The U.S. government has turned to an unlikely source of computer security expertise -- a notorious computer hacker who spent nearly five years behind bars and once topped the FBI's most wanted list.
Less than two months out of jail, Kevin Mitnick, 36, got a warm reception yesterday from a U.S. Senate committee in Washington as he guided the panel through the murky world of hackers and cybercrime.
Mr. Mitnick's confident and articulate testimony even prompted one senator -- Joseph Lieberman of Connecticut -- to tell Mr. Mitnick he would make a good lawyer. Another suggested Mr. Mitnick, who can't touch a computer for three years, paid too steep a price for his hacking exploits, which have been chronicled in three books and a coming Hollywood movie.
While bragging about his own knack for infiltrating computers, Mr. Mitnick heaped scorn on the computer vandals who last month crippled many of the leading Internet Web sites such as Yahoo.com and Amazon.com. The Federal Bureau of Investigation, working with the RCMP and other foreign police agencies, has yet to make any arrests in the case.
"My motivation was the quest for knowledge, the intellectual challenge and the thrill," the impish-looking Mr. Mitnick told the Senate governmental affairs committee. "I felt like an explorer on these computer systems."
He dismissed the perpetrators of last month's so-called denial-of-service attacks as unskilled vandals bent on destruction.
Mr. Mitnick, now hailed by many in the hacker community as a martyr and a hero, said he never destroyed anything nor "made a red cent" from his activities. He likened his crime to trespassing, rather than fraud.
Mr. Mitnick, who has appeared on CBS's 60 Minutes and penned an opinion piece for Time Magazine since his Jan. 21 release from federal prison, boasted that he successfully broke into some of the world's most secure computers in a 20-year hacking spree that began when he was teenager. He said he was only foiled once -- trying to break into the home computer of a British computer security expert.
Mr. Mitnick was arrested in 1995 and pleaded guilty in March, 1999, to nine counts of wire and computer fraud. He served 59 months and seven days before being set free under supervised release with strict conditions. He can't touch a computer equipped with a modem, a television with Internet access or a cellphone until 2003. He is also barred from giving advice to any individual or group engaged in computer-related activities.
But the reformed hacker clearly misses his former vocation, and he complained that his strict probation conditions mean he's virtually unemployable.
"I have to live as if I were part of the Amish," the unemployed Mr. Mitnick said in a recent interview in the Village Voice.
"I miss [the Internet]" he told the magazine, adding that he would make a great Internet security expert. "I want to get back and see all the new things now that e-commerce has boomed and it's become a tool for the exercise of freedom of expression."
The Senate committee is considering a wide-ranging bill to require agencies to create anti-hacker programs and seek approval from the Office of Management and Budget that such plans are adequate.
Mr. Mitnick called the legislation "a good first step," but warned that many computer security lapses are human rather technical, noting that he often duped people into giving him secret access codes and phone numbers. And he warned that the Internet is designed to be open and accessible, making security inherently more difficult.
"You can't eliminate [the threat]" he told the committee. "You can only make it more difficult. . . . If somebody really wants to get in, they'll go in through a window."
He offered a half-dozen concrete suggestions, such as requiring agencies to protect their most sensitive data and training employees to recognize when attacks are under way.
Barrie McKenna