Mitnick Quotes & Sayings

I obtained confidential information in the same way government employees did, and I did it all without even touching a computer ... I was so successful with this line of attack that I rarely had to go towards a technical attack. — Kevin Mitnick

Anything out there is vulnerable to attack given enough time and resources. — Kevin Mitnick

I'm an expert witness in a case that's in appeal about a guy who allegedly misappropriated source code from a major, major company - he actually worked there and then apparently they found it on his laptop later. — Kevin Mitnick

Penetrating a company's security often starts with the bad guy obtaining some piece of information that seems so innocent, so everyday and unimportant, that most people in the organization don't see any reason why the item should be protected and restricted. — Kevin Mitnick

When I was in prison, a Colombian drug lord, offered me $5 million in cash to manipulate a computer system so that he would be released. I turned him down. — Kevin Mitnick

Social engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker. — Kevin Mitnick

The explosion of companies deploying wireless networks insecurely is creating vulnerabilities, as they think it's limited to the office - then they have Johnny Hacker in the parking lot with an 802.11 antenna using the network to send threatening emails to the president! — Kevin Mitnick

Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business. — Kevin Mitnick

Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive. — Kevin Mitnick

A typical call in one of my routines went like this: Me: What city, please? Caller: Providence. Me: What is the name, please? Caller: John Norton. Me: Is this a business or a residence? Caller: Residence. Me: The number is 836, 5 one-half 66. At this point the caller was usually either baffled or indignant. Caller: How do I dial one-half?! Me: Go pick up a new phone that has uh-half on it. The reactions I got were hilarious. — Kevin D. Mitnick

While the Texas prison officials remained in the dark about what was going on, they were fortunate that William and Danny had benign motives. Imagine what havoc the two might have caused; it would have been child's play for these guys to develop a scheme for obtaining money or property from unsuspecting victims. The Internet had become their university and playground. Learning how to run scams against individuals or break in to corporate sites would have been a cinch; teenagers and preteens learn these methods every day from the hacker sites and elsewhere on the Web. And as prisoners, Danny and William had all the time in the world.

Maybe there's a lesson here: Two convicted murderers, but that didn't mean they were scum, rotten to the core. They were cheaters who hacked their way onto the Internet illegally, but that didn't mean they were willing to victimize innocent people or naively insecure companies. — Kevin D. Mitnick

Hacking is exploiting security controls either in a technical, physical or a human-based element. — Kevin Mitnick

Should we fear hackers? Intention is at the heart of this discussion. — Kevin Mitnick

So the ethic I was taught in school resulted in the path I chose in my life following school. — Kevin Mitnick

The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully. — Kevin Mitnick

Nine out of every 10 large corporations and government agencies have been attacked by computer intruders. — Kevin Mitnick

I keep my stuff updated all the time. Being in the security industry, I keep up to date with securities. — Kevin Mitnick

The intent of the individuals who created the DDoS attacks has nothing to do with hacking, and they are vandals, not hackers. — Kevin Mitnick

Every hacker is to some extent a rebel who lives by different standards and enjoys beating the system. — Kevin D. Mitnick

The perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess. — Kevin Mitnick

the Feds had also found Netcom's customer database that contained more than 20,000 credit card numbers on my computer, but I had never attempted to use any of them; no prosecutor would ever be able to make a case against me on that score. I have to admit, I had liked the idea that I could use a different credit card every day for the rest of my life without ever running out. But I'd never had any intention of running up charges on them, and never did. That would be wrong. My trophy was a copy of Netcom's customer database. Why is that so hard to understand? Hackers and gamers get it instinctively. Anyone who loves to play chess knows that it's enough to defeat your opponent. You don't have to loot his kingdom or seize his assets to make it worthwhile. — Kevin D. Mitnick

Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail. — Kevin Mitnick

Since most users choose a password that is either a name or a simple dictionary word, an attacker usually begins by setting 10phtCrack (or whatever program he's using) to perform a "dictionary attack" - testing every word in the dictionary to see if it proves to be the user's password. If the program doesn't have any success with the dictionary attack, the attacker will then start a "brute-force attack," in which case the program tries every possible combination (for example, AAA, AAB, AAC ... ABA, ABB, ABC, and so on), then tries combinations that include uppercase and lowercase, numerals, and symbols. — Kevin D. Mitnick

Businesses should absolutely set aside funding in their budgets for security consultants. Unless there is an expert on staff, and there usually is not, it needs to be outsourced. — Kevin Mitnick

I don't condone anyone causing damage in my name, or doing anything malicious in support of my plight. There are more productive ways to help me. As a hacker myself, I never intentionally damaged anything. — Kevin Mitnick

Steve Wozniak and Steve Jobs founded Apple Inc, which set the computing world on its ear with the Macintosh in 1984. — Kevin Mitnick

Right away, I invited on guests like Steve Wozniak, John Draper, and even porn star Danni Ashe, who took her top off in the studio to show us all how hot she was. (Listen up, Howard Stern, I'm following in your footsteps!) — Kevin D. Mitnick

If hackers, if anyone committing a criminal act, wants to reduce their risk, they obviously don't involve anybody else. The greater the circle of people that know what you're doing, the higher the risk. — Kevin Mitnick

I went to prison for my hacking. Now people hire me to do the same things I went to prison for, but in a legal and beneficial way. — Kevin D. Mitnick

So what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock. — Kevin Mitnick

I was hooked in before hacking was even illegal. — Kevin Mitnick

New security loopholes are constantly popping up because of wireless networking. The cat-and-mouse game between hackers and system administrators is still in full swing. — Kevin Mitnick

One noted software libertarian, Richard Stallman, even refused to protect his account with a password. — Kevin D. Mitnick

My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims. — Kevin Mitnick

I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we've always found a hole. — Kevin Mitnick

My hacking was all about becoming the best at circumventing security. So when I was a fugitive, I worked systems administrator jobs to make money. I wasn't stealing money or using other people's credit cards. I was doing a 9-to-5 job. — Kevin Mitnick

The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care. — Kevin Mitnick

knowing you're smarter than somebody and you can beat them. And that, in our case, it was gonna make us some money. — Kevin D. Mitnick

I wasn't a hacker for the money, and it wasn't to cause damage. — Kevin Mitnick

My primary goal of hacking was the intellectual curiosity, the seduction of adventure. — Kevin Mitnick

I went from being a kid who loved to perform magic tricks to becoming the world's most notorious hacker, feared by corporations and the government. — Kevin Mitnick

I was an accomplished computer trespasser. I don't consider myself a thief. I copied without permission. — Kevin Mitnick

There is no patch for stupidity. — Kevin Mitnick

Somebody could send you an office document or a PDF file, and as soon as you open it, it's a booby trap and the hacker has complete control of your computer. Another major problem is password management. People use the same password on multiple sites, so when the hacker compromises one site, they have your password for everywhere else. — Kevin Mitnick

I love solving puzzles, I love finding my way around obstacles, and I love learning new things about technology. — Kevin Mitnick

The Patriot Act is ludicrous. Terrorists have proved that they are interested in total genocide, not subtle little hacks of the U.S. infrastructure, yet the government wants a blank search warrant to spy and snoop on everyone's communications. — Kevin Mitnick

Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause. — Kevin Mitnick

A hacker doesn't deliberately destroy data or profit from his activities. — Kevin Mitnick

When an attacker fails with one person, they often go to another person. The key is to report the attack to other departments. Workers should know to act like they are going along with what the hacker wants and take copious notes so the company will know what the hacker is trying to find. — Kevin Mitnick

A log-in simulator is a program to trick some unknowing user into providing their user name and password. — Kevin Mitnick

If I needed to know about a security exploit, I preferred to get the information by accessing the companies' security teams' files, rather than poring over lines of code to find it on my own. It's just more efficient. — Kevin Mitnick

Being on the run wasn't fun, but it was something I had to do. I was actually working in legitimate jobs. I wasn't living on people's credit cards. I was living like a character out of a movie. It was performance art. — Kevin Mitnick

The key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network. — Kevin Mitnick

I saw myself as an electronic joy rider. — Kevin Mitnick

I characterize myself as a retired hacker. I'm applying what I know to improve security at companies. — Kevin Mitnick

When somebody asks for a favor involving information, if you don't know him or can't verify his identity, just say no. — Kevin Mitnick

You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk. — Kevin Mitnick

The Internet is like the phone. To be without it is ridiculous. — Kevin Mitnick

Anyone who thinks that security products alone offer true security is settling for the illusion of security. — Kevin D. Mitnick

Not being allowed to use the Internet is kind of like not being allowed to use a telephone. — Kevin Mitnick

Our Constitution requires that the accused be presumed innocent before trial, thus granting all citizens the right to a bail hearing, where the accused has the opportunity to be represented by counsel, present evidence, and cross-examine witnesses. — Kevin Mitnick

Think about it: if you were running a multi-million dollar company, and your database of customer information was stolen, would you want to tell your clients? No. Most companies did not until the laws required them to. It's in the best interest of organisations - when they're attacked and information is stolen - to tell nobody. — Kevin Mitnick

It's true, I had hacked into a lot of companies, and took copies of the source code to analyze it for security bugs. If I could locate security bugs, I could become better at hacking into their systems. It was all towards becoming a better hacker. — Kevin Mitnick

My hacking involved pretty much exploring computer systems and obtaining access to the source code of telecommunication systems and computer operating systems, because my goal was to learn all I can about security vulnerabilities within these systems. — Kevin Mitnick

The Americans are the most gullible, because they don't like to deny co-workers' requests. — Kevin Mitnick

Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees. — Kevin Mitnick

Social engineers veil themselves in a cloak of believability. — Kevin Mitnick

I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list. — Kevin Mitnick

When I was being moved, a deputy U.S. Marshal with a Southern accent so thick it sounded like he was doing a bad parody of a Good Ol' Boy sheriff laughed and said, "You're the only prisoner we ever had that got booted out of jail! — Kevin D. Mitnick

The maximum sentence was twenty years for each free phone call. Twenty years for each call! I was facing a worst-case scenario of 460 years. — Kevin D. Mitnick

A lot of companies are clueless, because they spend most or all of their security budget on high-tech security like fire walls and biometric authentication - which are important and needed - but then they don't train their people. — Kevin Mitnick

You can't go to Windows Update and get a patch for stupidity. — Kevin Mitnick

I don't know of any case that involves computer hacking where there were multiple defendants charged where there wasn't an informant on the case. — Kevin Mitnick

Usually companies hire me, and they know full well who I am, and that's one of the reasons they want to hire me. — Kevin Mitnick

F_k being a script kiddie if you can avoid it - be a hacker. — Kevin D. Mitnick

Choosing a hard-to-guess, but easy-to-remember password is important! — Kevin Mitnick

I got so passionate about technology. Hacking to me was like a video game. It was about getting trophies. I just kept going on and on, despite all the trouble I was getting into, because I was hooked. — Kevin Mitnick

As a young boy, I was taught in high school that hacking was cool. — Kevin Mitnick

But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people. — Kevin Mitnick

One of my all-time favorite pranks was gaining unauthorized access to the telephone switch and changing the class of service of a fellow phone phreak. When he'd attempt to make a call from home, he'd get a message telling him to deposit a dime, because the telephone company switch received input that indicated he was calling from a pay phone. — Kevin Mitnick

The first programming assignment I had in high school was to find the first 100 Fibonacci numbers. Instead, I thought it would be cooler to write a program to get the teacher's password and all the other students' passwords. And the teacher gave me an A and told the class how smart I was. — Kevin Mitnick

Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically. — Kevin Mitnick

I started with CB radio, ham radio, and eventually went into computers. And I was just fascinated with it. And back then, when I was in school, computer hacking was encouraged. It was an encouraged activity. In fact, I remember one of the projects my teacher gave me was writing a log-in simulator. — Kevin Mitnick

I get hired to hack into computers now and sometimes it's actually easier than it was years ago. — Kevin Mitnick

People are prone to taking mental shortcuts. They may know that they shouldn't give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure - all these are triggers, which can be used by a social engineer to convince a person to override established security procedures. — Kevin Mitnick

In the security community, this letter is known by all as a "get-out-of-jail-free card." Pen testers tend to be very conscientious about making sure they always have a copy of the letter with them when they're on or anywhere near the premises of the client company, in case they get stopped by a security guard who decides to flex some muscle and impress the higher-ups with his gumshoe instincts, or challenged by a conscientious employee who spots something suspicious and has enough gumption to confront the pen tester. — Kevin D. Mitnick

The hacker mindset doesn't actually see what happens on the other side, to the victim. — Kevin Mitnick

I was addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses. — Kevin Mitnick

I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access. — Kevin Mitnick

Both social engineering and technical attacks played a big part in what I was able to do. It was a hybrid. I used social engineering when it was appropriate, and exploited technical vulnerabilities when it was appropriate. — Kevin Mitnick

To have transactions made on your web site via credit card, you must be PCI compliant. Businesses make the mistake of thinking that because you passed the requirements and are PCI certified, you are immune to attacks. — Kevin Mitnick

I was pretty much the government's poster boy for what I had done. — Kevin Mitnick

The hacking trend has definitely turned criminal because of e-commerce. — Kevin Mitnick

A lot of individuals out there carry a lot of proprietary information on their mobile devices, and they're not protected. It's a very target-rich environment. — Kevin Mitnick

For a long time, I was portrayed as the Osama bin Laden of the Internet, and I really wanted to be able to tell my side of the story. I wanted to be able to explain exactly what I did and what I didn't do to people who thought they knew me. — Kevin Mitnick

Sometimes I get a call from my bank, and the first thing they ask is, 'Mr. Mitnick, may I get your account number?' And I'll say, 'You called me! I'm not giving you my account number!' — Kevin Mitnick

Every time some [developer] says, 'Nobody will go to the trouble of doing that,' there's some kid in Finland who will go to the trouble. — Kevin D. Mitnick

It doesn't work the same way everywhere. The Americans are the most gullible, because they don't like to deny co-workers' requests. People in the former Soviet bloc countries are less trusting, perhaps because of their previous experiences with their countries' secret services. — Kevin Mitnick

Computer hacking really results in financial losses and hassles. The objectives of terrorist groups are more serious. That is not to say that cyber groups can't access a telephone switch in Manhattan on a day like 9/11, shut it down, and therefore cause more casualties. — Kevin Mitnick

But have you ever felt that something was so good it couldn't possibly last? — Kevin D. Mitnick