T H E A R T O F INTRUSION The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers Kevin D. Mitnick William L. Simon 01_569597 ffirs.qxd 1/11/05 9:22 PM Page iii 01_569597 ffirs.qxd 1/11/05 9:22 PM Page ii T H E A R T O F INTRUSION The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers 01_569597 ffirs.qxd 1/11/05 9:22 PM Page i 01_569597 ffirs.qxd 1/11/05 9:22 PM Page ii T H E A R T O F INTRUSION The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers Kevin D. Mitnick William L. Simon 01_569597 ffirs.qxd 1/11/05 9:22 PM Page iii Vice President & Executive Group Publisher: Richard Swadley Vice President and Executive Publisher: Bob Ipsen Vice President and Publisher: Joseph B. Wikert Executive Acquisitions Editor: Carol Long Development Editors: Emilie Herman, Kevin Shafer Editorial Manager: Kathryn Malm Bourgoine Senior Production Editor: Angela Smith Project Coordinator: April Farling Copy Editor: Joanne Slike Interior Design: Kathie S. Rickard Text Design & Composition: Wiley Composition Services Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2005 by Kevin D. Mitnick and William L. Simon Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, e-mail: brandreview@wiley.com. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war- ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommen- dations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between then this work was written and when it is read. For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data: Mitnick, Kevin D. (Kevin David), 1963- The art of intrusion : the real stories behind the exploits of hackers, intruders, and deceivers / Kevin D. Mitnick, William L. Simon. p. cm. Includes index. ISBN 0-7645-6959-7 (cloth) 1. Computer security. 2. Computer hackers. I. Simon, William L., 1930- II. Title. QA76.9.A25M587 2005 005.8--dc22 2004025697 01_569597 ffirs.qxd 1/11/05 9:22 PM Page iv For Shelly Jaffe, Reba Vartanian, Chickie Leventhal, Mitchell Mitnick For Darci and Briannah And for the late Alan Mitnick, Adam Mitnick, Sydney Kramer, Jack Biello. For Arynne, Victoria, Sheldon, and David, and for Vincent and Elena 01_569597 ffirs.qxd 1/11/05 9:22 PM Page v 01_569597 ffirs.qxd 1/11/05 9:22 PM Page vi Contents Chapter 1 Hacking the Casinos for a Million Bucks . . . . . . . . . . . . . . . .1 Chapter 2 When Terrorists Come Calling . . . . . . . . . . . . . . . . . . . . . . .23 Chapter 3 The Texas Prison Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Chapter 4 Cops and Robbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69 Chapter 5 The Robin Hood Hacker . . . . . . . . . . . . . . . . . . . . . . . . . .91 Chapter 6 The Wisdom and Folly of Penetration Testing . . . . . . . . . . .115 Chapter 7 Of Course Your Bank Is Secure — Right? . . . . . . . . . . . . . .139 Chapter 8 Your Intellectual Property Isn’t Safe . . . . . . . . . . . . . . . . . .153 Chapter 9 On the Continent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 Chapter 10 Social Engineers — How They Work and How to Stop Them . . . . . . . . . . . . . . . . . . . . . . . . . . .221 Chapter 11 Short Takes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261 02_569597 ftoc.qxd 1/11/05 9:35 PM Page vii [...]... would be staying behind to man the computer They were ready to start testing their method One of the team would begin to play and would call out the hand he got — the denomination and suit of each of the five cards Larry would enter the data into their 8 The Art of Intrusion own computer; though something of an off-brand, it was a type popular with nerds and computer buffs, and great for the purpose because... co-author and I agreed on the believability of every person whose story we have included Nevertheless, details have often been changed to protect the hacker and the victim In several of the stories, the identities of companies are disguised I modified the names, industries, and locations of targeted organizations In some cases, there is misleading information to protect the identity of the victim or to prevent... go back to the casino and spend time on other machines until the player left Then Alex would sit down at the target machine, with Annie at the machine next to him They’d started playing, making a point of looking like they were having fun Then, as Alex recalls: I’d start a play, carefully synchronized to my Casio timer When the hand came up, I’d memorize it — the value and suit of each of the five cards,... people, they’ve taught me the principles of caring about others and lending a helping hand to the less fortunate And so, by imitating the pattern of giving and caring, I, in a sense, follow the paths of their lives I hope they’ll forgive me for putting them on the back burner during the process of writing this book, passing up chances to see them with the excuse of work and deadlines to meet This book... sense of rhythm, you can hit a button within plus or minus five milliseconds If everything worked the way it was supposed to, the machine would display the sought-after royal flush They tried it on their own machine, practicing until all of them could hit the royal flush on a decent percentage of their tries Over the previous months, they had, in Mike’s words, “reverse engineering the operation of the. .. how the random numbers were turned into cards on the screen, precisely when and how fast the RNG iterated, all of the relevant idiosyncrasies of the machine, and developed a program to take all of these variables into consideration so that once we know the state of a particular machine at an exact instant in time, we could predict with high accuracy the exact iteration of the RNG at any time within the. .. precision the exact cycle time of the machine One method they used involved stuffing a video camera into a shoulder bag; at the casino, the player would position the bag so the camera lens was pointing at the screen of the video poker machine, and then he would run the camera for a while “It could be tricky,” he remembers, “trying to hoist the bag into exactly the right position without looking like the. .. production units that they use on the casino floor.” Mike paid the man 1,500 bucks for a machine, a Japanese brand “Then two of us put this damn thing in a car We drove it home as if we had a baby in the back seat.” Developing the Hack Mike, Alex, and Marco lugged the machine upstairs to the second floor of a house where they had been offered the use of a spare bedroom The thrill of the experience would long... that they might even have replaced the gold master that they’re supposed to compare the machine’s chip against The beauty of his team’s hack, Alex insisted, was that they didn’t have to change the firmware And they thought their own approach offered much more of a challenge The team couldn’t keep winning as big as they were; the guys figured “it was clear that somebody would put two and two together... compiled into the form that the machine can read, these road signs are ignored — the computer or microprocessor has no need for them So code that has been reverse-engineered lacks any of these useful explanations; to keep with the “road signs” metaphor, this recovered code is like a roadmap with no place names, no markings of highways or streets 6 The Art of Intrusion They sifted through the pages of code . Mitnick, Kevin D. (Kevin David), 1963- The art of intrusion : the real stories behind the exploits of hackers, intruders, and deceivers / Kevin D. Mitnick, William. 9:22 PM Page ii T H E A R T O F INTRUSION The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers 01_569597 ffirs.qxd 1/11/05 9:22