Johansen a "hero" in a net meeting arranged by one of Norway's biggest newspapers.
2 September 2005, The Register published news that DVD Jon had defeated encryption in Microsoft's Windows Media Player by reverse engineering a proprietary algorithm that was ostensibly used to protect Media Player NSC files from engineers sniffing for the files' source IP address, port or stream format. Johansen had also made a decoder available.
September, 2005, Johansen announced the release of SharpMusique 1.0, an alternative to the default iTunes program. The program allows Linux and Windows users to buy songs from the iTunes music store without copy protection.
In 2005, Johansen worked for MP3tunes in San Diego as a software engineer. His first project was a new digital music product, code-named Oboe.
In November 2005 a Slashdot story notes that Sony-BMGs XCP DRM software includes code and comments (such as "copyright (c) Apple Computer, Inc. All Rights Reserved." illegally copied from an iTunes DRM circumvention program by Jon Lech Johansen. A popular claim was that, using the criteria that RIAA uses in its copyright lawsuits, Johansen could sue for billions of dollars in damages.
his intent to defeat the encryption of Next-Generation DVD encryption, AACS. It appears that Johansen is aiming for a winter 2006/2007 release of a circumvention application.
On June 7, 2006, Johansen announced that he had moved to San Francisco and was joining DoubleTwist Ventures.
In October 2006, Johansen and DoubleTwist Ventures announced they had reverse engineered Apple Computer's DRM for iTunes, called FairPlay. Rather than allow people to strip the DRM, DoubleTwist would license the ability to apply FairPlay to media companies who wanted their music and videos to play on the iPod, without having to sign a distribution contract with Apple.
Adrian Lamo (born 1981) is an infamous former grey hat hacker and journalist, principally known for breaking into a series of high-security computer networks, and his subsequent arrest. Best known among these were his intrusions into The New York Times and Microsoft. He is also known for attempting to identify security flaws in computer networks of Fortune 500 companies and then notifying them of any found; while still illegal in many places without permission, this can be seen as a form of unsolicited penetration testing.
Lamo was born in Boston, Massachusetts to Mario Lamo and Mary Lamo-Atwood. Dubbed the "homeless hacker" for his transient lifestyle, Lamo spent most of his travels couch-surfing, squatting in abandoned buildings and travelling to Internet cafes, libraries and universities to investigate networks, and sometimes exploit security holes. Despite performing authorized and unauthorized vulnerability assessment for several large, high-profile entities, Lamo refused to accept payment for his services. In the past, his lifestyle allowed him to travel up and down the coasts of the United States, often by coach, carrying all necessary possessions in a backpack.
Since Lamo's sentencing, he has entered the early stages of a career as an award-winning journalist, studying at American River College, with writing, photography, and editorial work / collaboration appearing in Network World, Mobile Magazine, 2600 Magazine, The American River Current, XY Magazine, and others. Lamo has interviewed personalities ranging from John Ashcroft, to Oliver Stone to alleged members of the Earth Liberation Front. Lamo also has a history of public speaking - he was a keynote speaker at a government security conference in 2005 alongside Bruce Schneier, and a panelist at the Information Security In the Age of Terrorism conference.
Lamo has shown signs of increased cooperation with media since his release from federal custody, including a podcast interview with Patrick Gray in Australia, and a recent segment on 88.1 WMBR out of Cambridge.
Activities and techniques
Adrian Lamo is perhaps best known for breaking into The New York Times internal computer network in February 2002, adding his name to confidential databases of expert sources, and using the paper's LexisNexis account to conduct research on high-profile subjects, although his first published activities involved operating AOL watchdog site Inside-AOL.com. The Times filed a complaint and a warrant for Lamo's arrest was issued in August 2003 following a 15 month investigation by federal prosecutors in New York. At 10:15 AM on September 9, after spending a few days in hiding, he surrendered to the US Marshals in Sacramento, California. He re-surrendered to the FBI in New York City on September 11, and pleaded guilty to one count of computer crimes against Microsoft, Lexis-Nexis and The New York Times on 8 January, 2004.
Later in 2004, Lamo was sentenced to six months' detention at his parents' home plus two years probation, and was ordered to pay roughly $65,000 in restitution. He was convicted of compromising security at The New York Times and Microsoft, and is alleged to have admitted to exploiting security weaknesses at Excite@Home, Yahoo!, Microsoft, MCI WorldCom, Ameritech, Cingular and has allegedly violated network security at AOL Time Warner, Bank of America, Citigroup, McDonald's and Sun Microsystems. Companies sometimes use proxies to allow their employees access to the internet, without giving the internet access to their internal network. However, when these proxies are improperly configured, they can allow access to the company's internal network. Lamo often exploited this, sometimes using a tool called ProxyHunter.
Critics have repeatedly labelled Lamo as a publicity seeker or common criminal, claims that he has refused to publicly refute. When challenged for a response to allegations that he was glamorizing crime for the sake of publicity, his response was "Anything I could say about my person or my actions would only cheapen what they have to say for themselves." When approached for comment during his criminal case, Lamo would frequently frustrate reporters with non sequiturs such as "Faith manages" and "It was a beautiful day."
At his sentencing, Lamo expressed remorse for harm he had caused through his intrusions, with the court record quoting him as adding "I want to answer for what I have done and do better with my life."
As of 16 January 2007, Lamo's probation was terminated, ending a three-year period during which the American government stripped him of certain opportunities, including the ability to employ any privacy protection software, travel outside certain established boundaries, socialize with security researchers, and other activities enjoyed by the public.
On May 9, 2006, while 18 months into a two year probation sentence, Adrian Lamo refused to give the United States government a blood sample they demand so as to record his DNA in their CODIS system. According to his attorney, Adrian Lamo has a religious objection to giving blood, but is willing to give his DNA in another form. "He went in there with fingernail clippings and hair, and they refused to accept it, because they will only accept blood" said federal public defender Mary French. A 26 March 2007 extended evidentiary hearing is scheduled to address a motion to dismiss filed by Lamo's counsel.
On June 15, lawyers for Lamo filed another motion citing the Book of Genesis as one basis for Lamo's religious opposition to the frivolous spilling of blood: "The Book of Genesis leaves unambiguous this matter. Therein, those who would spill the blood of man are rebuked as follows: "Whoever sheds the blood of man, by man shall his blood be shed; for in the image of God has God made man." Genesis 9:6 (New International Version)."
Lamo continued: "Under this admonition, not only would I be blinding myself to the direct instructions of scripture by shedding blood, but I would similarly be casting whomever facilitated this act into sin, multiplying my culpability," setting the basis for defense counsel Mary French to urge US District Court Judge Frank Damrell to exempt Lamo from the sampling entirely, or to order his probation officer to accept some other biological product in lieu of blood, as previously offered by Lamo.
Can You Hack It?
Can You Hack It?, a documentary covering Lamo's life and times, is slated for release under the care of Trigger Street Productions. Directed by Sam Bozzo, it features Apple Computer co-founder Steve Wozniak, TechTV personality Leo Laporte, and narration by actor Kevin Spacey. The film explores the practical and ethical themes of modern computer hacking, intertwining Lamo's story with those of controversial figures throughout history.
Gary McKinnon, also known as Solo, (born in Glasgow in 1966) is a British hacker accused by the United States of perpetrating the "biggest military computer hack of all time." Following legal hearings in the UK it was decided in July 2006 that he should be extradited to the United States. In February 2007 his lawyers argued against this ruling in an appeal to the High Court in London , which was turned down on April 3 . He still has the possibility of appealing to the House of Lords, and his lawyer has stated that he will do this within 14 days using the argument that because the alleged offences were committed in the UK this is where he should be tried.
The computer systems administrator is accused of hacking into 97 United States military and NASA computers in 2001 and 2002. The computer networks he is accused of hacking include networks owned by NASA, the US Army, US Navy, Department of Defense and the US Air Force. The US estimates claim the costs of tracking and correcting the problems he allegedly caused were around $700,000.
McKinnon was originally tracked down and arrested under the Computer Misuse Act by the UK National Hi-Tech Crime Unit (NHTCU) in 2002 who informed him that he would face community service. The Crown Prosecution Service refused to charge him. Later that year he was indicted by the United States government. McKinnon remained at liberty without restriction for three years until June 2005 (after the UK had implemented a new extradition treaty with the US [which the US congress has not ratified]) when he became subject to bail conditions including a requirement to sign in at his local police station every evening, and to remain at his home address at night. In addition he was banned from using a computer with access to the Internet. There have been no more developments in respect of the charges relating to United Kingdom legislation but in late 2005 the United States began extradition proceedings.
If he is extradited to the U.S. and charged, McKinnon faces up to 70 years in jail and has expressed fears that he could be sent to Guantanamo Bay. He has said that he will contest the extradition proceedings and believes that he should face trial in the UK, principally as he argues that his "crimes" were committed there and not in the United States.
In an interview televised on the BBC's Click programme, he claimed that he was able to get into the military's networks simply by using a Perl script that searched for blank passwords; in other words his report suggests that there were computers on these networks with the default passwords active.
Statements to the media
During the length of time between his indictment and beginning of extradition proceedings, with a growing media interest in his case, Gary McKinnon has had a number of opportunities to address the media.
At the Infosecurity Europe 2006 conference in London on April 27, 2006, McKinnon appeared on the Hackers' Panel. When asked how his exploits were first discovered, McKinnon answered that he had miscalculated the timezone — he was using remote-control software to operate a Windows computer while its user was sitting in front of it.
McKinnon has admitted in many public statements to unauthorised access of computer systems in the United States including those mentioned in the United States indictment. He claims his motivation, drawn from a statement made before the Washington Press Club on May 9, 2001 by a group of high level ex-military and civilian sources known as "The Disclosure Project", was to find evidence of UFOs, antigravity technology, and the government suppression of "Free Energy", all of which he claims to have proven through his actions.
In his interview with the BBC he also claimed that "The Disclosure Project" says there is "extra-terrestrial and origin and [they've] captured spacecraft and reverse engineered it." He also claimed to have downloaded a low-resolution image of "something not man-made" and "cigar shaped" floating above the northern hemisphere. He said that unfortunately he did not manage to get a screenshot or recording of the image because he was "bedazzled" to see the image, could not remember the capture function in the software RemotelyAnywhere, and that he was "cut off" from his connection.
The charge that he perpetrated "the biggest military hack of all time" is disputed by McKinnon who characterises himself as a "bumbling computer nerd". He refers to previous documented incidents of hacking including May 2001 when as acknowledged by U.S. government contractor Exigent International one or more hackers broke into a U.S government server storing satellite software and stole code. Evidence led investigators to an e-mail service in Sweden but the culprits were never apprehended. In 1997, two California teenagers and a trio of Israeli hackers were arrested for hacking into Pentagon servers. Israeli hacker Ehud Tenenbaum, then 18 years old, and his two teenage accomplices were not extradited, but were prosecuted by local authorities. McKinnon has also claimed that on many occasions he noticed other hackers unlawfully entering the same systems and suggests that his activities were not unique. The U.S. Pentagon has for example in the past cited as many as 250,000 attacks in a single year.
Gary McKinnon's extradition hearing was determined by the provisions of the UK Extradition Act 2003.
Under this Act there is no requirement for an extradition request from the United States to contain prima facie evidence of the charges. Following earlier adjournments a final court hearing was held on 10 May 2006 at Bow Street Magistrates' Court. The court recommended that he be extradited.
The adjourning of earlier hearings was occasioned by a request from the defence to obtain the following assurances: that Gary McKinnon would not be tried by a military tribunal, will be eligible for parole and will not have to serve his sentence at Guantanamo Bay. At a hearing on 12 April 2006 the prosecution produced an unsigned note from the US Embassy, claimed to be a guarantee that McKinnon would not be tried under U.S. Military Order 1 (November 13, 2001 - 66 Fed. Reg. 57,833 "Military Order"), which allows suspected terrorists to be tried under military law. However, the defence argued that the note was not binding as it was unsigned. The defence called as a witness Clive Stafford-Smith, a US-based lawyer who has defended inmates of Guantanamo Bay. Stafford-Smith argued that the note would not prevent McKinnon from being treated as a terrorist.
However in the final hearing on 10 May 2006 District Judge Nicholas Evans, ruling in the case, said he had received assurances that Mr McKinnon would be tried in a federal court in Virginia. He added that "any real - as opposed to fanciful - risk" of Mr McKinnon being sent to Guantanamo had receded. The case has been taken up again in the High Court in February 2007. His lawyers have stated they will again ask the Home Secretary to refuse extradition on the grounds that his human rights (under European Union law) have been violated .
The final decision in cases of extradition rests with the UK Home Secretary. On July 6, 2006 Home Secretary John Reid decided to allow the extradition "for charges connected with computer hacking". According to a Home Office spokesman: "Mr McKinnon had exercised his right to submit representations against return but the secretary of state did not consider the issues raised availed Mr McKinnon." In respect of U.S. Military Order 1 it has been noted that recently such military tribunals have been ruled illegal by the U.S. Supreme Court, and may conceivably have been an influence in the Home Secretary's decision.
McKinnon's appeal against the extradition order was quashed by a High Court judge on April 3, 2007
Kevin David Mitnick (born August 6, 1963) is a computer security consultant and convicted computer hacker. Mitnick served five years in prison (four and a half years of it of it pre-trial), 8 months of that in solitary confinement, and was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially restricted from using any communications technology other than a landline telephone. After fighting this decision in court, the judge ruled in favor of Mitnick, and when Mitnicks supervised part of his release ended this allowed him to access the Internet.
Kevin Mitnick began social engineering or perhaps discovered his first engineerible situation the age of 12. He realized could bypass the punchcard system used for the Los Angeles bus system, by buying himself his own punch, get free bus rides anywhere in the greater LA area. Social engineering became his primary method of obtaining information, whether it be usernames, passwords, modem phone numbers, anything that would have been useful in whatever mark he was working on.
Mitnick broke into his first computer network in 1979, when a friend gave him the phone number for the Ark, the computer system at Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's systems and stole DEC's software, for which he was later convicted. This was the first of a series of run-ins with the law.
Kevin Mitnick would change his identity by exploiting how the identification system worked in the United States. He would obtain the birth certificates of recently deceased newborns and very young children (around the ages of 1 to 3 years old), as the government had no distinct record of their death since they never worked nor were involved in society. Furthermore, the certificates would have to be from someone who was, for example, born in Washington and died in California, as it was more difficult to trace back to the original source. He changed his identity about three or four times, any time he changed jobs. He claimed to have learned most of this information through a book by the title of Paper Trail, written by Barbara Snow Gilbert. Mitnick was arrested after the FBI obtained a search warrant, searched his house, and found his wallet with numerous fake ID's. Although he was caught in an accident, by having the fake identification still in his possession, once out of jail, he was able to evade the FBI and police for a relatively large amount of time.
Kevin Mitnick's criminal activities, arrest, and trial were controversial.
The core of the controversy came from two books that presented views that were at odds with one another: John Markoff and Tsutomu Shimomura's Takedown, and Jonathan Littman's The Fugitive Game. In particular, Littman made allegations of journalistic impropriety against Markoff, of overzealous prosecution of Mitnick by the government, of mainstream media over-hyping of Mitnick's actual crimes, and of the legality of Shimomura's involvement in the matter. Further controversy came over the release of the movie Takedown, with Littman alleging that portions of the film were taken from his book without permission.
The case against Mitnick tested then-nascent laws that had been enacted for dealing with computer crime, and it raised public awareness of security issues involving networked computers. The controversy remains, however, as Mitnick is often used today as an example of the quintessential computer criminal although his exploits are less notable than his notoriety suggests.
Furthermore, supporters of Mitnick assert that many of the charges against him were fraudulent and not based on actual losses. A lot of the hype surrounding Mitnick's exploits were media sensationalism; For example, many believe that Mitnick was once in the FBI's most wanted list. This is actually a myth. Federal prosecuter Kent Walker said in an interview to the New York Times: "He (Mitnick) was arguably the most wanted computer hacker in the world, he allegedly had access to corporate trade secrets worth millions of dollars. He was a very big threat". The headline of the resultant article, "A Most-Wanted Cyberthief Is Caught in His Own Web," was later picked up by Associated Press, Time Magazine and Reuters, thus perpetuating the myth. Mitnick has alleged that at one time he was held in solitary confinement for 8 months because his girlfriend Suzy Thunder told authorities Mitnick could cause a nuclear attack by whistling into a phone. He was refused access to a phone because of this.
While Mitnick's actual actions may not have justified the level of official concern they did, the fact that his activities were criminal is not disputed. Mitnick's first adult criminal sentence was considerably shorter than is the norm today. His second adult criminal sentence was typical for a second offense committed while on probation.
The film Freedom Downtime, a documentary that centers on the topics of Kevin Mitnick's incarceration in a maximum security prision, Miramax's film's screen adaptation of Takedown, and the "FREE KEVIN" movement, was made in 2001 by Emmanuel Goldstein and produced by 2600 Films in 2006.
Attacks on Mitnick's sites
On August 20, 2006, Kevin Mitnick's site was defaced by Pakistani hackers with offensive messages against him. The domain names defensivethinking.com, mitsec.com, kevinmitnick.com and mitnicksecurity.com displayed the vandalism for hours before the affected files were replaced.
The Web hosting provider that hosts my sites was hacked, fortunately, I don't keep any confidential data on my Web site, so it wasn't that serious. Of course it is embarrassing to be defaced—nobody likes it.
As a notorious figure, Mitnick has been targeted by hackers who wish to bolster their status and for people seeking to prove their abilities. Also, sites supporting Mitnick have been targeted as well.
Zone-H reports that in one occasion, there was a struggle between different black hat and white hat hackers when some defacers put their nicks on Mitnick's site and fans who were replacing the vandalized copy with an original unmodified one. This went on for a full day.
* Mitnick offers security consulting services through his company Mitnick Security Consulting, LLC and has co-authored two books on computer security. The books are The Art of Deception (2002), which focuses on social engineering, and The Art of Intrusion (2005), focusing on real stories of security exploits.
* He has also co-authored (with Alexis Kasperavicius) a social engineering prevention training course and certification: CSEPS.
* On Aug 20, 2006, A Syrian editor, Nidal Maalouf, accused Mitnick of stealing his domain name (Syria-news.com), He falsely claimed that Mitnick is the FBI's No.1 wanted person for illegal acts against a number of internet sites. Maalouf was interviewed by the local newspaper "Bourses & Markets", and the interview was quoted by Al-Ayham Saleh on his personal website.
* Mitnick usually makes semiannual appearances on the popular late night radio show Coast to Coast AM. Mitnick has also hosted the show with interviews including Steve Wozniak (on April 30, 2006).
* Kevin Mitnick has been invited to be a speaker at many events. He was the keynote speaker at the IAPP (International Association of Privacy Professionals) Privacy Academy in Las Vegas, October, 2005, Kevin Mitnick was also a speaker at the National Youth Leadership Forum on Technology in San Jose, CA, in the summer of 2004 as well as a keynote speaker at The Fifth H.O.P.E. in New York, NY, July, 2004. One of his first appearances was at ITESM Monterery Tec, on February 2003 where he was also the keynote speaker, and spoke to a sellout at the campu's auditorium, Auditorio Luis Elizondo. He was scheduled to speak at the sixth H.O.P.E. in 2006, but was unable to attend after becoming ill while vacationing in Colombia.
* Kevin Mitnick was a "surprise guest" in the 40th TWiT podcast when, while in Las Vegas for a conference, he ran into Steve Wozniak at a table outside a Starbucks coffee store. Wozniak was on the line with fellow TWiT hosts via Skype on his notebook computer, and Mitnick remained with Wozniak for much of the remainder of the show.
* Kevin Mitnick appeared on "Thebroken", an online videozine marketing itself as 'borderline legal.' He appeared on the third episode of the show, but was given mention in the first.
* Mitnick guest starred in a first season episode of Alias. The casting was an in-joke, since Mitnick played a CIA hacker. Due to the conditions of his parole, however, the computer he used in the scene was a prop.
* Kevin Mitnick has recently appeared on the South African actuality programme "Carte Blanche".
* On 2 March 2007, the WELL declined his application for admission, refunding his membership fee.
* Kevin Mitnick now resides in Las Vegas, Nevada.
In popular culture
* Mitnick is referenced by a fictional radio caller in the video game Grand Theft Auto III. The crazy caller rants and raves about the National Security Agency's ECHELON system and government conspiracies. At the end, he is asked if he wants to say anything else and answers "yes", and then shouts "FREE KEVIN!", but is immediately cut off. "Free Kevin" is a reference to the controversy over Mitnick's trial and incarceration.
* Kevin Mitnick is mentioned in episode 18 of the anime "Black Lagoon".
* The video game "Vampire: The Masquerade - Bloodlines" features a Nosferatu hacker named Mitnick.
* Mitnick is played by actor Skeet Ulrich in the movie Takedown.
* Mitnick's voice can be heard in the video game "Grand Theft Auto: San Andreas". During WCTR's "Area 53" conspiracy theory show, an unnamed caller talks about being kept in solitary confinement for 8 months because 'I can launch nuclear missiles by just whistling into a phone!'. The caller is none other than Kevin Mitnick himself. The host of the show, Marvin Trill, asks if the caller can blow up all the other radio stations in town, to which Mitnick replies 'Hey, I don't do that anymore. I only use my powers for good.'.